windows explorer is closing by itself

Hi and welcome to the Daniweb forums :).

==========

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

• Open Windows Defender
• Click Tools
• Click General Settings
• Scroll down to Real Time Protection Options
• Uncheck Turn on Real Time Protection (recommended)
• After you uncheck this, click on the Save button
• Close Windows Defender

===============

Scan with HijackThis and then place a check next to all the following, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {E2222049-CC5E-457D-8D62-28114DBA7B8E} - C:\Windows\system32\iiFXomnL.dll

O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

O13 - Gopher Prefix:

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\Windows\system32\iiFXomnL.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

i still cant delete the iiFXomnL.dll after logging in, in safemode. and the symptoms are still occuring.. here's the results

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:01 PM, on 5/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\DAP\DAP.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TweakMASTER\TMTray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.friendster.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ph.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ph.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = oOpsMan_26
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 209.11.168.113 www.friendster.com
O1 - Hosts: 64.233.189.165 pagead2.googlesyndication.com
O1 - Hosts: 209.11.168.112 profiles.friendster.com
O1 - Hosts: 81.21.145.22 www.symantecstore.com
O1 - Hosts: 64.86.106.98 ftp.symantec.com
O1 - Hosts: 64.233.189.147 www.google.com.ph
O1 - Hosts: 65.175.79.82 forums.legitreviews.com
O1 - Hosts: 209.85.66.220 dg.specificclick.net
O1 - Hosts: 64.74.243.14 www.grisoft.com
O1 - Hosts: 202.78.87.72 www.symantec.com
O1 - Hosts: 212.67.88.87 free.grisoft.com
O1 - Hosts: 216.239.122.225 www.download.com
O1 - Hosts: 216.73.86.52 ad.doubleclick.net
O1 - Hosts: 216.239.116.76 software-files.download.com
O1 - Hosts: 202.78.87.74 i.d.com.com
O1 - Hosts: 216.239.116.65 bwp.download.com
O1 - Hosts: 209.87.209.206 www.zonealarm.com
O1 - Hosts: 72.32.152.172 www.zoombli.com
O1 - Hosts: 202.78.87.73 images.friendster.com
O1 - Hosts: 85.17.140.215 www.crack.ms
O1 - Hosts: 63.218.226.67 www.worlddatinghere.com
O1 - Hosts: 85.17.140.216 crackstorage.com
O1 - Hosts: 222.35.72.168 www.9down.com
O1 - Hosts: 202.78.87.72 download.zonealarm.com
O1 - Hosts: 64.156.82.109 www.limewire.com
O1 - Hosts: 64.156.82.101 www9.limewire.com
O1 - Hosts: 195.110.8.66 www.babesdosage.com
O1 - Hosts: 146.82.205.97 tour.brazzers.com
O1 - Hosts: 64.7.203.69 hostedads.realitykings.com
O1 - Hosts: 66.114.51.39 newt1.adultadworld.com
O1 - Hosts: 67.202.64.142 www.needtwat.com
O1 - Hosts: 66.35.192.168 adtology.com
O1 - Hosts: 67.228.38.183 www.hornyandhappy.com
O1 - Hosts: 66.35.192.168 srv.etology.com
O1 - Hosts: 64.72.126.51 www.jizzhut.com
O1 - Hosts: 216.17.109.95 www.qmov.com
O1 - Hosts: 66.165.186.100 promos.fling.com
O1 - Hosts: 69.22.133.70 www.deliciousmovies.com
O1 - Hosts: 216.195.44.202 porn.clipsgasm.com
O1 - Hosts: 207.226.167.154 mybunnygirls.com
O1 - Hosts: 82.192.69.118 www.moviefiledownloads.com
O1 - Hosts: 216.163.137.32 adultdotcom.spicetv.com
O1 - Hosts: 75.126.64.73 www.winmatrix.com
O1 - Hosts: 71.139.244.137 www.blackviper.com
O1 - Hosts: 74.200.66.167 www.qloud.com
O1 - Hosts: 64.13.232.125 facebook.userplane.com
O1 - Hosts: 64.233.189.99 images.google.com.ph
O1 - Hosts: 69.59.191.40 www.downelink.com
O1 - Hosts: 198.172.81.21 www.deviantart.com
O1 - Hosts: 198.172.81.21 browse.deviantart.com
O1 - Hosts: 198.172.81.21 bucuresticlub.deviantart.com
O1 - Hosts: 198.172.81.21 onutzac.deviantart.com
O1 - Hosts: 198.172.81.34 adcast.deviantart.com
O1 - Hosts: 208.70.8.27 subtracts.userplane.com
O1 - Hosts: 208.111.144.95 cache.static.userplane.com
O1 - Hosts: 209.191.86.115 ph.f386.mail.yahoo.com
O1 - Hosts: 124.108.125.237 ph.yahoo.com
O1 - Hosts: 66.150.161.57 www.sfogs.com
O1 - Hosts: 207.195.170.10 myusm.com
