Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Crashing on win7


  • This topic is locked This topic is locked
3 replies to this topic

#1 mtriper

mtriper

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 17 December 2010 - 11:36 AM

Hi,

I need help figuring out why Windows Explorer is crashing all the time. I don't even get to the desktop before the crash report comes up and it does it again if I try to click on any of the options.

This started yesterday as I got back from vacation so my guess is that the computer has been messed with during my time off. :(

Any help will be highly appreciated.

Please see my logs bellow.

Thanks in advance

MT

------------------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86
Run by Renato at 14:13:24,81 on 17/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3062.1958 [GMT -2:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launchy\Launchy.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\regedit.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Renato\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://localhost/
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Baixar com o Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download all by FlashGet3 - c:\users\renato\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\renato\appdata\roaming\flashgetbho\GetUrl.htm
IE: Download selecionado pelo Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://201.6.104.129/ActiveViewGUI.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://192.168.0.78/ActiveView.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: {4276B395-F5A3-402C-8C7C-ED22F6BC697B} = 8.8.8.8
TCP: 4505D2C494E4B4F5446353235423 = 8.8.8.8,8.8.4.4
TCP: 744564F4 = 8.8.8.8
TCP: C696E6B6379737 = 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\renato\appdata\roaming\mozilla\firefox\profiles\espvxh4h.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2006-11-20 7168]
R3 netw5v32;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 32 Bits;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-10-28 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthAudioHF;Serviço BthAudioHF;c:\windows\system32\drivers\BthAudioHF.sys [2010-1-23 29184]
S3 BthAvrcp;Perfil AVRCP do Bluetooth;c:\windows\system32\drivers\BthAvrcp.sys [2010-1-23 12800]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-9-15 18120]
S3 evserial7;Virtual Serial Ports Driver 7 (Eltima Softwate);c:\windows\system32\drivers\evserial7.sys [2010-10-8 57928]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-28 36640]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-1-25 32377]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-30 375808]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-28 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-28 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-28 121576]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-5-18 31504]
S3 VSBC7;Virtual Serial Bus Enumerator 7 (Eltima Software);c:\windows\system32\drivers\evsbc7.sys [2010-10-8 31816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S4 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-9-15 95568]
S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s --> c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s [?]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s --> c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-28 233472]
S4 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]
S4 MSSQL$SQL2005;SQL Server (SQL2005);c:\program files\microsoft sql server\mssql10.sql2005\mssql\binn\sqlservr.exe [2009-3-30 43010392]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 MySQL_ZendServer51;MySQL_ZendServer51;"c:\program files\zend\mysql51\bin\mysqld" --defaults-file="c:\program files\zend\mysql51\my.ini" mysql_zendserver51 --> c:\program files\zend\mysql51\bin\mysqld [?]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-11 1153368]
S4 SQLAgent$SQL2005;SQL Server Agent (SQL2005);c:\program files\microsoft sql server\mssql10.sql2005\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-11-30 2222376]

=============== Created Last 30 ================

2010-12-17 15:23:12 -------- d-----w- c:\program files\Runtime Software
2010-12-16 17:17:45 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-16 16:51:43 -------- d-----w- c:\users\renato\appdata\local\temp
2010-12-16 16:34:59 388096 ----a-r- c:\users\renato\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-16 16:34:58 -------- d-----w- c:\program files\Trend Micro
2010-12-16 15:50:04 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{3df071aa-9c6c-46d6-b4b3-2eafe56f5fa8}\mpengine.dll
2010-12-08 13:30:53 -------- d-----w- c:\program files\Corel
2010-12-03 15:16:02 356425 ----a-w- c:\windows\system32\GDS32.DLL
2010-12-03 15:15:49 -------- d-----w- c:\program files\GDanfe
2010-11-25 16:33:49 -------- d-----w- c:\program files\danfeview
2010-11-19 19:16:04 -------- d-----w- c:\program files\common files\AVSMedia
2010-11-19 19:16:00 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-11-19 19:16:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-11-19 19:16:00 -------- d-----w- c:\program files\AVS4YOU
2010-11-18 17:24:09 -------- d-----w- c:\users\renato\appdata\roaming\GARMIN
2010-11-18 17:08:30 -------- d-----w- c:\program files\Dnote Software

==================== Find3M ====================

2010-12-08 13:39:02 88 --sh--r- c:\progra~2\EC74501C59.sys
2010-12-08 13:39:02 2828 --sha-w- c:\progra~2\KGyGaAvL.sys
2010-11-26 14:45:59 98316 ----a-w- c:\windows\system32\~.tmp
2010-11-12 15:34:15 53167 ----a-w- c:\windows\angelcam.tmp
2010-11-12 15:32:20 468 ----a-w- c:\windows\user.tmp
2010-11-08 03:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 17:01:16 350208 ----a-w- c:\windows\system32\d3drm.dll

============= FINISH: 14:14:04,00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:33 AM

Posted 27 December 2010 - 10:59 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 mtriper

mtriper
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 30 December 2010 - 01:28 PM

Thanks Shannon, but I have already solved the problem. It seems the computer was not infected after all, it was just an incompatible control panel applet (old version of Firebird DB) that was crashing windows explorer on win7. Removing that cpl file has fixed the problem.

Diagnostics was possible by extending win7 dump file reporting in the registry and analyzing the created dump file with the windows debug tools.

Thanks for your help anyway.

MT

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 30 December 2010 - 05:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users