bracymarlyle
asked on
Explorer.EXE-Application Error
When I start my system it loads up like normal but then pops up
The Application failed to initializew properly (0xc000005) Click Ok to terminate application.
I click ok and then nothing loads. Not my desktop or anything so I have to reboot to safe mode and work that way so far. So far I have tried Ewido and done a full scan fixing all errors.
Here is my Hijack this logfile which I can only run in safe mode so I dont know if it will help at all.
Logfile of HijackThis v1.99.1
Scan saved at 3:03:23 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon
C:\DOCUME~1\BRYANC~1\LOCAL
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bi
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NC
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quicks
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\p
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\I
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmo
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsi
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Boomerang Software\Guardian Worm Killer & AntiVirus\AVKPOP.EXE"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {26CBF141-7D0F-46E1-AA06-7
O16 - DPF: {406B5949-7190-4245-91A9-3
O16 - DPF: {4FA3D392-9349-4D85-8FB9-1
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {97BB6657-DC7F-4489-9067-5
O16 - DPF: {B49C4597-8721-4789-9250-3
O16 - DPF: {E991BDE0-9816-4094-853E-6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\A
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc0
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.ex
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NC
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NI
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrys
The Application failed to initializew properly (0xc000005) Click Ok to terminate application.
I click ok and then nothing loads. Not my desktop or anything so I have to reboot to safe mode and work that way so far. So far I have tried Ewido and done a full scan fixing all errors.
Here is my Hijack this logfile which I can only run in safe mode so I dont know if it will help at all.
Logfile of HijackThis v1.99.1
Scan saved at 3:03:23 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon
C:\DOCUME~1\BRYANC~1\LOCAL
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bi
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NC
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quicks
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\p
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\I
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmo
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsi
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Boomerang Software\Guardian Worm Killer & AntiVirus\AVKPOP.EXE"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {26CBF141-7D0F-46E1-AA06-7
O16 - DPF: {406B5949-7190-4245-91A9-3
O16 - DPF: {4FA3D392-9349-4D85-8FB9-1
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {97BB6657-DC7F-4489-9067-5
O16 - DPF: {B49C4597-8721-4789-9250-3
O16 - DPF: {E991BDE0-9816-4094-853E-6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\A
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc0
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.ex
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NC
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NI
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrys
ASKER
Ok done but still same problem though however.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tried to run sfc commands from prompt and recieved this
Windows file protection could not initiate a scan of protected system files
The specified error code is 0x000006ba [The RPC server is unavailable]
My problem right now is I can't find my Dell box to just reinstall windows. My box had the restore disc sleeve with key!
Windows file protection could not initiate a scan of protected system files
The specified error code is 0x000006ba [The RPC server is unavailable]
My problem right now is I can't find my Dell box to just reinstall windows. My box had the restore disc sleeve with key!
This MS KB article may help even though written for Win 2000. It states >
"This behavior can occur if the certificate for VeriSign time stamping has been removed from the computer ..."
http://support.microsoft.com/?kbid=296241
"This behavior can occur if the certificate for VeriSign time stamping has been removed from the computer ..."
http://support.microsoft.com/?kbid=296241
ASKER
Did all that and no difference. Just same error as before when trying scannow
hijack this does not detect viruses.
Lets see if if we can get you back to windows . I would say you have a virus or trojan.
In safemode disable your system restore r/click my computer properties system restore, this will delete all your restore points where trojans like to hide. then re-enable it.
run a disc cleanup to delete all old files including internet cookies history from start all programs accessories system tools.
empty your recycle bin.
Delete all old emails.
Run your task manager and lok for any sus programs running, hopefully you have a knowledge of what shoul dbe running.
No desktop task bar fix:
A virus called F-Nimda can cause this.
Info here...
ftp://ftp.f-secure.com/anti-virus/tools/shellfix.txt
Download the fix...
ftp://ftp.f-secure.com/anti-virus/tools/shellfix.reg
or
ftp://ftp.f-secure.com/anti-virus/tools/shellfix.zip
==========================
Troubleshooting Windows Explorer Errors
http://www.helpwithwindows.com/techfiles/explorer-crashes.html
==========================
scan your computer in safemode download these:
http://www.softpedia.com/get/Antivirus/McAfee-AVERT-Stinger.shtml
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
------------
If you are not a Trend Micro customer please download the following file.
