explorer.exe problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Essex Girl

Thread Starter
Joined
Apr 10, 2004
Messages
22
Hi

Can anyone help me. I am using Win 2000 Professional and now and again this error message appears. When I click on it to cancel it, the screen shows me the page to restore my desktop.

Anyone got any clues?

Thanks
 
Joined
Aug 4, 2003
Messages
5,625
First off, Welcome to TSG :)

Now what exactly is the error you are getting so we can better help you?

Lance.
 

Essex Girl

Thread Starter
Joined
Apr 10, 2004
Messages
22
Hi Lance

Thanks for replying so quickly. When I go into my document folders or my "D" or "E" drives (hard drives) and sometimes when you boot up the PC etc the display comes up with the error message "explorer.exe" has created an error and will shut down windows. I wonder if it may be to do with No Adware which I put on a week or so ago.

Thanks

Essex Girl
 
Joined
Feb 23, 2003
Messages
16,274
First please get Spybot S&D to clear out most of the spyware.

Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/

Fix everything SpybotSD labels in red.

Then after reboot:
Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
__________________
 

Essex Girl

Thread Starter
Joined
Apr 10, 2004
Messages
22
Hi

I have done what you suggested, here is the log.

Logfile of HijackThis v1.97.7
Scan saved at 13:39:46, on 11/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Network Associates\VirusScan\VsStat.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Network Associates\VirusScan\Vshwin32.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Network Associates\VirusScan\Avconsol.exe
E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
E:\Program Files\Network Associates\VirusScan\Webscanx.exe
E:\WINNT\Explorer.EXE
E:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSI\Live Update 2\LMonitor.exe
E:\WINNT\svchost.exe
E:\WINNT\system32\svchosts.exe
E:\WINNT\system32\svchostc.exe
E:\docume~1\robin1\locals~1\temp\msbb.exe
E:\WINNT\system32\rundll32.exe
E:\Program Files\Ahead\InCD\InCD.exe
E:\WINNT\system32\internat.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\WINNT\system32\winproc32.exe
E:\WINNT\System\update.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\Microsoft Office\Office\OSA.EXE
E:\WINNT\system32\wuauclt.exe
E:\PROGRA~1\WINZIP\winzip32.exe
D:\New Folder (3)\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4-counter.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O1 - Hosts file is located at: E:\WINNT\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Program Files\NewDotNet\newdotnet6_22.dll
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - E:\Documents and Settings\Robin1\Application Data\iemv\iemv.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - E:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - E:\WINNT\system32\bridge.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - E:\Documents and Settings\Robin1\Application Data\iemv\mssearch.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - E:\Documents and Settings\Robin1\Application Data\iemv\msiesh.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfee Guardian] E:\Program Files\McAfee\McAfee Shared Components\Guardian\\CMGRDIAN.EXE /SU
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 2\LMonitor.exe
O4 - HKLM\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
O4 - HKLM\..\Run: [Image] rundll32 E:\WINNT\image.dll,Install
O4 - HKLM\..\Run: [Online Service] E:\WINNT\svchost.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "E:\WINNT\system32\bridge.dll",Load
O4 - HKLM\..\Run: [systray] E:\WINNT\system32\a.exe
O4 - HKLM\..\Run: [msbb] e:\docume~1\robin1\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [MWEOJUBMZ] E:\WINNT\MWEOJUBMZ.exe
O4 - HKLM\..\Run: [Belt] E:\WINNT\Belt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Windows Internet Protocol] E:\WINNT\system32\winproc32.exe
O4 - HKCU\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run: [System Update] E:\WINNT\System\update.exe
O4 - HKCU\..\RunServices: [Image] rundll32 E:\WINNT\image.dll,Install
O4 - Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'cslsp.dll' missing
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge-c1.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38036.4370717593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Many thanks everyone for your help

Essex Girl
 

Essex Girl

Thread Starter
Joined
Apr 10, 2004
Messages
22
Have now run the cwshredder and re-run the hijack. Here is the new log.

Logfile of HijackThis v1.97.7
Scan saved at 14:19:59, on 11/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Network Associates\VirusScan\VsStat.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Network Associates\VirusScan\Vshwin32.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Network Associates\VirusScan\Avconsol.exe
E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
E:\Program Files\Network Associates\VirusScan\Webscanx.exe
E:\WINNT\Explorer.EXE
E:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSI\Live Update 2\LMonitor.exe
E:\WINNT\svchost.exe
E:\WINNT\system32\svchosts.exe
E:\WINNT\system32\svchostc.exe
E:\docume~1\robin1\locals~1\temp\msbb.exe
E:\WINNT\system32\rundll32.exe
E:\Program Files\Ahead\InCD\InCD.exe
E:\WINNT\system32\internat.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\WINNT\system32\winproc32.exe
E:\WINNT\System\update.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\Microsoft Office\Office\OSA.EXE
E:\WINNT\system32\wuauclt.exe
D:\New Folder (3)\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4-counter.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Program Files\NewDotNet\newdotnet6_22.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - E:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - E:\WINNT\system32\bridge.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - E:\Documents and Settings\Robin1\Application Data\iemv\mssearch.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfee Guardian] E:\Program Files\McAfee\McAfee Shared Components\Guardian\\CMGRDIAN.EXE /SU
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 2\LMonitor.exe
O4 - HKLM\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
O4 - HKLM\..\Run: [Image] rundll32 E:\WINNT\image.dll,Install
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "E:\WINNT\system32\bridge.dll",Load
O4 - HKLM\..\Run: [systray] E:\WINNT\system32\a.exe
O4 - HKLM\..\Run: [msbb] e:\docume~1\robin1\locals~1\temp\msbb.exe
O4 - HKLM\..\Run: [MWEOJUBMZ] E:\WINNT\MWEOJUBMZ.exe
O4 - HKLM\..\Run: [Belt] E:\WINNT\Belt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Windows Internet Protocol] E:\WINNT\system32\winproc32.exe
O4 - HKCU\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run: [System Update] E:\WINNT\System\update.exe
O4 - HKCU\..\RunServices: [Image] rundll32 E:\WINNT\image.dll,Install
O4 - Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'cslsp.dll' missing
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge-c1.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38036.4370717593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks

Essex Girl
 
Joined
Feb 23, 2003
Messages
16,274
I have to think you ran cws improperly the first time here..Reopen it again and clikc the "fix" buttonThen download and run http://www.new.net/support/uninstall6_22.exe to remove Newdotnet.

As well download and run lspfix.exe from here http://cexx.org/LSPFix.exe
Then rescan with hijackand put a check next to each of these then close all browser windows and clikc"fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4-counter.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - E:\Program Files\NewDotNet\newdotnet6_22.dll

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - E:\WINNT\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - E:\WINNT\system32\bridge.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - E:\Documents and Settings\Robin1\Application Data\iemv\mssearch.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - (no file)

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe

O4 - HKLM\..\Run: [Image] rundll32 E:\WINNT\image.dll,Install

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "E:\WINNT\system32\bridge.dll",Load

O4 - HKLM\..\Run: [systray] E:\WINNT\system32\a.exe

O4 - HKLM\..\Run: [msbb] e:\docume~1\robin1\locals~1\temp\msbb.exe

O4 - HKLM\..\Run: [MWEOJUBMZ] E:\WINNT\MWEOJUBMZ.exe

O4 - HKLM\..\Run: [Belt] E:\WINNT\Belt.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\system32\\NeroCheck.exe

O4 - HKLM\..\RunServices: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe


O4 - HKCU\..\Run: [Windows Internet Protocol] E:\WINNT\system32\winproc32.exe

O4 - HKCU\..\Run: [Windows Security Assistant] E:\WINNT\system32\rundll32.vbe

O4 - HKCU\..\Run: [System Update] E:\WINNT\System\update.exe

O4 - HKCU\..\RunServices: [Image] rundll32 E:\WINNT\image.dll,Install


O10 - Hijacked Internet access by New.Net

O10 - Broken Internet access because of LSP provider 'cslsp.dll' missing
 
Joined
Feb 23, 2003
Messages
16,274
then reboot into safe mode and delete:
c:\progra~1\iesearchbar
E:\WINNT\system32\rundll32.vbe
E:\WINNT\system32\winproc32.exe
E:\WINNT\System\update.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top