Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe crashed --- 9 times today [Reopened]


  • Please log in to reply
23 replies to this topic

#1 pivotraze

pivotraze

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 AM

Posted 18 July 2009 - 10:02 PM

During normal computing, I get the error:
"Explorer.exe has encountered a problem and needs to close"
Then SOMETIMES:
"drwtsn32.exe has encountered a problem and needs to close"

Sometimes i get neither, just my startbar and icons dissapear..

What makes me post it this time, is it has happened 9 times today, that is a new record.

I usually can fix problems myself, but this has me bewildered.

Earlier before this, i got the error:
"No boot.ini file
Booting from C:\WINDOWS\"

Which i fixed by making a new boot.ini file.

I am running a MBAM scan, and am waiting for further instructions.

Also, during startup of my browser, i got the following alerts from BitDefender

NAME|Virus Name|Location|Sent
stBarPat.dat|Trojan.Html.Phishing.Q|C:\Documents and Settings\Cody\Local Settings\Application Data\CyberDefender\|No
tmp00002ffc|Trojan.Html.Phishing.Q|C:\WINDOWS\temp\tmp000078d3\|No
453AD565d01|Trojan.Clicker.CM|C:\Documents and Settings\Cody\Local Settings\Application Data\Firefox\Profiles\7llo0nz8.default\Cache\|No
tmp00001665|Trojan.Clicker.CM|C:\WINDOWS\temp\tmp00003821\

UPDATE:
Zone Alarm Free will not finish downloading, at end of download, it says it can not connect to server

I even renamed the downloader to jodia.exe.

Also, CyberDefender Internet Security detected:
RougeAntiSpyware.WindOptimizer(1)

Thank you in advance!

Cody

Edited by pivotraze, 18 July 2009 - 10:19 PM.

Proud user of Windows 7 Ultimate


Developer of: Seafire Suite
Developer of: Pivot: Revolution

System Specs: 4GB Ram, Intel i3-2350M,

MaxxAudio® LE

, 1600x900 17.3" HD+ TruBrite LED Screen , and Intel HD 3000 Graphics.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:04 PM

Posted 19 July 2009 - 12:18 AM

HiJack This log topic deleted and this topic reopened at member's request. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:04 PM

Posted 19 July 2009 - 06:03 AM

I am running a MBAM scan, and am waiting for further instructions


Post that complete log please
Chewy

No. Try not. Do... or do not. There is no try.

#4 pivotraze

pivotraze
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 AM

Posted 19 July 2009 - 01:32 PM

okay, it finished, here is the log:

Malwarebytes' Anti-Malware 1.39
Database version: 2462
Windows 5.1.2600 Service Pack 3

7/18/2009 10:00:20 PM
mbam-log-2009-07-18 (22-00-20).txt

Scan type: Quick Scan
Objects scanned: 98281
Time elapsed: 17 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-----------------END---------


Scanning with Avira, it found 3 instances of HTML/Spoofing.gen

Edited by pivotraze, 19 July 2009 - 01:33 PM.

Proud user of Windows 7 Ultimate


Developer of: Seafire Suite
Developer of: Pivot: Revolution

System Specs: 4GB Ram, Intel i3-2350M,

MaxxAudio® LE

, 1600x900 17.3" HD+ TruBrite LED Screen , and Intel HD 3000 Graphics.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:04 PM

Posted 19 July 2009 - 01:38 PM

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Chewy

No. Try not. Do... or do not. There is no try.

#6 pivotraze

pivotraze
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 AM

Posted 19 July 2009 - 02:05 PM

Here is the log you requested:

-------------------BEGIN-----------------------------
GooredFix by jpshortstuff (12.07.09)
Log created at 13:03 on 19/07/2009 (Cody)
Firefox version 3.5.1 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:41 30/06/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [08:49 19/07/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [06:10 08/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:08 03/07/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [06:08 08/07/2009]

-=E.O.F=-

Edited by pivotraze, 19 July 2009 - 02:05 PM.

Proud user of Windows 7 Ultimate


Developer of: Seafire Suite
Developer of: Pivot: Revolution

System Specs: 4GB Ram, Intel i3-2350M,

MaxxAudio® LE

, 1600x900 17.3" HD+ TruBrite LED Screen , and Intel HD 3000 Graphics.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:04 PM

Posted 19 July 2009 - 09:44 PM

Please download and run Processexplorer


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply
Chewy

No. Try not. Do... or do not. There is no try.

