Explorer.exe keeps crashing and keeps rebooting. No viruses showing up i am completely stumped on this one. my hijack this log is attached at the bottom if u could help me rid my comp of this id be forever grateful.

We would prefer that you copy/paste logs rather than attach them.
Since you are not running an anti-virus program and I see several entries for Bitcomet you are taking a real chance not running an anti-virus program.
Please do the following;
Please Download ATF-Cleaner.exe by Atribune

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the Computer.
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Run a new HJT full system scan and save the log.
Post back here and Copy/Paste all logs saved here.
Judy

he the whole thing just reboots without warning real often it could be a cpu overheating. Google download and run hdd health or check in your bios if you know how. Let me know how it turns out.

thanks hotmatrixxx it wasnt that. i ran that antimalware
Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

11/18/2008 7:52:45 PM
mbam-log-2008-11-18 (19-52-40).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|I:\|)
Objects scanned: 51584
Time elapsed: 29 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccaWMeF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkHwTKB.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21475d51-3c43-4e70-a6bb-8726de4084bf} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21475d51-3c43-4e70-a6bb-8726de4084bf} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhwtkb (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49e0e0f0-5c30-11d4-945d-000000000000} (Spyware-Logger.Unknown) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e6280729-9251-41d7-bc1c-572c9548c962} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccawmef -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccawmef -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fccaWMeF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FeMWaccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FeMWaccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkHwTKB.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\QU44IT3E\upd[1] (Trojan.Vundo) -> No action taken.

i had 30 dang viruses got rid of em all deleted them from quaritene i will do the online scanner now. and btw the problem has stopped but im gunna make sure they wont come back

How did you delete them all? Your log shows

No action taken.

on ALL listed.
Did you run the program again and have it fix or did you manually do it? You should use the MBA-M program to do the fixing as instructed

* Be sure that everything is checked, and click Remove Selected.

excellent. just hit the "mark as solved" button on the thread so that others know you fixed it, and can either come here for help or know you don't need help at the moment.

excellent. just hit the "mark as solved" button on the thread so that others know you fixed it, and can either come here for help or know you don't need help at the moment.

Who are you replying to? The original poster has NOT returned for 8 days to respond to my question asking him if he DID tell the MBA-M program to apply the fixes or if he has run the program again. This thread is NOT solved, we don't know the outcome.
Judy

"i had 30 dang viruses got rid of em all deleted them from quaritene i will do the online scanner now. and btw the problem has stopped but im gunna make sure they wont come back",

AND he hasn't been back for over a week?...

These were his only posts.(newbe poster, 2 posts total) he has been, got his help, and gone. logic dictates the suggestion, but don't quote me on that.

I am not going to get into a contest here. But doesn't matter if he is a new poster or how many posts he has. Since I was the one working with him, I cannot, in all good conscience say this thread is solved. This is NOT for him, but for others with the same problem who search this out, and end up clicking on this thread and decide since somebody says the thread is solved will then take the same incorrect route as this original poster. To all those people, it is not solved.
His last post showed an MBA-M log without any action taken. He said at the bottom;

"i had 30 dang viruses got rid of em all deleted them from quaritene i will do the online scanner now. and btw the problem has stopped but im gunna make sure they wont come back",

He does NOT state what quarantine...MBA-M, an anti-virus program, some other program he ran...nothing. He also does not state how he is going to make sure they don't come back. But since his logs do NOT show an anti-virus program nor a firewall on the computer BUT does show BitComet, a P2P file sharing program, then the place to start was as I had him do, not assuming the cpu was overheating. He did check what you suggested and that was not the case. He DID run MBA-M which found 13 instances of the Vundo Trojan and various Adware, a Trojan dialer, a Spyware Logger which can be getting his passwords, bank account numbers, etc, not viruses as he states. So we cannot be certain that he removed the same things as noted in that MBA-M log. Those would have been removed IF he selected Remove Selected. But we do not know that he did that. Many times additional fixes must be applied AFTER fixes are completed with MBA-M to be certain the Vundo infection is completely gone, depends how badly the computer was infected. But we DON'T know if these would have been necessary because the original poster did not return.
We cannot assume that he did not return because the problem was fixed. He may not have returned because of incorrect or incomplete fixing which caused damage to the computer.
I for one won't give the poster the notification that the problem is solved until I can see all those logs CLEAN. There are many, many times that after running one or two clean up programs the original problem seems to disappear but this doesn't say the infection is 100% cleaned out. We have to see those logs to be assured enough to say, yes it is clean. So for me, no, until I can see those I won't say the problem is solved. Partially maybe but I can't say that with complete assurance, so I won't. And until the poster installs some security programs on his computer, an anti-virus program and a firewall at the very least, then there is no way for him to

make sure they wont come back

Judy

jholland1964/Judy,

Thanks for not closing this yet.
I am having the same issue.
I am following your instructions to Mr_Onyx69 & will post my log from the ESET Online Scanner as well as a new HJT log.

Hi jistoj and welcome to daniweb.
Once you have completed all the steps you should create your OWN thread, by clicking the Start New Thread button on the upper left side of the page just above the thread list, (see attachment) with a title that will convey to others what your problem is, like Crashing Explorer.exe and then give us the full information on what happens, when it happens, etc. Then list the steps you have taken and post the logs in your new thread. I will keep my eye out for it and take a look.
Just makes it easier on all if only one person's problems are worked on per thread.
Judy

I appologize that i never returned. The problem went away but my computer got super slow and etc. etc. So we wiped the drive and everything (thus loosing my link to this site but i found it today). And i did delete those things i had just got the log before i did it. I now have Bitdefender 2009 and it works great for protection but i usually turn it off when im gaming or something of that sort due to lag ingame. And i happened to get viruses again which come to find out came from the game and now computer is doing it again its same viruses that got me vundo mainly and one called Win32.zafi.b which a thing keeps popping up saying your computer needs protection or something like that from Win32.zafi.b and click here for protection which leads to a product called Defender. Which means Bitdefender. And i still had malwarebytes anti-malware still on isnt able to get rid of this thing i dont know what to do. My computer is fine now just this thing keeps popping up and its slowing my computer.

Nevermind got rid of it.. All is well and the instructions to fix this problem work. If you restart your computer all is well again or just go open task manager and click run and explorer.exe and baam it doesnt flicker on and off.

Nevermind got rid of it.. All is well and the instructions to fix this problem work. If you restart your computer all is well again or just go open task manager and click run and explorer.exe and baam it doesnt flicker on and off.

Yeah, but that is a painful thing to do all of the time...

So i think you would want to get it fixed.

Cohen

click here for protection which leads to a product called Defender. Which means Bitdefender.

Sorry, don't agree here, if it meant BitDefender it would say BitDefender.
You haven't removed the problem if you keep having to end it in taskmanager.
Turning off BitDefender is never a good idea. You are taking a real chance by not actually trying to remove this infection. Update BitDefender and run a scan with it and see if it will remove it.

Bit defender HAS an in-game mode that lowers the firewall settings but maintains AV protection. It's a one-click, too. (rightclick the taskbar icon, it's in that menu)