Explorer in XP crashes and restarts every 10 minutes, like an alarm clock [HjT log]

Explorer in XP crashes and restarts every 10 minutes, like an alarm clock...?

About every 12 minutes or so, I have the explorer crash. The symptoms are "only" a refreshing of the taskbar and the disappearance of many - but not all - of the tray icons. The logs of these crashes - about 1000 so far, for the last few days - state "The system shell stopped unexpectedly and explorer.exe was restarted ". They're listed as "source: Winlogon; no category; event identifier: 1002 ", with nothing in the hex dump. It's beyond infuriating. I tried every fix I could find, ran windows update, sfc, Norton's regscan (I won't even mention the regular AV and spyware scans), but nothing even decreased the regularity of this. I even installed the dreaded SP2, and it fixed nothing (just slowed down the system considerably).

The crashes seem to happen for no reason at all - I could be browsing online (from Firefox, obviously), watching something, running NASA's Worldwind, writing, or just letting the PC stand and idle with nothing running, and the crashes will happen, regardless of anything else...

It does seem to happen regardless of what I'm doing. Right now, I just tried one thing; I sat down, ran Sysinternals' File Monitor and had it log every file access, waiting for the crash to happen. It logged about 3 KB of text during the 30 seconds or so when the crash and explorer restart occurred... it's below. At that moment I was only reading a cached web page, opened quite a while earlier.

Using PS Tray Factory, I can restore the icons that disappear, but the problem is with the crashes, and restoring the icons is like putting cotton under a leaking hole in the roof instead of trying to patch up the hole... unfortunately in this case I can't even see the hole.

(The KAVICHS thing is from Kaspersky's Antivirus, but I had the program many days before the crashes began)

4969 winlogon.exe:612 OPEN C:\Documents and Settings\User SUCCESS Options: Open Directory Access: Traverse
4970 winlogon.exe:612 CLOSE C:\WINDOWS\system32 SUCCESS
4971 winlogon.exe:612 OPEN C:\WINDOWS\system32\:KAVICHS NAME INVALID Options: Open Access: All
4972 winlogon.exe:612 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
4973 winlogon.exe:612 QUERY INFORMATION C:\autoexec.bat SUCCESS Length: 206
4974 winlogon.exe:612 READ C:\autoexec.bat SUCCESS Offset: 0 Length: 206
4975 winlogon.exe:612 CLOSE C:\autoexec.bat SUCCESS
4976 winlogon.exe:612 QUERY INFORMATION C:\Documents and Settings\User\Local Settings\Temp SUCCESS Attributes: D
4977 winlogon.exe:612 OPEN C:\ SUCCESS Options: Open Directory Access: All
4978 winlogon.exe:612 DIRECTORY C:\ SUCCESS FileBothDirectoryInformation: Documents and Settings
4979 winlogon.exe:612 CLOSE C:\ SUCCESS
4980 winlogon.exe:612 OPEN C:\Documents and Settings\User\ SUCCESS Options: Open Directory Access: All
4981 winlogon.exe:612 DIRECTORY C:\Documents and Settings\User\ SUCCESS FileBothDirectoryInformation: Local Settings
4982 winlogon.exe:612 CLOSE C:\Documents and Settings\User\ SUCCESS
4983 winlogon.exe:612 OPEN C:\Documents and Settings\User\:KAVICHS NAME INVALID Options: Open Access: All
4984 winlogon.exe:612 QUERY INFORMATION C:\Documents and Settings\User\Local Settings\Temp SUCCESS Attributes: D
4985 winlogon.exe:612 OPEN C:\ SUCCESS Options: Open Directory Access: All
4986 winlogon.exe:612 DIRECTORY C:\ SUCCESS FileBothDirectoryInformation: Documents and Settings
4987 winlogon.exe:612 CLOSE C:\ SUCCESS
4988 winlogon.exe:612 OPEN C:\Documents and Settings\User\ SUCCESS Options: Open Directory Access: All
4989 winlogon.exe:612 DIRECTORY C:\Documents and Settings\User\ SUCCESS FileBothDirectoryInformation: Local Settings
4990 winlogon.exe:612 CLOSE C:\Documents and Settings\User\ SUCCESS
4991 winlogon.exe:612 OPEN C:\Documents and Settings\User\:KAVICHS NAME INVALID Options: Open Access: All
4992 winlogon.exe:612 OPEN C:\ SUCCESS Options: Open Directory Access: All
4993 winlogon.exe:612 DIRECTORY C:\ SUCCESS FileBothDirectoryInformation: WINDOWS
4994 winlogon.exe:612 CLOSE C:\ SUCCESS
4995 winlogon.exe:612 OPEN C:\WINDOWS\ SUCCESS Options: Open Directory Access: All
4996 winlogon.exe:612 CLOSE C:\WINDOWS\ SUCCESS
4997 winlogon.exe:612 OPEN C:\WINDOWS\:KAVICHS NAME INVALID Options: Open Access: All
4998 winlogon.exe:612 OPEN C:\WINDOWS\system32 SUCCESS Options: Open Directory Access: Traverse
4999 winlogon.exe:612 CLOSE C:\Documents and Settings\User SUCCESS
5000 winlogon.exe:612 OPEN C:\Documents and Settings\User\:KAVICHS NAME INVALID Options: Open Access: All
5001 services.exe:656 WRITE C:\WINDOWS\system32\config\AppEvent.Evt SUCCESS Offset: 485036 Length: 140
5002 services.exe:656 WRITE C:\WINDOWS\system32\config\AppEvent.Evt SUCCESS Offset: 485176 Length: 40

And here is a Procexp screenshost from my typical session:
http://img176.imageshack.us/img176/5775/procexp0av.gif

Here's a HijackThis log, by the way, if anyone recognizes anything problematic... By the way, are there any real-time process, etc. monitors that would perhaps help in finding out and logging some specific information about the system situation at the exact moments of the crashes? (I already used tools such as Sysinternals' ones - File Monitor, etc. - and similar...)

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Far\Far.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: FAR.lnk = C:\Program Files\Far\Far.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\kavmm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

Have you tested your memory?
http://www.memtest86.com/

 

I may be just guessing here. But here goes anyway.

I see these in the Log.

4997 winlogon.exe:612 OPEN C:\WINDOWS\:KAVICHS NAME INVALID Options: Open Access: All

5000 winlogon.exe:612 OPEN C:\Documents and Settings\User\:KAVICHS NAME INVALID Options: Open Access: All

Do these say that something did go wrong with KAVICHS ?

If this is indeed an Anti Virus and it is attempting to check things and it cannot do it properly ???

BillyBob

 

If I was a betting man, I would go with markp62 ... if not memory, it has good odds of being hardware. 10 minute predictable cycles seem to support hardware failure. Have you tried starting up in safe mode to eliminate application issues? ...
and let it sit, do not load anything.

 

More of my thoughts.

I could be wrong but from reading the above quote I lean a bit toward the OS.

#1 Explorer.exe being restarted.
#2 I see Norton mixed into things.
#3 SP2 being installed and slowing down the system so much. ( I bet it did not go in right. }

Questons for Wells

Do you have Norton installed ? It has been known to mess up many a system.

When you installed lets says SP2 and or other things did you have ANY AND ALL Anti-Virus and/or Firewalls disabled. ? Things may not install properly with them running. Expecially things like SP2 that overwrite system files.

From the quote above
They're listed as "source: Winlogon; no category; event identifier: 1002 ", with nothing in the hex dump

Could this go along with my earlier reply ?

Dennis L

I would not bet against you.

BillyBob