Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe crashes repeatedly after login


  • This topic is locked This topic is locked
4 replies to this topic

#1 futuremlsplayer

futuremlsplayer

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 21 December 2009 - 05:39 PM

The Problem:
After logging in to a user on Vista SP2, all I have is a screen of my wallpaper. Using ctrl+shift+esc brings up the task manager just fine and I can run a few programs from the "New Task" button. However, if I try to run explorer.exe, you can see it start up in the "Processes" tab of Task Manager, and then it just disappears after a second or two.

What I've tried:
I checked in the HKLMSoftwareMicrosoftWindowsNTCurrentVersionWinlogon location and Shell correctly has the value of "explorer.exe"
Creating a new user doesn't seem to work. I can log in as the hidden Administrator account just fine, but any other user get the crashing explorer.exe.
If I boot into Safe Mode I can log in to any user just fine.
I have run multiple virus/spyware/malware/adware scans including Avira, Norton, Spybot S&D, Ad-Aware, and MalwareBytes, all in Safe Mode, and I'm clean

History:
My mom asked me to fix this computer for her because it had a nasty virus that did a bunch of other things, including not allowing an update to Vista SP2. I fixed all of that and got the update to work, and everything now is virus free.
Part of getting SP2 to install was running this script:

@echo off

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

@Echo =========================
@Echo Finished.
@Echo =========================
@pause

And that seemed to work to install SP2.

Other Info that may be related or unrelated:
I've tried installing the newest windows update for the malicious removal tool. Windows update will say that it installed successfully but will later continue asking me to download and install it. When checking c:windowssystem32mrt.exe, I noticed that I can't delete it. It says that I don't have permission to do so.
It also appears that I can't use task manager to force-quit applications. Again, it says that I don't have permission. Because of this, I've tried disabling UAC. Security Center shows that it is ENABLED, but when I go into control panel to UNCHECK the box so that I can DISABLE it, the box is already unchecked. Confusing, I know.

Anyway, any help would be greatly appreciated. Thanks!

Here's the ComboFix and HijackThis logs, too.

And yes, I know I wasn't supposed to run ComboFix.

Attached Files


Edited by garmanma, 21 December 2009 - 09:14 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:25 PM

Posted 03 January 2010 - 03:17 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 futuremlsplayer

futuremlsplayer
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 03 January 2010 - 05:25 PM

Thanks for getting back to me!

Here's the log from RSIT (attached)

Attached Files

  • Attached File  log.txt   64.7KB   1 downloads
  • Attached File  info.txt   36.96KB   1 downloads


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:25 PM

Posted 04 January 2010 - 06:50 PM

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

Please follow the above directions. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:25 PM

Posted 14 January 2010 - 09:40 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users