Explorer.exe error

[gagaga]

Hi everyone,
I read the topic about the virus that affects explorer.exe.
I have the same problem .
Romial, how did you get rid of the explorer error pop up?

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 15:15:21, on 19/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\MFCLX32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SOFT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\IEFG.EXE
C:\WINDOWS\TEMP\91E6.TMP.EXE
C:\PROGRAM FILES\CREATIVE\SBAUDIGY\TASKBAR\CTLTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBAUDIGY\TASKBAR\CTLTASK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\WLAN\WCONFIG\WCONFIG.EXE
C:\WINDOWS\SYSTEM\METRO.EXE
C:\WINDOWS\BUREAU\MWAV.EXE
C:\WINDOWS\BUREAU\MWAV.EXE
C:\HIJACK\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {D2F5D9A4-C618-A8DE-BD9E-602C1BFB1EA1} - C:\WINDOWS\ADDBK32.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SBAUDIGY\PROGRAM\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [IEFG.EXE] C:\WINDOWS\SYSTEM\IEFG.EXE
O4 - HKLM\..\Run: [91E6.TMP] C:\WINDOWS\TEMP\91E6.TMP.exe 1 10001
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
O4 - HKLM\..\Run: [91E6.TMP.EXE] C:\WINDOWS\TEMP\91E6.TMP.EXE 4 10001
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\RunServices: [MFCLX32.EXE] C:\WINDOWS\MFCLX32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.sp2[censored]ed.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\\MAIN.MHT!http://clean-thumbs.com//index//in//index.chm::/ad.exe


Can anyone help me please?
Thanks a lot!!

[gagaga]

Sorry, here's a new log:

Logfile of HijackThis v1.99.1
Scan saved at 16:14:48, on 19/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\MFCLX32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SOFT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\IEFG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\WLAN\WCONFIG\WCONFIG.EXE
C:\HIJACK\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\sllxy.dll/sp.html#82365
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\sllxy.dll/sp.html#82365
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\sllxy.dll/sp.html#82365
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\soft.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {D2F5D9A4-C618-A8DE-BD9E-602C1BFB1EA1} - C:\WINDOWS\ADDBK32.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SBAUDIGY\PROGRAM\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [IEFG.EXE] C:\WINDOWS\SYSTEM\IEFG.EXE
O4 - HKLM\..\Run: [91E6.TMP] C:\WINDOWS\TEMP\91E6.TMP.exe 1 10001
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
O4 - HKLM\..\Run: [91E6.TMP.EXE] C:\WINDOWS\TEMP\91E6.TMP.EXE 2 10001
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\RunServices: [MFCLX32.EXE] C:\WINDOWS\MFCLX32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\\MAIN.MHT!http://clean-thumbs.com//index//in//index.chm::/ad.exe


Seems I also have the "websiteviewer" problem...
All the "trusted zone" part (1st post) disappeared, don't know why.
Thanks a lot.

[guestolo]

Romial may of been left with other malware on his computer
He got the intial infection clean, but not the leftovers

If you can follow this through, we can ensure that we get every nasty off your computer
Download Pocket Killbox
UNZIP the files to the folder of your choice.

Access your control panel>>Open the Display
Screen Saver tab
Set screen saver to none
Under the power options settings>>Set to Always ON
Apply it and exit

After that is done, print the rest of this out if you can
or save to a notepad file on the desktop <<you will have to leave this notepad open at all times for reference

Close down all unnecessary windows in the background
I see your using Firefox, but I need you to use Internet Explorer for this
Go to this link
http://www.pandasoftware.com/activescan/co...n_principal.htm
Then click the
SCAN YOUR PC button
Let the new window popup and stop right there
Close down the Initial Internet Explorer window to Panda's but keep the popup window open

Double click to open Killbox.exe

Now you have just Killbox and Panda's scan open>>Possibly a notepad file too...
In Killbox >>> Beside the Yellow Triangle, click on the Drop down menu and select
"EXPLORER.EXE" >> don't confuse it with iexplore
Use the yellow triangle to End Task on explorer
OK the prompt
Your Task bar and Icons disappear>>this is Normal

Leave Killbox open>>but move it out of the way

Back at Panda's Supply email address and follow the prompts to have them scan
It will load the ActiveX component and download the definitions
Let Panda's scan your Whole Computer

When it's finished scanning
You can exit>>Save the log if given the option, it may be emailed

Now you have just Killbox open>>>In Killbox click on TOOLS>>Delete Temp files
OK the prompt box
In Killbox again click on TOOLS>>Start Explore shell

When your back in Windows come back here and post a fresh hijackthis log
Also try and post the results from Panda's, thanks

[gagaga]

Hi again,

I tried to do it but the popup on the pandasoftware page can't load, it says that there is an error on the page...
What can i do to fix it?
thanks again.

[guestolo]

Did you check your Security settings?
Are you using Internet Explorer?

[gagaga]

yes all's normal and i'm using ie.
can't i just find a program that does the same thing as the panda website?

[guestolo]

Yah, we can, but let me check one more thing
Open Hijackthis
Open the Misc tools section
Open the Hosts file manager
Click the "Open In Notepad"

Copy and paste back here the whole contents of the Host notepad file

Take care

Opened upon request, thanks for registering gagaga  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

LOCKED again as there is not been no response