Windows explorer won't open

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by suzecarol, Apr 6, 2005.

  1. suzecarol

    suzecarol Private E-2

    I posted this over in Software, and was told to post it here, so here goes...

    I can't get IE (version 6), Windows Explorer, or My Computer to open. When I try, I get an error message that reads: Windows Explorer (or IE) has encountered a problem and needs to close.

    System info is:
    Windows XP Home Edition, v 2 with sp 1
    Pentium 4 CPU 2.40 GHz
    256 GB RAM

    I've run Norton Anti-Virus and Ad-Aware, with no significant results -- one minor tracking program from Alexa, and a few tracking cookies, all quarantined now. I've run Hijack This, but don't know how to interpret it.

    Everything else on the computer seems to be working normally. All non-windows non-explorer related programs, that is.

    I've read all the "Read before posting" messages, and I've tried to follow the instructions, but they all reach a point that says "go to Windows Explorer..." or "go to My Coomputer..."

    For the sake of completeness, here's the HIjack log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:05:57 PM, on 4/6/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slum.slashcity.com/rsm/readerlinks.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Support - {918973AD-B6E7-4515-BF8F-C7E320413F97} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {934D038E-6597-42D7-BD7F-87A9E17A4C7F} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Help - {FC27E529-E146-4E2B-A437-2AE66A78D363} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
    O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108524662028
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Thats a LOT of memory :p (I think you meant to say Megabytes)


    From now on please follow forum guidelines. HJT logs should not be posted unless requested. When you are requsted for one ALWAYS attach it to your post as an attatchment.

    Now scan with HijackThis and Check the Boxes for the following:

    Make sure All Browser Windows are Closed when you Click FIX.

    O9 - Extra button: Support - {918973AD-B6E7-4515-BF8F-C7E320413F97} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {934D038E-6597-42D7-BD7F-87A9E17A4C7F} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Help - {FC27E529-E146-4E2B-A437-2AE66A78D363} - http://www.comcast.net/memberservices/ (file missing) (HKCU)

    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

    NEXT:
    Run CCleaner

    After doing this, see if problem is resolved if not then temporarily disable Norton and try again.

    If still no go then let me know!
     
  3. suzecarol

    suzecarol Private E-2

    You are a genius, bless you. Not only is it working perfectly, the system is running faster than it has in months.

    And I'll remember next time, promise: Don't get so frazzled I dont read everything in the guidlines before posting.
     
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    So everything is ok now?
     
  5. suzecarol

    suzecarol Private E-2

    Everything is OK now. IE and Explorer and My Computer are working normally. Again, thank you.
     
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Great!:)

    You should check out this article on How to Protect yourself from malware!
     
  7. suzecarol

    suzecarol Private E-2

    Ooos -- an update. I can open IE and Windows Explorer and My Computer, and they seem to work normally until I click on Internet options in IE, or go to Local Settings and try to open History or Temp Internet files in Windows Explorer. Then I get the error message again and they shut down. Any suggestions?
     
  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Do you have Content Advisor enabled?
     
  9. suzecarol

    suzecarol Private E-2

    In IE? I can't check -- if I click on Internet Tools, it shuts down. But I'm 99.9% sure it's not enabled.
     
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Does this occur in Safe Mode?
     
  11. suzecarol

    suzecarol Private E-2

    Yes -- they don't open at all, I get the error messge immediately. And I'm out of Safe mode now, and it's happening in normal operating mode now.
     
  12. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  13. suzecarol

    suzecarol Private E-2

    Went to safe mode, control panel, clicked on internet options, and got this error message:
    An exception occurred while trying to run "shell32.dll, Control_RunDLL
    "C:\WiINDOWS\System32\inetcpl", Internet options

    That doesn't sound good...
     
  14. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Did you try the IE Fix I requested?

    Try this:
    Click Start > Run > type in SFC /SCANNOW
     
  15. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  16. suzecarol

    suzecarol Private E-2

    I ran IE Fix, no joy. It reloaded some files, but nothing changed. I can't run the links you posted. Trend won't recognize Firefox as a Mozilla browser, two of the others require you to be using IE, and the third, if you're not running IE, will only scan individual files or archives.

    Another twist -- when I minimize a program, my desktop and taskbar disappear, and I'm down to nothing but wallpaper. They're back within 20-30 seconds, but it's still scary.

    Thanks for the help. I've gotta crash now. I'll check back tomorrow.
     
  17. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    I think you need to do a Repair Reinstallation. Do you know how to do this?

    Try this first:

    Click Start > Run > type in:

    inetcpl.cpl /regserver

    Tell me what happens!!
     
  18. suzecarol

    suzecarol Private E-2

    I went back and reread everything you've suggested, then disabled Norton while I ran CCleanup again, and it's all working again. WE will even let me click on History and Temp Internet Files again.

    I hate not knowing why, though. I can't believe this is more than a temporary fix.
     
  19. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Sounds like Norton is causing some problems, personally I would recommend Avast or AVG for antivirus and ZoneAlarm for a firewall. These are free so think about it ;)

    Glad you got it fixed! If you have anymore problems just let us know:)
     
  20. suzecarol

    suzecarol Private E-2

    No idea how to do a Repair Installation. When I did the second bit, the Internet Options box opened.
     
  21. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Good! All that did was re-register the .cpl file mentioned. Also, still wouldnt hurt to run those online scans.
     
  22. suzecarol

    suzecarol Private E-2

    Trust me, I will. I'm off to download AVG right now.

    Thanks again.
     
  23. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your Welcome!:)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds