1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PLEASE HELP: How to prevent Explorer.exe from stalling during startup?

Discussion in 'Virus & Other Malware Removal' started by joebc27, Nov 29, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. joebc27

    joebc27 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    3
    After Logging into Windows XP Pro, explorer.exe appears on the Task Manager under Processes, but does not load correctly.

    Although the problem can be fixed by ending the explorer.exe process and then reloading explorer.exe.....

    Does anybody have a clue as to what the heck the problem is... I have tryed Norton AntiVirus Client Secrutiy with Updates, Adware, Spybot, to find out the errors... but these have not helped

    I also did a new install (meaning in a new directory c:\windows1) to the program.. but it occured immediately... after connecting to the internet....

    Also I have been on another computer.....and such problem as occured....

    Below is the After Logging into Windows XP Pro, explorer.exe appears on the Task Manager under Processes, but does not load correctly.

    Although the problem can be fixed by ending the explorer.exe process and then reloading explorer.exe.....

    Does anybody have a clue as to what the heck the problem is... I have tryed Norton AntiVirus Client Secrutiy with Updates, Adware, Spybot, to find out the errors... but these have not helped

    I also did a new install (meaning in a new directory c:\windows1) to the program.. but it occured immediately... after connecting to the internet....

    Also I have been on another computer.....and such problem has occured....

    Hijackthis log text is below and attached


    Thank you

    Logfile of HijackThis v1.97.7
    Scan saved at 5:53:31 PM, on 11/29/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\progra~1\ddm\sysu.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Norton Internet Security Professional\NISUM.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton Internet Security Professional\SymPxSvc.exe
    C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Rudy\LOCALS~1\Temp\Rar$EX00.943\HijackThis.exe
    C:\Program Files\AIM95\aim.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.columbia.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage", "www.columbia.edu"); (C:\Documents and Settings\Rudy\Application Data\Mozilla\Profiles\default\gwa2w171.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Rudy\Application Data\Mozilla\Profiles\default\gwa2w171.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [13076418.exe] C:\WINDOWS\System32\13076418.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "c:\Program Files\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
    O4 - HKLM\..\RunOnce: [sysu] "C:\progra~1\ddm\sysu.exe"
    O4 - Startup: BBCTicker.lnk = C:\Program Files\BBC Ticker\BBCTicker.exe
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37787.4855902778
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     

    Attached Files:

  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    Hi joebc27

    Welcome to TSG!

    I don't know if it is the cause of your explorer problem or not, but you do have a couple of things that need removing.

    This one:

    Is fro Dynamic Desktop Media which is adware and has been known to cause strange behavior.

    Also this one:

    O4 - HKLM\..\Run: [13076418.exe] C:\WINDOWS\System32\13076418.exe

    I can't say for sure what it is, but there are a lot of trojans and malware that put these numeric exe files on machines.


    Run Hijack This again and put a check by these. Close all windows except HijackThis and "Fix checked"

    O4 - HKLM\..\RunOnce: [sysu] "C:\progra~1\ddm\sysu.exe"

    O4 - HKLM\..\Run: [13076418.exe] C:\WINDOWS\System32\13076418.exe

    Restart to safe mode and delete:

    The C:\WINDOWS\System32\13076418.exe file
    The C:\Program Files\ddm folder
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/183422