Sysclean Package 3.1MB http://www.trendmicro.com/ftp/products/tsc/sysclean.com
MD5 checksum: ff4ce112cae7005f6046f81d37
NOTE:
For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. http://www.trendmicro.com/ftp/products/tsc/readme.txt
This file also contains the description and the different features of this package.
Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
--------------------------
see if this helps As you cannot access windows to get online scanning online would be helpful.
If can get inot your windows use these asap
http://housecall.trendmicro.com/ scan now
http://us.mcafee.com/root/mfs/default.asp?affid=294
Merete
Lets see if if we can get you back to windows . I would say you have a virus or trojan.
In safemode disable your system restore r/click my computer properties system restore, this will delete all your restore points where trojans like to hide. then re-enable it.
run a disc cleanup to delete all old files including internet cookies history from start all programs accessories system tools.
empty your recycle bin.
Delete all old emails.
Run your task manager and lok for any sus programs running, hopefully you have a knowledge of what shoul dbe running.
No desktop task bar fix:
A virus called F-Nimda can cause this.
Info here...
ftp://ftp.f-secure.com/anti-virus/tools/shellfix.txt
Download the fix...
ftp://ftp.f-secure.com/anti-virus/tools/shellfix.reg
or
ftp://ftp.f-secure.com/anti-virus/tools/shellfix.zip
==========================
Troubleshooting Windows Explorer Errors
http://www.helpwithwindows.com/techfiles/explorer-crashes.html
==========================
scan your computer in safemode download these:
http://www.softpedia.com/get/Antivirus/McAfee-AVERT-Stinger.shtml
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
------------
If you are not a Trend Micro customer please download the following file.
Sysclean Package 3.1MB http://www.trendmicro.com/ftp/products/tsc/sysclean.com
MD5 checksum: ff4ce112cae7005f6046f81d37
NOTE:
For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. http://www.trendmicro.com/ftp/products/tsc/readme.txt
This file also contains the description and the different features of this package.
Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
--------------------------
see if this helps As you cannot access windows to get online scanning online would be helpful.
If can get inot your windows use these asap
http://housecall.trendmicro.com/ scan now
http://us.mcafee.com/root/mfs/default.asp?affid=294
Merete
Also check this Registry entry in safe mode using Regedit:
HKEY_LOCAL_MACHINE\Softwar
Look for the value of "Shell" it should be just "explorer.exe" and nothing else. Change it to explorer.exe if it is anything else.
HKEY_LOCAL_MACHINE\Softwar
Look for the value of "Shell" it should be just "explorer.exe" and nothing else. Change it to explorer.exe if it is anything else.
This previous EE thread may also be useful >
"Explorer.exe application error":
https://www.experts-exchange.com/questions/21180292/Explorer-exe-application-error.html
"Explorer.exe application error":
https://www.experts-exchange.com/questions/21180292/Explorer-exe-application-error.html
ASKER
OK I checked regedit and it was right. I did disc cleanup and email and all that good stuff. I did a full system scann also and no change yet. I can still only open up in safe mode.
ASKER
Oh I also still get this when I try to run sfc commands from prompt so I havent been able to do this yet
Windows file protection could not initiate a scan of protected system files
The specified error code is 0x000006ba [The RPC server is unavailable]
Windows file protection could not initiate a scan of protected system files
The specified error code is 0x000006ba [The RPC server is unavailable]
When investigating, i found this url. If you scroll to the entry on Mar 29 2006, 02:00 AM by "Keith", the comments *may* just help:
http://www.geekstogo.com/forum/index.php?showtopic=101560
http://www.geekstogo.com/forum/index.php?showtopic=101560
ASKER
Computer name has always stayed the same although I have no clue what the "out of box experience" even is :)
> "out of box experience" <
Probably explained better here than i could :)
http://support.microsoft.com/?kbid=311781
Probably explained better here than i could :)
http://support.microsoft.com/?kbid=311781
ASKER
I ended up using restore cd to fix problems. All seems fine now other than needing to reset outlook about.
Thanks!
Thanks!
http://hijackthis.de/logfiles/8d7d37778b8ed01802bbcf476f6521bc.html
---
Harish