Explorer.exe crashes when opening My COmputer and other FOlders

You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or from a sub-folder of C:\Documents and Settings, or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Make sure you have HijackThis version 1.98.2

 

Please follow the directions on where to place HijackThis. You currently still have it on your Desktop.
C:\Documents and Settings\Glyn\Desktop\HijackThis.exe

I working thru your log. I'll come back with info on what I find.

 

You have some trojans in your system. I not sure if you have them fixed.

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them:
C:\Documents and Settings\Glyn\Application Data\atao.exe

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\System32\CustomIE32.dll
O4 - HKCU\..\Run: [Card] C:\Documents and Settings\Glyn\Application Data\mpot.exe
O4 - HKCU\..\Run: [Esse] C:\Documents and Settings\Glyn\Application Data\atao.exe
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/bar/winb2s32.cab

Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\Glyn\Application Data\mpot.exe
C:\Documents and Settings\Glyn\Application Data\atao.exe

Now reboot in normal mode and post a new HJT log. And tell us how things are working.


Are the proxy settings below something you require for you ISP? Is 10.1.1.1 your DNS server address?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2.tpg.com.au:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.1;<local>
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8179DC9-7F74-4403-AC31-0FFD9DFD523A}: NameServer = 10.1.1.1

 

Is this log for the same PC? The log is okay. But I see changes since the last log.

Where did this come from all of a sudden:
:\Program Files\tcpIQ\Line Speed Meter\LineSpeedMeter.exe
O4 - HKLM\..\Run: [Line Speed Meter V3.0] C:\Program Files\tcpIQ\Line Speed Meter\LineSpeedMeter.exe -minimized

And why did the below line change:
From: O17 - HKLM\System\CCS\Services\Tcpip\..\{C8179DC9-7F74-4403-AC31-0FFD9DFD523A}: NameServer = 10.1.1.1

To: O17 - HKLM\System\CCS\Services\Tcpip\..\{C8179DC9-7F74-4403-AC31-0FFD9DFD523A}: NameServer = 203.12.160.35,203.12.160.36


I'm not sure why you cannot see properties on a folder. It does not sound like spyware.

 

Okay! Let me know if anything else comes up.

 

You're welcome.

And please do send that feedback if you find a solution. Try the Software Forum.

 

Re: Solution to right click problem

Thanks for coming back and telling us what you found. Glad to see it all worked out.

 

You did not insert the correct link. What you inserted was to start a new reply for the current thread here on MG's.

 

Thanks for the update! This may prove useful for other people.