1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

explorer.exe problem

Discussion in 'Windows XP' started by Essex Girl, Apr 10, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Essex Girl

    Essex Girl Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    22
    Hi

    Can anyone help me. I am using Win 2000 Professional and now and again this error message appears. When I click on it to cancel it, the screen shows me the page to restore my desktop.

    Anyone got any clues?

    Thanks
     
  2. Lance1

    Lance1

    Joined:
    Aug 4, 2003
    Messages:
    5,613
    First off, Welcome to TSG :)

    Now what exactly is the error you are getting so we can better help you?

    Lance.
     
  3. Essex Girl

    Essex Girl Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    22
    Hi Lance

    Thanks for replying so quickly. When I go into my document folders or my "D" or "E" drives (hard drives) and sometimes when you boot up the PC etc the display comes up with the error message "explorer.exe" has created an error and will shut down windows. I wonder if it may be to do with No Adware which I put on a week or so ago.

    Thanks

    Essex Girl
     
  4. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    First please get Spybot S&D to clear out most of the spyware.

    Short tutorial and download link here:
    http://tomcoyote.org/SPYBOT/

    Fix everything SpybotSD labels in red.

    Then after reboot:
    Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
    __________________
     
  5. Essex Girl

    Essex Girl Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    22
    Hi

    I have done what you suggested, here is the log.

    Logfile of HijackThis v1.97.7
    Scan saved at 13:39:46, on 11/04/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    E:\WINNT\System32\smss.exe
    E:\WINNT\system32\winlogon.exe
    E:\WINNT\system32\services.exe
    E:\WINNT\system32\lsass.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\system32\spoolsv.exe
    E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    E:\WINNT\System32\svchost.exe
    E:\Program Files\Ahead\InCD\InCDsrv.exe
    E:\WINNT\System32\nvsvc32.exe
    E:\WINNT\system32\regsvc.exe
    E:\WINNT\system32\MSTask.exe
    E:\Program Files\Network Associates\VirusScan\VsStat.exe
    E:\WINNT\System32\WBEM\WinMgmt.exe
    E:\WINNT\system32\svchost.exe
    E:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    E:\WINNT\System32\svchost.exe
    E:\Program Files\Network Associates\VirusScan\Avconsol.exe
    E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    E:\Program Files\Network Associates\VirusScan\Webscanx.exe
    E:\WINNT\Explorer.EXE
    E:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\MSI\Live Update 2\LMonitor.exe
    E:\WINNT\svchost.exe
    E:\WINNT\system32\svchosts.exe
    E:\WINNT\system32\svchostc.exe
    E:\docume~1\robin1\locals~1\temp\msbb.exe
    E:\WINNT\system32\rundll32.exe
    E:\Program Files\Ahead\InCD\InCD.exe
    E:\WINNT\system32\internat.exe
    E:\WINNT\system32\RUNDLL32.EXE
    E:\WINNT\system32\winproc32.exe
    E:\WINNT\System\update.exe
    E:\Program Files\WinZip\WZQKPICK.EXE
    E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    E:\Program Files\Microsoft Office\Office\OSA.EXE
    E:\WINNT\system32\wuauclt.exe
    E:\PROGRA~1\WINZIP\winzip32.exe
    D:\New Folder (3)\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4-counter.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
    O1 - Hosts file is located at: E:\WINNT\nsdb\hosts
    O1 - Hosts: 81.211.105.69 lender-search.com
    O1 - Hosts: 81.211.105.68 hot-searches.com
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Program Files\NewDotNet\newdotnet6_22.dll
    O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - E:\Documents and Settings\Robin1\Application Data\iemv\iemv.dll
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - E:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - E:\WINNT\system32\bridge.dll
    O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - E:\Documents and Settings\Robin1\Application Data\iemv\mssearch.dll
    O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - E:\Documents and Settings\Robin1\Application Data\iemv\msiesh.dll
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [McAfee Guardian] E:\Program Files\McAfee\McAfee Shared Components\Guardian\\CMGRDIAN.EXE /SU
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 2\LMonitor.exe
    O4 - HKLM\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
    O4 - HKLM\..\Run: [Image] rundll32 E:\WINNT\image.dll,Install
    O4 - HKLM\..\Run: [Online Service] E:\WINNT\svchost.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "E:\WINNT\system32\bridge.dll",Load
    O4 - HKLM\..\Run: [systray] E:\WINNT\system32\a.exe
    O4 - HKLM\..\Run: [msbb] e:\docume~1\robin1\locals~1\temp\msbb.exe
    O4 - HKLM\..\Run: [MWEOJUBMZ] E:\WINNT\MWEOJUBMZ.exe
    O4 - HKLM\..\Run: [Belt] E:\WINNT\Belt.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\RunServices: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Windows Internet Protocol] E:\WINNT\system32\winproc32.exe
    O4 - HKCU\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
    O4 - HKCU\..\Run: [System Update] E:\WINNT\System\update.exe
    O4 - HKCU\..\RunServices: [Image] rundll32 E:\WINNT\image.dll,Install
    O4 - Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'cslsp.dll' missing
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge-c1.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38036.4370717593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


    Many thanks everyone for your help

    Essex Girl
     
  6. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Run this as well please then post a fresh log

    Download CWShredder:
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip
    Unzip, run and hit the ->fix tab to fix all found problems

    CWShredder takes advantage of seurity holes in windows so you should install all critical as well as hotfixes available from windows update.
     
  7. Essex Girl

    Essex Girl Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    22
    Have now run the cwshredder and re-run the hijack. Here is the new log.

