Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows Explorer Has Stopped Working" Problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 SocalSteve

SocalSteve

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 27 June 2009 - 08:14 PM

This problem began the last couple days. On startup, I receive the error message: "Windows Explorer Has Stopped Working" followed by "Windows Explorer is Restarting." These messages repeat. In addition, I am receiving other messages concerning startup programs that have "stopped working." I don't know if this is malware, etc., but I downloaded DDS and have posted the log below. Any help would be greatly appreciated.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Steve at 18:07:49.87 on Sat 06/27/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1823 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\fsproflt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\TrueSuite Access Manager\CssSvr.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Steve\AppData\Local\Temp\574.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Steve\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=127.0.0.1:5757
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-5669370438-6372408632-113115725-1189\rundll32.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Shadow] c:\program files\newtech infosystems\nti shadow 3\Shadow.exe --minimize
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Win32 Firewall] c:\users\steve\appdata\local\temp\574.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"
mRun: [UsbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"
mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\steve\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\20v75tgb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - BS.Player Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2008-5-7 42608]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-6-15 43792]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-5-7 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-6-15 73392]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-1 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2009-6-5 352256]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-6-5 33792]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-06-27 17:54 <DIR> --d----- c:\program files\Trend Micro
2009-06-15 07:59 73,392 a------- c:\windows\system32\fsproflt.exe
2009-06-15 07:59 43,792 a------- c:\windows\system32\drivers\FSPFltd.sys
2009-06-15 07:59 <DIR> --d----- c:\program files\Hide Folders 2009
2009-06-15 07:56 <DIR> --d----- c:\users\steve\appdata\roaming\ABIG
2009-06-14 08:17 <DIR> --d----- c:\program files\MixMeister BPM Analyzer
2009-06-13 22:34 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-13 22:34 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-13 22:34 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-13 22:34 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-13 22:34 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-13 10:05 <DIR> --d----- c:\program files\Propellerhead
2009-06-12 20:08 <DIR> --d----- c:\program files\PowerISO
2009-06-07 20:32 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-06-07 20:32 368,640 a------- c:\windows\system32\ReWire.dll
2009-06-07 20:32 <DIR> --d----- c:\programdata\Propellerhead Software
2009-06-07 20:32 <DIR> --d----- c:\progra~2\Propellerhead Software
2009-06-07 20:32 <DIR> --d----- c:\users\steve\appdata\roaming\Propellerhead Software
2009-06-05 22:52 <DIR> --d----- c:\windows\usb-audio.deBehringer2902
2009-06-05 22:51 33,792 a------- c:\windows\system32\drivers\busbwdm.sys
2009-06-05 22:51 352,256 a------- c:\windows\system32\drivers\BUSB2902.sys
2009-06-05 18:47 <DIR> --d----- c:\users\steve\appdata\roaming\Xlutop
2009-06-05 18:47 <DIR> --d----- c:\program files\Chainer
2009-06-05 18:46 <DIR> --d----- C:\Win
2009-06-05 18:36 <DIR> --d----- c:\program files\energyXT2

==================== Find3M ====================

2009-06-23 22:04 1,312 a------- c:\users\steve\appdata\roaming\wklnhst.dat
2009-06-05 22:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-05 22:52 51,200 a------- c:\windows\inf\infpub.dat
2009-06-05 22:52 86,016 a------- c:\windows\inf\infstor.dat
2009-04-24 09:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 09:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 06:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 05:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 04:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-07-22 21:52 56 a---h--- c:\programdata\ezsidmv.dat
2008-07-22 21:52 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-11 03:08 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-10-31 22:42 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-10-31 22:42 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-10-31 22:42 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:08:10.45 ===============

BC AdBot (Login to Remove)

 


#2 SocalSteve

SocalSteve
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 27 June 2009 - 08:27 PM

The error messages I am receiving on startup are:

"Windows Explorer Has Stopped Working"
"Windows Explorer is restarting"
"Usernit Logon Application Has Stopped Working"
"Task Scheduler Engine Has Stopped Working"

The first two error messages repeat several times.

#3 SocalSteve

SocalSteve
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 28 June 2009 - 10:07 AM

Update: I ran a program called Malwarebytes Anti-Malware and it identified 6 "trojan" files. It deleted them and everything seems to be back to normal.

I believe this thread can be closed.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:00 PM

Posted 01 July 2009 - 06:44 PM

Hello

Thank you for letting us know. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users