Hi Wesley,
I think you may have mis-understood my meaning.
I not only have TWO explorer.exe, there are actually THREE.
1. C:\WINDOWS\explorer.exe
2. C:\WINDOWS\system32\dllcache\explorer.exe
3. C:\WINDOWS\system32\explorer.exe
#1 & #2 is the same file with version 6.0.2600.0 & size 977KB.
#3 has no version tab page & its size is 84KB only.
Here is the screen-shot of its look:
http://blueboy1.hp.infoseek.co.jp/explorer_bad.jpg
I've zipped & uploaded that explorer.exe here, you may download &
take a look:
http://blueboy1.hp.infoseek.co.jp/explorer.zip
And the explorer.exe that is written in this registry key of my
registry is: H_L_M\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon
Shell REG_SZ
C:\windows\system32\explorer.exe
And there are TWO explorer.exe running in my Task Manager, they are
#1 & #3.
Do you have any idea about that strange explorer.exe?
Can I delete that file directly? What should I do to solve this
problem?
Thanks in advance!
Jerry
"Wesley Vogel" <
[email protected]>
???????:AO6vc.28232$pt3.23813@attbi_s03...
Hi Jerry,
Reboot, if you haven't since removing, and run HijackThis again and
see what it finds. Some of this stuff is like the plague, it keeps
coming back.
Post your new HijackThis log at your link.
Did I see a Firewall?
You *should* have two explorer.exes
C:\WINDOWS\explorer.exe
and
C:\WINDOWS\system32\dllcache\explorer.exe
File version: 6.0.2800.1106
Size: 980 KB (1,004,032 bytes)
================
The explorer.exe that should be running is in this registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon Shell REG_SZ
Explorer.exe ===========
Something you can try.
This opens Task Manager:
Ctrl + Shift + Esc | Highlight: explorer.exe | End Process
button
Answer Yes |
You lose everthing except your Desktop wallpaper.
If that doesn't happen | repeat for the other explorer.exe |
When you do lose everything | With the Task Manager open | File |
New Task (Run..) |
Type: explorer.exe | OK |
Your Desktop and Taskbar will reappear.
Don't try to delete either one. XP won't let you anyhow.
You probably still have crapware on your system.
--
Hope this helps. Let us know.
Wes
In Jerry McMorran <
[email protected]> hunted and pecked:
Thanks, Wesley.
I've removed those unnecessary scumwares.
What should I do with explorer.exe now?
Jerry
"Wesley Vogel" <
[email protected]>
???????:ZnNuc.26230$4A6.18533@attbi_s52...
Jerry,
Number one, after looking over your HijackThis log, you have
stuff you may niether want or need. You have lots of SCUMWARE!!!
Here are just a few:
C:\WINDOWS\System32\ctfmon.exe {Not scumware, but a resource
waster if you don't need it}
OFFXP: What Is CTFMON and What Does It Do?
http://support.microsoft.com/default.aspx?scid=kb;en-us;282599
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
FlashGet
http://www.pestpatrol.com/pestinfo\f\flashget.asp
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} -
C:\Program Files\Comet\Bin\csbho.dll
Comet Cursor
http://www.doxdesk.com/parasite/CometCursor.html
O2 - BHO: (no name) - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} -
C:\WINDOWS\System32\amcis.dll
Aureate
http://www.pestpatrol.com/pestinfo/a/aureate.asp
O3 - Toolbar: Comet Toolbar -
{FE6BC4EF-5676-484B-88AE-883323913256} - C:\Program
Files\Comet\Bin\csietb.dll
Comet Cursor
http://www.doxdesk.com/parasite/CometCursor.html
O3 - Toolbar: FlashGet Bar -
{E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
FlashGet
http://www.pestpatrol.com/PestInfo/f/flashget.asp
============
You may find this useful.
HijackThis Log Tutorial
http://www.aumha.org/a/hjttutor.htm
Here's another one that may be useful
http://www.google.com/
--
Hope this helps. Let us know.
Wes
In Jerry McMorran <
[email protected]> hunted and pecked:
Hi all,
I'm using WinXP Pro.
When I opened the task manager, I found 2 instances of
explorer.exe. After further investigation, one is the normal one
C:\windows\explorer.exe, one is C:\windows\system32\explorer.exe
I'm afraid of directly deleting that strange one from my hard
disk because I don't know whether it is really normal or not.
When I searched the registry with the string
"system32\explorer.exe", only one result is found:
Location = HLM\software\Microsoft\Windows
NT\CurrentVersion\Winlogon Name = Shell
Value = c:\windows\system32\explorer.exe
By the way, I heard from some BBS that the software StyleXP is
related to "system32\explorer.exe". And as I'm using StyleXp
too, I really don't know whether I should manually delete that
"system32\explorer.exe" or not.
Could someone help me?
I've put all the information of my investigation here, see if
you have any idea:
http://blueboy1.hp.infoseek.co.jp/investigation.htm
Thanks in advance!
Jerry McMorran