#8 pivotraze

pivotraze
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 AM

Posted 19 July 2009 - 10:45 PM

here is the log:
==============BEGIN================
Process PID CPU Description Company Name
System Idle Process 0 89.39
Interrupts n/a 3.03 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 1.52
smss.exe 404 Windows NT Session Manager Microsoft Corporation
csrss.exe 468 Client Server Runtime Process Microsoft Corporation
winlogon.exe 492 Windows NT Logon Application Microsoft Corporation
services.exe 536 1.52 Services and Controller app Microsoft Corporation
svchost.exe 696 Generic Host Process for Win32 Services Microsoft Corporation
urlmap.exe 7704 Money URL Map Microsoft Corporation
svchost.exe 756 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 952 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1088 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1148 Generic Host Process for Win32 Services Microsoft Corporation
brsvc01a.exe 1344 brsvc01a brother Industries Ltd
brss01a.exe 1380 brss01a.exe brother Industries Ltd
svchost.exe 1996 Generic Host Process for Win32 Services Microsoft Corporation
nvsvc32.exe 792 NVIDIA Driver Helper Service, Version 21.83 NVIDIA Corporation
SeaPort.exe 816 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
svchost.exe 1616 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 2672 Application Layer Gateway Service Microsoft Corporation
jqs.exe 976 Java™ Quick Starter Service Sun Microsystems, Inc.
avguard.exe 17088 Antivirus On-Access Service Avira GmbH
sched.exe 18052 Antivirus Scheduler Avira GmbH
IS360srv.exe 640 IObit
spoolsv.exe 20516 Spooler SubSystem App Microsoft Corporation
lsass.exe 548 LSA Shell (Export Version) Microsoft Corporation
RocketDock.exe 1192
ctfmon.exe 1248 CTF Loader Microsoft Corporation
Everything-1.2.1.371.exe 16824 Everything
avgnt.exe 17300 Antivirus System Tray Tool Avira GmbH
GoogleCrashHandler.exe 20460 Google Installer Google Inc.
explorer.exe 11656 1.52 Windows Explorer Microsoft Corporation
flock.exe 2532 Flock Flock, Inc.
3RVX.exe 15876 3RVX matt.malensek.net
windowspager.exe 21400
manager.exe 11904
hookstarter32.exe 14876
procexp.exe 24964 3.03 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
digsby-app.exe 32948 Digsby IM dotSyntax, LLC
aspell.exe 37700

========END===========
Proud user of Windows 7 Ultimate


Developer of: Seafire Suite
Developer of: Pivot: Revolution

System Specs: 4GB Ram, Intel i3-2350M,

MaxxAudio® LE

, 1600x900 17.3" HD+ TruBrite LED Screen , and Intel HD 3000 Graphics.

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:04 PM

Posted 19 July 2009 - 11:40 PM

SeaPort.exe 816 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
IS360srv.exe 640 IObit
RocketDock.exe 1192
Everything-1.2.1.371.exe 16824 Everything
GoogleCrashHandler.exe 20460 Google Installer Google Inc.
flock.exe 2532 Flock Flock, Inc.
3RVX.exe 15876 3RVX matt.malensek.net
windowspager.exe 21400
manager.exe 11904
hookstarter32.exe 14876
aspell.exe
digsby-app.exe 32948 Digsby IM dotSyntax, LLC

start with this list
Chewy

No. Try not. Do... or do not. There is no try.

#10 pivotraze

pivotraze
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 AM

Posted 19 July 2009 - 11:43 PM

start doing what? lol :thumbsup:
Proud user of Windows 7 Ultimate


Developer of: Seafire Suite
Developer of: Pivot: Revolution

System Specs: 4GB Ram, Intel i3-2350M,

MaxxAudio® LE

, 1600x900 17.3" HD+ TruBrite LED Screen , and Intel HD 3000 Graphics.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:04 PM

Posted 19 July 2009 - 11:55 PM

:thumbsup:

Those are the likely candidates for crashing explorer

What does avira say?

Remember tho a broken computer can't be scanned effectively
Chewy

No. Try not. Do... or do not. There is no try.

#12 pivotraze

pivotraze
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 AM

Posted 20 July 2009 - 12:03 AM

Avira came up with following Viruses:
"The file 'C:\Documents and Settings\Cody\Local Settings\Application Data\CyberDefender\Scam Alert\referrer.html'
contained a virus or unwanted program 'HTML/Spoofing.Gen' [virus]
Action(s) taken:
The file was moved to '4ac98255.qua'!"

"The file 'C:\Documents and Settings\Cody\Local Settings\Application Data\CyberDefender\Scam Alert\referrer.html'
contained a virus or unwanted program 'HTML/Spoofing.Gen' [virus]
Action(s) taken:
The file was moved to '4ac98255.qua'!"