O1 - Hosts: 72.14.207.191 blastingvolume.blogspot.com
O1 - Hosts: 72.14.223.191 www.blogger.com
O1 - Hosts: 207.171.191.252 entrecard.s3.amazonaws.com
O1 - Hosts: 75.125.107.162 entrecard.com
O1 - Hosts: 69.80.227.79 sfogs.freehostia.com
O1 - Hosts: 72.232.214.19 sfogsreturns.com
O1 - Hosts: 72.52.220.46 www.ccleaner.com
O1 - Hosts: 74.53.121.66 www.filehippo.com
O1 - Hosts: 212.143.22.56 212.143.22.56
O1 - Hosts: 212.143.22.60 ad4.speedbit.com
O1 - Hosts: 85.17.211.129 fs4.filehippo.com
O1 - Hosts: 85.17.45.94 crusaders.crack-cd.com
O1 - Hosts: 63.209.24.149 iframe.adultfriendfinder.com
O1 - Hosts: 216.34.32.118 banners.passion.com
O1 - Hosts: 85.17.65.7 xmirror.us
O1 - Hosts: 74.50.11.40 www.funpcgame.com
O1 - Hosts: 209.87.178.183 www.regnow.com
O1 - Hosts: 198.63.211.246 www.alawar.com
O1 - Hosts: 66.119.213.9 findfiles.com
O1 - Hosts: 64.111.217.2 www.fulldownloads.us
O1 - Hosts: 8.14.147.111 www.crackserialkeygen.com
O1 - Hosts: 38.114.169.216 www.sharingzone.net
O1 - Hosts: 213.239.213.140 www.freesoft08.com
O1 - Hosts: 213.239.213.140 www.appz-games-121.com
O1 - Hosts: 66.246.72.50 www.freedownloadscenter.com
O1 - Hosts: 206.251.77.202 game.wareseeker.com
O1 - Hosts: 195.122.131.20 rapidshare.com
O1 - Hosts: 62.67.50.75 rs274l3.rapidshare.com
O1 - Hosts: 88.80.7.99 www.torrentz.com
O1 - Hosts: 76.13.212.11 ad.adnetinteractive.com
O1 - Hosts: 69.55.50.28 www.downloadprofessional.com
O1 - Hosts: 66.29.46.42 www.btmon.com
O1 - Hosts: 85.214.90.176 85.214.90.176
O1 - Hosts: 85.17.223.193 w13.easy-share.com
O1 - Hosts: 38.102.33.180 www.rapidshareddl.com
O1 - Hosts: 64.128.87.133 delusions.sharezone.hop.clickbank.net
O1 - Hosts: 206.190.52.34 aa.mg2.mail.yahoo.com
O1 - Hosts: 68.142.194.14 messenger.yahoo.com
O1 - Hosts: 203.119.4.28 www.sagay.com.ph
O1 - Hosts: 208.73.212.12 searchportal.information.com
O1 - Hosts: 203.119.4.19 www.domains.ph
O1 - Hosts: 124.108.120.244 asia.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C7230B2-CF1C-4BA4-B9C4-F88333181F0E} - C:\Windows\system32\iiFXomnL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TweakMASTER\TweakBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\DAP\DAP.exe" /STARTUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TweakMASTER] "C:\PROGRA~1\TweakMASTER\TMTray.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXRHaww.dll,#1
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: SpywareBlaster.lnk = D:\SpywareBlaster\spywareblaster.exe
O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TweakMASTER\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O15 - Trusted Zone: http://profiles.friendster.com
O15 - Trusted Zone: http://www.friendster.com
O15 - Trusted Zone: http://www.google.com.ph
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C938239-F43A-4CCA-85FB-C25811487C0E}: NameServer = 210.4.2.9 202.78.97.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C938239-F43A-4CCA-85FB-C25811487C0E}: NameServer = 210.4.2.9 202.78.97.41
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 13164 bytes

i still cant delete the iiFXomnL.dll after logging in, in safemode.

Still? Were you trying to delete it before you started this thread? Should have mentioned it if you were as I would have posted something different.

==

Download Avenger by Swandog and unzip it to your Desktop.

Note: This program must be run from an account with Administrator privileges.

[*]Open the Avenger folder and double click Avenger.exe to launch the programme.
[*]Copy the text in the code box below and Paste it into the Input script here: box.

Files to delete:
C:\Windows\system32\iiFXomnL.dll

• Note: the above code was created specifically for this user. If you are not this user, do

NOT follow these directions as they could damage the workings of your system.

[*]Ensure the following:

• Scan for Rootkits is checked.
• Automatically disable any rootkits found is Unchecked.

[*]Press the Execute key.
[*]Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
[*]Post the log back here please. (it can also be found at C:\avenger.txt)

New hijackthis log too please.