Explorer.exe keeps crashing and keeps rebooting. No viruses showing up i am completely stumped on this one. my hijack this log is attached at the bottom if u could help me rid my comp of this id be forever grateful.

We would prefer that you copy/paste logs rather than attach them.
Since you are not running an anti-virus program and I see several entries for Bitcomet you are taking a real chance not running an anti-virus program.
Please do the following;
Please Download ATF-Cleaner.exe by Atribune

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.


Reboot the Computer.
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Run a new HJT full system scan and save the log.
Post back here and Copy/Paste all logs saved here.
Judy

he the whole thing just reboots without warning real often it could be a cpu overheating. Google download and run hdd health or check in your bios if you know how. Let me know how it turns out.

thanks hotmatrixxx it wasnt that. i ran that antimalware
Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

11/18/2008 7:52:45 PM
mbam-log-2008-11-18 (19-52-40).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|I:\|)
Objects scanned: 51584
Time elapsed: 29 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccaWMeF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkHwTKB.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21475d51-3c43-4e70-a6bb-8726de4084bf} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21475d51-3c43-4e70-a6bb-8726de4084bf} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhwtkb (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49e0e0f0-5c30-11d4-945d-000000000000} (Spyware-Logger.Unknown) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e6280729-9251-41d7-bc1c-572c9548c962} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccawmef -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccawmef -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fccaWMeF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FeMWaccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FeMWaccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkHwTKB.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\QU44IT3E\upd[1] (Trojan.Vundo) -> No action taken.

i had 30 dang viruses got rid of em all deleted them from quaritene i will do the online scanner now. and btw the problem has stopped but im gunna make sure they wont come back

How did you delete them all? Your log shows on ALL listed.
Did you run the program again and have it fix or did you manually do it? You should use the MBA-M program to do the fixing as instructed

excellent. just hit the "mark as solved" button on the thread so that others know you fixed it, and can either come here for help or know you don't need help at the moment.

Who are you replying to? The original poster has NOT returned for 8 days to respond to my question asking him if he DID tell the MBA-M program to apply the fixes or if he has run the program again. This thread is NOT solved, we don't know the outcome.
Judy

"i had 30 dang viruses got rid of em all deleted them from quaritene i will do the online scanner now. and btw the problem has stopped but im gunna make sure they wont come back",



AND he hasn't been back for over a week?...

These were his only posts.(newbe poster, 2 posts total) he has been, got his help, and gone. logic dictates the suggestion, but don't quote me on that.

I am not going to get into a contest here. But doesn't matter if he is a new poster or how many posts he has. Since I was the one working with him, I cannot, in all good conscience say this thread is solved. This is NOT for him, but for others with the same problem who search this out, and end up clicking on this thread and decide since somebody says the thread is solved will then take the same incorrect route as this original poster. To all those people, it is not solved.
His last post showed an MBA-M log without any action taken. He said at the bottom;
He does NOT state what quarantine...MBA-M, an anti-virus program, some other program he ran...nothing. He also does not state how he is going to make sure they don't come back. But since his logs do NOT show an anti-virus program nor a firewall on the computer BUT does show BitComet, a P2P file sharing program, then the place to start was as I had him do, not assuming the cpu was overheating. He did check what you suggested and that was not the case. He DID run MBA-M which found 13 instances of the Vundo Trojan and various Adware, a Trojan dialer, a Spyware Logger which can be getting his passwords, bank account numbers, etc, not viruses as he states. So we cannot be certain that he removed the same things as noted in that MBA-M log. Those would have been removed IF he selected Remove Selected. But we do not know that he did that. Many times additional fixes must be applied AFTER fixes are completed with MBA-M to be certain the Vundo infection is completely gone, depends how badly the computer was infected. But we DON'T know if these would have been necessary because the original poster did not return.
We cannot assume that he did not return because the problem was fixed. He may not have returned because of incorrect or incomplete fixing which caused damage to the computer.
I for one won't give the poster the notification that the problem is solved until I can see all those logs CLEAN. There are many, many times that after running one or two clean up programs the original problem seems to disappear but this doesn't say the infection is 100% cleaned out. We have to see those logs to be assured enough to say, yes it is clean. So for me, no, until I can see those I won't say the problem is solved. Partially maybe but I can't say that with complete assurance, so I won't. And until the poster installs some security programs on his computer, an anti-virus program and a firewall at the very least, then there is no way for him to Judy

jholland1964/Judy,

Thanks for not closing this yet.
I am having the same issue.
I am following your instructions to Mr_Onyx69 & will post my log from the ESET Online Scanner as well as a new HJT log.