"The file 'C:\Documents and Settings\Cody\Local Settings\Application Data\CyberDefender\Scam Alert\script.html'
contained a virus or unwanted program 'HTML/Spoofing.Gen' [virus]
Action(s) taken:
The file was moved to '4ad58253.qua'!"

"Virus or unwanted program 'HTML/Spoofing.Gen [virus]'
detected in file 'C:\Documents and Settings\Cody\Local Settings\Temp\cd28A.tmp\2009 Codebase\Installers\CDInstaller8\BIN\runtime\edc-cyberdefender_v2\InstallModule\SecurityToolbar\CSIDL_LOCAL_APPDATA\CyberDefender\Scam Alert\host.html.
Action performed: Delete file"

"Virus or unwanted program 'HTML/Spoofing.Gen [virus]'
detected in file 'C:\Documents and Settings\Cody\Local Settings\Temp\cd28A.tmp\2009 Codebase\Installers\CDInstaller8\BIN\runtime\edc-cyberdefender_v2\InstallModule\SecurityToolbar\CSIDL_LOCAL_APPDATA\CyberDefender\Scam Alert\referrer.html.
Action performed: Delete file"

"
Virus or unwanted program 'HTML/Spoofing.Gen [virus]'
detected in file 'C:\Documents and Settings\Cody\Local Settings\Temp\cd28A.tmp\2009 Codebase\Installers\CDInstaller8\BIN\runtime\edc-cyberdefender_v2\InstallModule\SecurityToolbar\CSIDL_LOCAL_APPDATA\CyberDefender\Scam Alert\script.html.
Action performed: Delete file"

"Virus or unwanted program 'WORM/SdBot.686957.A [worm]'
detected in file 'C:\Documents and Settings\Cody\Local Settings\Temp\_tempLSB\_instLSB.exe.
Action performed: Delete file"

Those are logs of detections.

So try killing those processes? i know the following:
IS360srv.exe 640 IObit <--------- Anti-Virus usually not active (Im ending)
RocketDock.exe 1192 <-------- Mac-like dock (deleting)
Everything-1.2.1.371.exe 16824 Everything <-------- Better Desktop Search
flock.exe 2532 Flock Flock, Inc. <-------- Web-Browser (Installed AFTER explorer.exe crashing)
3RVX.exe 15876 3RVX matt.malensek.net <------- Hot-key volume control
manager.exe 11904 <------- Host-Service of Windowspager.exe(ending)
hookstarter32.exe 14876 <------ Service of manager.exe (ending)
windowspager.exe 21400 <------- Multiple Desktops (Removing)
digsby-app.exe 32948 Digsby IM dotSyntax, LLC <------- IMing software
aspell.exe <------- Dictionary for digsby

Edited by pivotraze, 20 July 2009 - 12:08 AM.

Proud user of Windows 7 Ultimate


Developer of: Seafire Suite
Developer of: Pivot: Revolution

System Specs: 4GB Ram, Intel i3-2350M,

MaxxAudio® LE

, 1600x900 17.3" HD+ TruBrite LED Screen , and Intel HD 3000 Graphics.

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:04 PM

Posted 20 July 2009 - 06:42 AM

Those programs/processes are what I call Off_the_wall, there's a ton of junk out there, most of it just messes your computer up.

Here's one good example, which you seem to be having real problems from

http://hphosts.blogspot.com/2009/03/cyberd...money-back.html

I used to experiment with a lot of free new programs, till i got tired of reloading windows.

:thumbsup:
Chewy

No. Try not. Do... or do not. There is no try.

#14 pivotraze

pivotraze
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:04 AM

Posted 20 July 2009 - 03:15 PM

lol, okay thanks :thumbsup:

I am removing cyberdefender.

I removed the following programs:
Rocketdock
Windowspager
CyberDefender
IOBit Security 360


anything else you thing i should remove?

Edited by pivotraze, 20 July 2009 - 03:16 PM.

Proud user of Windows 7 Ultimate


Developer of: Seafire Suite
Developer of: Pivot: Revolution

System Specs: 4GB Ram, Intel i3-2350M,

MaxxAudio® LE

, 1600x900 17.3" HD+ TruBrite LED Screen , and Intel HD 3000 Graphics.

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:04 PM

Posted 20 July 2009 - 04:13 PM

I was working on a friends computer that kept crashing, we eliminated malware as the culprit, she didn't know what half the stuff she had running or installed. I couldn't even figure out some of it. We used add/remove programs to kill everything but her essentials, it worked, she asked what we had removed that had fixed it.

:thumbsup:

If you can ever get the explorer crash problem under control let's do some scans that don't involve adding another program that messes windows up.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users