    Logfile of HijackThis v1.97.7
    Scan saved at 14:19:59, on 11/04/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    E:\WINNT\System32\smss.exe
    E:\WINNT\system32\winlogon.exe
    E:\WINNT\system32\services.exe
    E:\WINNT\system32\lsass.exe
    E:\WINNT\system32\svchost.exe
    E:\WINNT\system32\spoolsv.exe
    E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    E:\WINNT\System32\svchost.exe
    E:\Program Files\Ahead\InCD\InCDsrv.exe
    E:\WINNT\System32\nvsvc32.exe
    E:\WINNT\system32\regsvc.exe
    E:\WINNT\system32\MSTask.exe
    E:\Program Files\Network Associates\VirusScan\VsStat.exe
    E:\WINNT\System32\WBEM\WinMgmt.exe
    E:\WINNT\system32\svchost.exe
    E:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    E:\WINNT\System32\svchost.exe
    E:\Program Files\Network Associates\VirusScan\Avconsol.exe
    E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    E:\Program Files\Network Associates\VirusScan\Webscanx.exe
    E:\WINNT\Explorer.EXE
    E:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\MSI\Live Update 2\LMonitor.exe
    E:\WINNT\svchost.exe
    E:\WINNT\system32\svchosts.exe
    E:\WINNT\system32\svchostc.exe
    E:\docume~1\robin1\locals~1\temp\msbb.exe
    E:\WINNT\system32\rundll32.exe
    E:\Program Files\Ahead\InCD\InCD.exe
    E:\WINNT\system32\internat.exe
    E:\WINNT\system32\RUNDLL32.EXE
    E:\WINNT\system32\winproc32.exe
    E:\WINNT\System\update.exe
    E:\Program Files\WinZip\WZQKPICK.EXE
    E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    E:\Program Files\Microsoft Office\Office\OSA.EXE
    E:\WINNT\system32\wuauclt.exe
    D:\New Folder (3)\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4-counter.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Program Files\NewDotNet\newdotnet6_22.dll
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - E:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - E:\WINNT\system32\bridge.dll
    O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - E:\Documents and Settings\Robin1\Application Data\iemv\mssearch.dll
    O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - (no file)
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [McAfee Guardian] E:\Program Files\McAfee\McAfee Shared Components\Guardian\\CMGRDIAN.EXE /SU
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 2\LMonitor.exe
    O4 - HKLM\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
    O4 - HKLM\..\Run: [Image] rundll32 E:\WINNT\image.dll,Install
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "E:\WINNT\system32\bridge.dll",Load
    O4 - HKLM\..\Run: [systray] E:\WINNT\system32\a.exe
    O4 - HKLM\..\Run: [msbb] e:\docume~1\robin1\locals~1\temp\msbb.exe
    O4 - HKLM\..\Run: [MWEOJUBMZ] E:\WINNT\MWEOJUBMZ.exe
    O4 - HKLM\..\Run: [Belt] E:\WINNT\Belt.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
    O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\RunServices: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Windows Internet Protocol] E:\WINNT\system32\winproc32.exe
    O4 - HKCU\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
    O4 - HKCU\..\Run: [System Update] E:\WINNT\System\update.exe
    O4 - HKCU\..\RunServices: [Image] rundll32 E:\WINNT\image.dll,Install
    O4 - Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'cslsp.dll' missing
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge-c1.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38036.4370717593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Thanks

    Essex Girl
     
  8. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    I have to think you ran cws improperly the first time here..Reopen it again and clikc the "fix" buttonThen download and run http://www.new.net/support/uninstall6_22.exe to remove Newdotnet.

    As well download and run lspfix.exe from here http://cexx.org/LSPFix.exe
    Then rescan with hijackand put a check next to each of these then close all browser windows and clikc"fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4-counter.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2

    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Program Files\NewDotNet\newdotnet6_22.dll

    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)

    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - E:\WINNT\2_0_1browserhelper2.dll

    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - E:\WINNT\system32\bridge.dll

    O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - E:\Documents and Settings\Robin1\Application Data\iemv\mssearch.dll

    O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - (no file)

    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

    O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)

    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe

    O4 - HKLM\..\Run: [Image] rundll32 E:\WINNT\image.dll,Install

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "E:\WINNT\system32\bridge.dll",Load

    O4 - HKLM\..\Run: [systray] E:\WINNT\system32\a.exe

    O4 - HKLM\..\Run: [msbb] e:\docume~1\robin1\locals~1\temp\msbb.exe

    O4 - HKLM\..\Run: [MWEOJUBMZ] E:\WINNT\MWEOJUBMZ.exe

    O4 - HKLM\..\Run: [Belt] E:\WINNT\Belt.exe

    O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

    O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe

    O4 - HKLM\..\RunServices: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe


    O4 - HKCU\..\Run: [Windows Internet Protocol] E:\WINNT\system32\winproc32.exe

    O4 - HKCU\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe

    O4 - HKCU\..\Run: [System Update] E:\WINNT\System\update.exe

    O4 - HKCU\..\RunServices: [Image] rundll32 E:\WINNT\image.dll,Install


    O10 - Hijacked Internet access by New.Net

    O10 - Broken Internet access because of LSP provider 'cslsp.dll' missing
     
  9. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    then reboot into safe mode and delete:
    c:\progra~1\iesearchbar
    E:\WINNT\system32\rundll32.vbe
    E:\WINNT\system32\winproc32.exe
    E:\WINNT\System\update.exe
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/218991

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice