well when I installed this it didn't take long for me to realise the error in my ways
my background chanegd too and I rebooted pc, bad call so it seems because now every time I boot pc, explorer.exe immediatly crashes, it can't run anymore
somehow iexplore.exe still works though, I'm running comp from task bar atm
even i nsafemode explorer.exe keeps crashing
I have removed many of the virus' files already, most found from diverse forum posts onthis site (is why I registered here) these files included hookdump.exe, itmonp.exe, itmon.exe, ...
silent runners shows this:
"Silent Runners.vbs", revision 37, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "PopUpStopperFreeEdition" = ""C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"" ["Panicware, Inc."] "Steam" = ""c:\progra~1\steam\steam.exe" -silent" ["Valve Corporation"] "MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart" ["Patchou"] "Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."] "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "EM_EXEC" = "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "] "Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "NvMixerTray" = "C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" ["NVIDIA Corporation"] "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."] "MessengerPlus3" = ""C:\Program Files\Messenger Plus! 3\MsgPlus.exe"" ["Patchou"] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "RegSvr32" = "C:\WINDOWS\System32\msmsgs.exe" [file not found] HKLM\Software\Microsoft\Active Setup\Installed Components\ {5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "Windows Messenger 4.7" \StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Remove.PerUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}\(Default) = "VMHomepage Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hp9A8A.tmp" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratiescherm-uitbreiding Beeldscherm-panning" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
and hijackthis:
Logfile of HijackThis v1.99.1 Scan saved at 18:40:24, on 6/06/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe C:\progra~1\steam\steam.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kevin\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://breedband.telenet.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp9A8A.tmp (file missing) O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe" O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://users.pandora.be/xillion/fu_test/ O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} - http://www.wow-europe.com/signup/en/wowbeta/Si.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://www.telenet.be/gamezone/classes/ExentCtl.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/test/ACNePlayer.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab O20 - Winlogon Notify: style2 - C:\WINDOWS\q15690906_disk.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
don't ask me what any of that means though
I just want my computer fixed again so I at least have my explorer.exe back, I don't wanna do a format over one simple virus
duno if it's any help but the codec also made an antivirus gold appear on my comp, I already removed everything of that programme I could find
hope any of you can be of help to me cos I'm getting desperate, been trying to get rid of it for hours now
ty in advance anyway
Edited by QSD, 06 June 2005 - 12:53 PM.