1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Control Panel, My computer, and others causes explorer to crash

Discussion in 'Virus & Other Malware Removal' started by TehAllan, Nov 8, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. TehAllan

    TehAllan Thread Starter

    Joined:
    Nov 8, 2004
    Messages:
    2
    Well casually serfing for free pornography, (at this time uneducated and unaware of the horrors of ActiveX in IExplorer) my computer dled a nasty bit of garbageware, a nasty internet hijacker and a big desktop warning. Now I have removed most of it with about 4 differnt adware programs. But two problems still remain.

    My homepage is always speed-search.biz (and ive tried to fix it with hi jack this on several occasions) This isnt a big issue as I have now switched to Opera.

    BUT

    the second more severe problem is every time I click My Computer, My documents, Control panel, My music, or Printers and Faxes my windows explorer crashes. Apparently the forces of evil don't want me to access my non-existent printer or the free music sample that comes with XP after a fresh format. Unfortunatly I have grown weary of saving all my Downs to my desktop so I can open them without My computer.

    Heres my hi jack this log. Any help would be greatly appreciated

    Logfile of HijackThis v1.98.2
    Scan saved at 9:10:43 AM, on 11/8/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\Gpa.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Teh Allan Johnston\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.speed-search.biz/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.speed-search.biz/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.speed-search.biz/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.speed-search.biz/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speed-search.biz/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.speed-search.biz/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.speed-search.biz/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.speed-search.biz/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.speed-search.biz/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speed-search.biz/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.speed-search.biz/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.speed-search.biz/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speed-search.biz/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speed-search.biz/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html
    O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\System32\mspxs32.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-ca\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [Win32SystemMonitor] C:\WINDOWS\System32\Kom.exe
    O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Win32SystemMonitor] C:\WINDOWS\System32\Kom.exe
    O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *.windupdates.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi TehAllan

    Welcome to TSG! :)

    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.speed-search.biz/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.speed-search.biz/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.speed-search.biz/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.speed-search.biz/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speed-search.biz/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.speed-search.biz/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.speed-search.biz/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.speed-search.biz/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.speed-search.biz/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speed-search.biz/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.speed-search.biz/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.speed-search.biz/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speed-search.biz/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speed-search.biz/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.speed-search.biz/index.html
    O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\System32\mspxs32.dll

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [Win32SystemMonitor] C:\WINDOWS\System32\Kom.exe
    O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe
    O4 - HKCU\..\Run: [Win32SystemMonitor] C:\WINDOWS\System32\Kom.exe
    O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\System32\explorer32.exe

    O15 - Trusted Zone: *.windupdates.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -


    Restart to safe mode.

    How to start your computer in safe mode

    Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
    Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Now find and delete these files:

    C:\WINDOWS\System32\Kom.exe
    C:\WINDOWS\System32\explorer32.exe

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin


    IMPORTANT!: I highly recommend that you go to Windows update and install all "Critical Updates and Service Packs" except for Service Pack 2 ASAP!. This will patch numerous security holes in IE and Windows. Many baddies get on your machine by taking advantage of these vulnerabilities. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates IMMEDITELY!

    Note: At this time I cannot and do not recommend that you install Service Pack 2 until you have read the info at the following links and are sure that it will not cause problems with your system:

    http://www.microsoft.com/windowsxp/using/security/expert/russel_installsp2.mspx

    http://support.microsoft.com/default.aspx?scid=kb;en-us;884130

    http://support.microsoft.com/default.aspx?kbid=842242

    http://support.microsoft.com/default.aspx?scid=kb;en-us;878474


    IMPORTANT!: I see that you do not have an antivirus running or a firewall. If I may so this without being rude, with the net as it is these days it is quite foolish to be without an antivirus and a firewall. By all means get both ASAP!. See This thread for some good free ones.
     
  3. TehAllan

    TehAllan Thread Starter

    Joined:
    Nov 8, 2004
    Messages:
    2
    TY so much, you saved me having to reformat for the second time in 2 days. All is good and well again.
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    My pleasure! :)

    Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

    I'm closing this thread. If you need it reopened please PM me or one of the other mods.

    Anyone else with a similar problem please start a "New Thread".
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/293869

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice