Solved: Explorer crashes then restarts...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

3bd321z

Thread Starter
It's My Birthday!
Joined
Mar 7, 2006
Messages
5
I first noticed that explorer would crash a few weeks ago after I stumbled across an infected .wmf file while surfing the net. I was logged in under my limited account and my anti-virus detected the .wmf but it could not take action, I believe due to the fact I use system restore. I finally was able to delete the .wmf after which I ran several different scans and could not detect anything except Microsoft (R) HTML Application host had been altered (24,576 bytes to 24,064 bytes), so I replaced the file (note: explorer was already crashing before this point). The only time it seems to crash is once in a while when I click on My Document, Control Panel, My Pictures etc...

Logfile of HijackThis v1.99.1
Scan saved at 8:19:13 PM, on 3/7/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Plug-in 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -
O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll


Thanks!
 

3bd321z

Thread Starter
It's My Birthday!
Joined
Mar 7, 2006
Messages
5
Also here is a log of my services...

Name Startup Type
Application Layer Gateway Service Manual
Application Management Manual
Automatic Updates Disabled
Background Intelligent Transfer Service Manual
ClipBook Disabled
COM+ Event System Disabled
COM+ System Application Disabled
Cryptographic Services Automatic
DHCP Client Automatic
Distributed Link Tracking Client Disabled
Distributed Transaction Coordinator Disabled
DNS Client Disabled
Error Reporting Service Disabled
Event Log Automatic
Fast User Switching Compatibility Disabled
Fax Automatic
Help and Support Automatic
Human Interface Device Access Disabled
IMAPI CD-Burning COM Service Manual
Indexing Service Disabled
InstallDriver Table Manager Disabled
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) Automatic
IPSEC Services Disabled
Logical Disk Manager Disabled
Logical Disk Manager Administrative Service Disabled
MS Software Shadow Copy Provider Disabled
NetMeeting Remote Desktop Sharing Disabled
Network Connections Manual
Network DDE Disabled
Network DDE DSDM Disabled
Network Location Awareness (NLA) Manual
Performance Logs and Alerts Disabled
Plug and Play Automatic
Portable Media Serial Number Service Disabled
Print Spooler Automatic
Protected Storage Disabled
QoS RSVP Disabled
Remote Access Auto Connection Manager Disabled
Remote Access Connection Manager Manual
Remote Desktop Help Session Manager Disabled
Remote Procedure Call (RPC) Automatic
Remote Registry Disabled
Removable Storage Disabled
Routing and Remote Access Disabled
Secondary Logon Automatic
Security Accounts Manager Disabled
Shell Hardware Detection Disabled
Smart Card Disabled
Smart Card Helper Disabled
SSDP Discovery Service Disabled
System Event Notification Automatic
System Restore Service Automatic
Task Scheduler Disabled
TCP/IP NetBIOS Helper Disabled
Telephony Manual
Telnet Disabled
Terminal Services Disabled
Themes Automatic
Uninterruptible Power Supply Disabled
Universal Plug and Play Device Host Disabled
Upload Manager Disabled
Volume Shadow Copy Disabled
WebClient Disabled
Windows Audio Automatic
Windows Image Acquisition (WIA) Automatic
Windows Installer Manual
Windows Management Instrumentation Automatic
Windows Management Instrumentation Driver Extensions Manual
Windows Time Disabled
Windows User Mode Driver Framework Disabled
Wireless Zero Configuration Manual
WMDM PMSP Service Disabled
WMI Performance Adapter Disabled
 
Joined
Dec 28, 2004
Messages
8,256
Please clarify the following:
1. To which program do you refer, explorer.exe or iexplore.exe [ Internet Explorer ]?

2. Please define "crash". Do you mean BSOD? Do you mean blank screen or blank wallpaper? Do you mean "pc turns off"? Do you mean "PC restarts"?

3. Do you have a real Windows XP CD?

4. When is the last time you backed up your important data?

5. Which online AV sites did you use? Please go to www.pandasoftware.com/activescan
Accept the conditions. Save the report. Post it in this thread.

6. When is the last time you obtained Windows XP updates? Did your problem begin within 2 boots of that update?

7. Is this a desktop or laptop?

8. Do you have a floppy drive installed?

9. Do you know how to change the boot order of your computer, so that it will boot from a floppy drive or optical drive?

10. Do you know how to create a bootable optical disk?

RF123
 

3bd321z

Thread Starter
It's My Birthday!
Joined
Mar 7, 2006
Messages
5
I think it did begin after manual update (when trying to apply .wmf patch)
 
Joined
Dec 28, 2004
Messages
8,256
open control panel.
In the upper left area, not corner, does it state "switch or classic view" OR "switch to category view"? We need to use "classic view". open "admin tools". Open "event viewer".
Maximize the screen. On the left, left click on "application". Look, in the right pane, for errors that occurred at the time your computer "crashed".

On the left, left click on "system". Look, in the right pane, for errors that occurred at the time your computer "crashed".

Open the properties for the errors. Please provide the "source", "event ID" and "description".

RF123
 
Joined
Dec 28, 2004
Messages
8,256
Using IE, go to www.microsoft.com/updates
In the upper right area, left click "microsoft update".
Follow the prompts, read and accept the terms.
On the left, when "review your update history" becomes active, left click on it.
Which updates were downloaded & installled?

Which, if any, failed?

RF123
 

3bd321z

Thread Starter
It's My Birthday!
Joined
Mar 7, 2006
Messages
5
Thanks for your reply

1. explorer
2. blank screen or blank wallpaper
3. not on record
4. none except system restore
5. panda
6. I think it did begin after update
7. laptop
8. no floppy
9. yes
10. that I dont think I have done before!
 

3bd321z

Thread Starter
It's My Birthday!
Joined
Mar 7, 2006
Messages
5
Sorry Im not a fast typer. Here is the systems log... (I think I may have tweaked the wrong services. RF123 I think you have done it!)
 

Attachments

Joined
Dec 28, 2004
Messages
8,256
1. System restore does NOT backup any data.

2. Ha Ha. You must be kidding. I think you did NOT type out the system.txt file. If you did, you should have been born 50 years earlier, when typists were in high demand.

3. What have I done?

4. Do you have the Panda report?

5. Which services did you tweak?

6. How did you tweak them?

7. Did you manually obtain the WMF update http://www.microsoft.com/downloads/...96-57ae-499e-b89b-215b7bb4d8e9&DisplayLang=en


or did you make the adjustments posted by someone other than Micro$oft? http://antivirus.about.com/od/virusdescriptions/a/wmfexploit_2.htm

RF123
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top