Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

everything explorer related is crashing[RESOLVED]


  • This topic is locked This topic is locked

#1
Alderman_V

Alderman_V

    Member

  • Member
  • PipPip
  • 21 posts
Hi all.

As the title states, everything windows related is crashing, including IE6 with the following message:

Explorer.exe has generated errors and will be shut down by windows. Or Iexplore.exe or the exe file for what ever I'm trying to do inside windows, browse folders, add/remove programs, whatever.

My 2005 Nortons is running but is useless for running a scan, the GUI is blank.
I downloaded 5 of 7 updates from windows update before this started but I cant get back for the other 2 because IE won't stay running long enough.

I was able to get Panda Active Scan to run once when this first started: here are the results
Incident Status Location

Spyware:Spyware/BargainBuddy No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\Temp\salm_*.dat
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Virus:Trojan Horse Disinfected C:\Program Files\cdkey\showcdkey.exe

I was able to delete the second one but I can't find the 1st and 3rd.
I downloaded and ran Adaware SE which might have taken care of the others but the symptoms have not changed.

I even went so far as to try to repair windows by reinstalling win2k pro but it had no effect.

Here is my hjt log, any help is appreciated very much.

Logfile of HijackThis v1.99.1
Scan saved at 10:10:56 AM, on 4/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Netscape\Netscape 6\netscp6.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\vandy alderman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\vandy alderman\Application Data\Mozilla\Profiles\default\2yywn3d3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.ho...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEF14FFF-C98B-4207-83C1-0597BB2FC8ED}: NameServer = 64.132.16.223 64.132.16.224
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


BTW, I've installed netscape 6 so I can get around on the net but most virus scans do not support netscape. i/e housecall.trendmicro

Edited by Alderman_V, 17 April 2005 - 12:40 PM.

  • 0

Advertisements


#2
Alderman_V

Alderman_V

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Just wanted to catch this before it slips into oblivion. :tazz:
  • 0

#3
Alderman_V

Alderman_V

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Adaware SE removed a bunch of stuff. Spybot S&D found nothing.

I downloaded cleanup http://downloads.ste.../CleanUp312.exe
It cleaned up a bunch of stuff but didn't correct the problem.

I downloaded Mwav http://www.mwti.net/.../tools/mwav.exe
and it is now scanning
  • 0

#4
Alderman_V

Alderman_V

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Mwav results

Sun Apr 17 17:57:44 2005 => Total Objects Scanned: 46287
Sun Apr 17 17:57:44 2005 => Total Virus(es) Found: 3
Sun Apr 17 17:57:44 2005 => Total Disinfected Files: 0
Sun Apr 17 17:57:44 2005 => Total Files Renamed: 0
Sun Apr 17 17:57:44 2005 => Total Deleted Objects: 0
Sun Apr 17 17:57:44 2005 => Total Errors: 475
Sun Apr 17 17:57:44 2005 => Time Elapsed: 02:19:17

Sun Apr 17 17:57:44 2005 => ***** Scanning complete. *****
Sun Apr 17 17:57:45 2005 => Virus Database Date: 2005/04/16
Sun Apr 17 17:57:45 2005 => Virus Database Count: 126266

Sun Apr 17 17:57:45 2005 => Scan Completed.

File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINNT\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINNT\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
  • 0

#5
Alderman_V

Alderman_V

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Dang this sux, I want my computer back and don't know what to do.
  • 0

#6
Alderman_V

Alderman_V

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I sure am glad places like this exist, otherwise dummies like me would have to buy a new pc once a week! lol
new log file

Logfile of HijackThis v1.99.1
Scan saved at 5:27:06 AM, on 4/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\explorer.exe
C:\Program Files\Netscape\Netscape 6\netscp6.exe
C:\Documents and Settings\vandy alderman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\vandy alderman\Application Data\Mozilla\Profiles\default\2yywn3d3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Startup: Resume Windows Update Installation.lnk = C:\downloads\ie6setup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.ho...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEF14FFF-C98B-4207-83C1-0597BB2FC8ED}: NameServer = 66.201.0.3 64.132.94.250
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

any suggestions?
  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
:tazz:Being helped using Ad-aware SE

Due to user request.

Keep this topic open for possible use later
  • 0

#8
markedmanner

markedmanner

    Member

  • Member
  • PipPip
  • 87 posts
Maybe Im misunderstanding this But did you say you completely reinstalled windows 2000? What error messages are you getting?
  • 0

#9
Alderman_V

Alderman_V

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Maybe Im misunderstanding this But did you say you completely reinstalled windows 2000? What error messages are you getting?

View Post


Not completely, not like wiping everything clean and re-installing. First I tried the repair function from the disk, that didn't work. So I did an install, I forget what it was called but its a re-install that leaves all software intact. My thinking at the time was maybe the bug I have had damaged some windows system files. In any event that didn't fix the problem either.

Error message I get is the same each time with the exception of the exe file that caused the error.

For instance, if its IE that crashs it says "IExplore.exe has generated errors and will be shut down by windows, you will need to restart the program. An error log is being created".
If I try to do anything inside folders it says the same thing except its Explorer.exe that causes the error.
If I try to open control panel its Explorer.exe that causes the error.
My active desktop will usually go all white when I get an error.
If I double click the recycle bin it causes the same error.
I can open Norton but the command area is all blank.
These are just some examples.
  • 0

#10
markedmanner

markedmanner

    Member

  • Member
  • PipPip
  • 87 posts
I would recommmend downloading AVG a free antivirus program
http://www.grisoft.c...ng/us/tpl/tpl01

Also Im sure you have Updated and ran Adaware and Spybot if not download them update them and run them.

You could also try counterspy it works wonderful! You can download it at download.com

Personally I would probably just back up any documents pics music etc and just do a total reinstall of windows. If do do this make sure you have all the drivers for anything you have your printer webcam etc. Also make sure you know the product keys for all your different software you can get a product what will you tell you all them for free at http://www.belarc.com
  • 0

Advertisements


#11
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hopefully Team Lavasoft can help you :tazz:
  • 0

#12
Alderman_V

Alderman_V

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I found this thread
http://www.geekstogo...t12473-s45.html

I ran the sfc /scannow, it asked for my win2k disk and then pulled some files from the disk. I don't wanna speak too soon but it may be fixed. EI is working again, got trend micro downloading and my Norton is working again.
  • 0

#13
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
I hope your problem has been fixed.

Two great sites to check for good advice and top rated software are http://members.acces...ntomPhixer.html and http://www.spywareai...p?file=toprated

Two good sites that Corrine posted about in your other thread.

Good luck
  • 0

#14
Alderman_V

Alderman_V

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I was able to run trendmicro and it found nothing.
I was able to run Panda and it found three items but can't do anything with them.

Adware:Adware/SaveNow No disinfected C:\WINNT\system32\ap2nqrd4.dat

Adware:Adware/Apropos No disinfected Windows Registry

Adware:Adware/WUpd No disinfected C:\WINNT\system32\a95kfrhe.ini

Obviously the first and thrid items are easy to get rid of, just search for the file and delete it. But the second one is in the registry and I don't know how to find it.
Is there a registry scan/repair utility that will actually do more than just identify problem that I Don't have to buy?

Edited by Alderman_V, 20 April 2005 - 09:17 AM.

  • 0

#15
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Alderman_V

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP