Windows Explorer closes during Trojan scan

I have not been having any problems, and I am running Zone Alarm Pro, AdAware SE Plus, SpyBot 1.3, Spyware Blaster, NAV.
I thought that I should take advantage of the free Trojan scan at Windows Security, but it will never finish its scan, but I get - " Windows Explorer has encountered a problem and must close"
Does anyone else have experience of this happening?

I attach a HJT log for today:

Logfile of HijackThis v1.98.2
Scan saved at 2:35:53 PM, on 22-Aug-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Firetrust\B9.exe
D:\Program Files\blinkx\blinkx.exe
E:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
D:\Program Files\Intense Language Office\COMMON\Offman.exe
D:\PROGRA~1\blinkx\PDRE\iblinkx.exe
D:\Program Files\Intense Language Office\COMMON\Dict.exe
C:\WINDOWS\System32\taskmgr.exe
D:\PROGRA~1\blinkx\filescan\ablinkx.exe
C:\Documents and Settings\roger\Desktop\HijackThis.exe

O1 - Hosts: 127.98.9.4 pop.infonie.fr.b9
O1 - Hosts: 127.98.9.3 pop.free.fr.b9
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe "
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe "
O4 - HKCU\..\Run: [b9] C:\Program Files\Firetrust\B9.exe /minimize
O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
O4 - Startup: blinkx.lnk = D:\Program Files\blinkx\blinkx.exe
O4 - Startup: MemTurbo.lnk = E:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - D:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1091368165078
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Roger

 

I see nothing suspicious in that log. Have you tried shutting down some of the unnecessary running processes before scanning? Maybe try scanning only a few directories at a time? What happens when you scan with RAV?

 

Hi Noahdfear,

Tried again after closing all unnecessary processes. Still the same result - memory not infected, then the scan continued as far as Temporary Internet Files before Explorer shut down. The only thing in Windows\Temp\Temp Int Files is a folder labelled 'Content IE 5' so I think that if there is something in my system that shouldn't be there it, may come after 'Temp', and that includes Explorer.

SpyBot and AdAware find nothing and NAV did a scheduled complete system scan Friday night.

Roger

 

Did you try scanning just the windows folder, or program files, or whatever? Open the C:\Windows\Temp folder, select all and delete. Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK. Reboot and try the scan again. Did you run the RAV online virus scan I linked to in my previous post?

 

Hi r.leale...

When I was having problems (different than yours) with the site I just e-mail them with my problem and they e-mail backed within 24 hrs. Could not hurt to ask about your problem.

Their e-mail address info@windowsecurity.com

 

Hi Noahdfear,
The RAV scan, (After 35 minutes downloading the definitions!) didn't find anything. The disc scan is OK too.
I'm not too worried about this because I think that Zone Alarm would indicate any unauthorised traffic if I did have a trojan.
Thanks for the suggestion Kent, I shall do that.

Roger