Explorer.exe spyware/virus/something

[Crest]

Allright... so i have this virus or something that has infected explorer.exe and everytime i try to open my documents or some other folder it crashes and im back to desktop in a few seconds. Internet Explorer doesnt work either.

I have done the basic spyware/virus removal but no luck... Any ideas?

EDIT: Also when i try to acces IE or My docuemtns or something i get this from Panda:

Adware Neutralized:

Name: Adware/SearchAid

Location; c:\windows\system32\d3sb.exe

 

[Buzz1927]

Go here and follow the instructions, then post the log.

 

[Crest]

There... got rid of the all the browsers etc

Logfile of HijackThis v1.99.0
Scan saved at 15:07:14, on 2005-06-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Crest\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {CDD5BE34-0317-A174-CC72-8449DAA0CF02} - C:\WINDOWS\winbi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Windows Compliant] giggui.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Hardware Clock Driver - Unknown - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Virtual CD v7 Management Service - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe

 

[Buzz1927]

Ok, you got a worm and some other junk. Download Ewido. Update it, then boot into safemode. Run Ewido, let it fix all it finds (this'll take a while). Reboot to normal mode and post the new Hijackthis log.

 

[Crest]

Buzz... i dunno how to thank you! Thx a fu***** lot!

Ewido removed the explorer virus, but thats not the best thing!
The best thing is that i had a virus i didnt know how to remove... it had been in my comp for a long time and i had like totally forgotten bout it cause i had got used to the annoyance it gave me. Ewido removed that one too, thx!

 

[Buzz1927]

No problem. Ewido is the full program for 14 days, then you just get the scanner (no real-time protection). I use it every couple of weeks just to make sure. Good luck.
Buzz.

 

[mtnk]

thanks heaps Buzz1927

Ok, you got a worm and some other junk. Download Ewido. Update it, then boot into safemode. Run Ewido, let it fix all it finds (this'll take a while). Reboot to normal mode and post the new Hijackthis log.

Hey Buzz, thankyou so much for letting us know about Ewido, like the other guy it not only fixed my problem with explorer.exe restarting but also found few others. I had tried everything mate, thanks to google, this forum and you the computer is back to normal..it was on the verge of being fdisked and low level formatted, but i wanted to try all avenues first.it took me more than three full days, but thank God its fixed now.
Although, a short note, from the Ewido, website there is a link for online scan or something, i think that actual link connection is infected, norton picked it up every time i clicked, but the s/w download worked fine..

i am thinking of buying the full version, just as a gesture..
Thanks again to people like u who dedicate their time and efforts for others problems.
Cheers mate,

Mk.
syd,Aus.

 

[Buzz1927]

Hey Buzz, thankyou so much for letting us know about Ewido

No problem, mate. Thanks for pointing out the problem with the link, although I doubt its infected with anything, a lot of fixes for malware get flagged by AV's, but I'll check it out.
Good luck out there.
Buzz.

 

[wonders_eyes]

i have a simalar problem, my explorer.exe closes when it wants to.lol.
and ie7 wont reinstal, and it has no tools menu, search bars or nothing, only an address bar, its wiered, so i have to use firefox,(even tho i use it all the time anyway)