Internet Explorer problem after virus

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I am working on a computer for a friend and have removed numerous trojans and
spyware from it. The machine is currently running XP Pro SP1a. When I first
got it, the desktop would not come up and no explorer windows or Internet
Explorer would work. The only way I could do anything was through task
manager.
After removal of the trojans and spyware, explorer.exe windows work just
fine. However, IE will still not work, even though it is present. If I
double click the icon for it or try to run it from the run command line, XP
reports it cannot find c:\program files\internet explorer\iexplore.exe . I
have reinstalled IE several times now with the same result.
If I rename iexplore.exe to iexplore.exe.exe, it will then work. If I click
Help-About in IE after starting it this way, it reports the version as "side
by side mode." Can anyone suggest how I might get IE working correctly
again. My friends would probably allow me to save their personal stuff and
reformat, but I'd like to save that as a last resort. Thanks for any
suggestions!
KP
16 answers Last reply
More about internet explorer problem virus
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Sounds like you system is still infected. What did you use to clean it.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Ken Pryor" <Ken Pryor@discussions.microsoft.com> wrote in message
    news:F44902D7-D92F-4668-844E-C04EB7C97DC6@microsoft.com...
    >I am working on a computer for a friend and have removed numerous trojans
    >and
    > spyware from it. The machine is currently running XP Pro SP1a. When I
    > first
    > got it, the desktop would not come up and no explorer windows or Internet
    > Explorer would work. The only way I could do anything was through task
    > manager.
    > After removal of the trojans and spyware, explorer.exe windows work just
    > fine. However, IE will still not work, even though it is present. If I
    > double click the icon for it or try to run it from the run command line,
    > XP
    > reports it cannot find c:\program files\internet explorer\iexplore.exe .
    > I
    > have reinstalled IE several times now with the same result.
    > If I rename iexplore.exe to iexplore.exe.exe, it will then work. If I
    > click
    > Help-About in IE after starting it this way, it reports the version as
    > "side
    > by side mode." Can anyone suggest how I might get IE working correctly
    > again. My friends would probably allow me to save their personal stuff
    > and
    > reformat, but I'd like to save that as a last resort. Thanks for any
    > suggestions!
    > KP
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    I used AVG, Housecall, Trendmicro Internet Security for the viruses and
    Ad-aware, Spybot, MS Anti Spyware for the spyware.
    KP

    "pcbutts1" wrote:

    > Sounds like you system is still infected. What did you use to clean it.
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "Ken Pryor" <Ken Pryor@discussions.microsoft.com> wrote in message
    > news:F44902D7-D92F-4668-844E-C04EB7C97DC6@microsoft.com...
    > >I am working on a computer for a friend and have removed numerous trojans
    > >and
    > > spyware from it. The machine is currently running XP Pro SP1a. When I
    > > first
    > > got it, the desktop would not come up and no explorer windows or Internet
    > > Explorer would work. The only way I could do anything was through task
    > > manager.
    > > After removal of the trojans and spyware, explorer.exe windows work just
    > > fine. However, IE will still not work, even though it is present. If I
    > > double click the icon for it or try to run it from the run command line,
    > > XP
    > > reports it cannot find c:\program files\internet explorer\iexplore.exe .
    > > I
    > > have reinstalled IE several times now with the same result.
    > > If I rename iexplore.exe to iexplore.exe.exe, it will then work. If I
    > > click
    > > Help-About in IE after starting it this way, it reports the version as
    > > "side
    > > by side mode." Can anyone suggest how I might get IE working correctly
    > > again. My friends would probably allow me to save their personal stuff
    > > and
    > > reformat, but I'd like to save that as a last resort. Thanks for any
    > > suggestions!
    > > KP
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Download Hijack this, run it, save a copy of the log file and cut and paste
    it back here to the group so that I can analyze it.
    You also said you reinstalled IE how did you do that.

    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Ken Pryor" <KenPryor@discussions.microsoft.com> wrote in message
    news:1E392395-75C0-478D-B9B5-3EBA4FB9E976@microsoft.com...
    >I used AVG, Housecall, Trendmicro Internet Security for the viruses and
    > Ad-aware, Spybot, MS Anti Spyware for the spyware.
    > KP
    >
    > "pcbutts1" wrote:
    >
    >> Sounds like you system is still infected. What did you use to clean it.
    >>
    >> --
    >>
    >>
    >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> See it all at http://www.seedsv.com/products.htm
    >> Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >> "Ken Pryor" <Ken Pryor@discussions.microsoft.com> wrote in message
    >> news:F44902D7-D92F-4668-844E-C04EB7C97DC6@microsoft.com...
    >> >I am working on a computer for a friend and have removed numerous
    >> >trojans
    >> >and
    >> > spyware from it. The machine is currently running XP Pro SP1a. When I
    >> > first
    >> > got it, the desktop would not come up and no explorer windows or
    >> > Internet
    >> > Explorer would work. The only way I could do anything was through task
    >> > manager.
    >> > After removal of the trojans and spyware, explorer.exe windows work
    >> > just
    >> > fine. However, IE will still not work, even though it is present. If
    >> > I
    >> > double click the icon for it or try to run it from the run command
    >> > line,
    >> > XP
    >> > reports it cannot find c:\program files\internet explorer\iexplore.exe
    >> > .
    >> > I
    >> > have reinstalled IE several times now with the same result.
    >> > If I rename iexplore.exe to iexplore.exe.exe, it will then work. If I
    >> > click
    >> > Help-About in IE after starting it this way, it reports the version as
    >> > "side
    >> > by side mode." Can anyone suggest how I might get IE working correctly
    >> > again. My friends would probably allow me to save their personal stuff
    >> > and
    >> > reformat, but I'd like to save that as a last resort. Thanks for any
    >> > suggestions!
    >> > KP
    >>
    >>
    >>
  4. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Thanks for your help! Here it is:

    Logfile of HijackThis v1.99.0
    Scan saved at 11:13:48 PM, on 7/26/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    F:\HijackThis.exe

    N3 - Netscape 7: user_pref("browser.startup.homepage",
    "http://home.netscape.com/"); (C:\Documents and Settings\Michelle\Application
    Data\Mozilla\Profiles\default\xt341en2.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",
    "http://www.google.com/"); (C:\Documents and Settings\Michelle\Application
    Data\Mozilla\Profiles\default\xt341en2.slt\prefs.js)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft AntiSpyware helper -
    {F556A6EE-5601-493D-9829-965DFF511307} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
    {F556A6EE-5601-493D-9829-965DFF511307} - (no file) (HKCU)
    O15 - Trusted IP range: 67.19.178.84
    O15 - Trusted IP range: 67.19.178.84 (HKLM)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114712068768
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InCD File System Service - Unknown - C:\Program
    Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
    Files\iPod\bin\iPodService.exe

    Thanks again!
    KP

    "pcbutts1" wrote:

    > Download Hijack this, run it, save a copy of the log file and cut and paste
    > it back here to the group so that I can analyze it.
    > You also said you reinstalled IE how did you do that.
    >
    > HijackThis
    > http://www.pcbutts1.com/downloads/HijackThis.zip
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "Ken Pryor" <KenPryor@discussions.microsoft.com> wrote in message
    > news:1E392395-75C0-478D-B9B5-3EBA4FB9E976@microsoft.com...
    > >I used AVG, Housecall, Trendmicro Internet Security for the viruses and
    > > Ad-aware, Spybot, MS Anti Spyware for the spyware.
    > > KP
    > >
    > > "pcbutts1" wrote:
    > >
    > >> Sounds like you system is still infected. What did you use to clean it.
    > >>
    > >> --
    > >>
    > >>
    > >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > >> NEW Embedded system W/Linux. We now sell DVR cards.
    > >> See it all at http://www.seedsv.com/products.htm
    > >> Sharpvision simply the best http://www.seedsv.com
    > >>
    > >>
    > >>
    > >> "Ken Pryor" <Ken Pryor@discussions.microsoft.com> wrote in message
    > >> news:F44902D7-D92F-4668-844E-C04EB7C97DC6@microsoft.com...
    > >> >I am working on a computer for a friend and have removed numerous
    > >> >trojans
    > >> >and
    > >> > spyware from it. The machine is currently running XP Pro SP1a. When I
    > >> > first
    > >> > got it, the desktop would not come up and no explorer windows or
    > >> > Internet
    > >> > Explorer would work. The only way I could do anything was through task
    > >> > manager.
    > >> > After removal of the trojans and spyware, explorer.exe windows work
    > >> > just
    > >> > fine. However, IE will still not work, even though it is present. If
    > >> > I
    > >> > double click the icon for it or try to run it from the run command
    > >> > line,
    > >> > XP
    > >> > reports it cannot find c:\program files\internet explorer\iexplore.exe
    > >> > .
    > >> > I
    > >> > have reinstalled IE several times now with the same result.
    > >> > If I rename iexplore.exe to iexplore.exe.exe, it will then work. If I
    > >> > click
    > >> > Help-About in IE after starting it this way, it reports the version as
    > >> > "side
    > >> > by side mode." Can anyone suggest how I might get IE working correctly
    > >> > again. My friends would probably allow me to save their personal stuff
    > >> > and
    > >> > reformat, but I'd like to save that as a last resort. Thanks for any
    > >> > suggestions!
    > >> > KP
    > >>
    > >>
    > >>
    >
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    I think the reason is that the virus relate your iexplore.exe.When you
    run your IE,the virus is running again.You need repair your IE,Securety
    Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm to
    kone more.
  6. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    cs_satan@cnns.net wrote:
    > I think the reason is that the virus relate your iexplore.exe.When you
    > run your IE,the virus is running again.You need repair your IE,Securety
    > Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm to
    > kone more.

    Can you run explorer.exe via the task manager?
  7. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    cs_satan@cnns.net wrote:
    > I think the reason is that the virus relate your iexplore.exe.When you
    > run your IE,the virus is running again.You need repair your IE,Securety
    > Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm to
    > kone more.

    Can you run explorer.exe via the task manager?
  8. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Thanks everyone. Well, after running yet another virus scanner, I have
    discovered another trojan and another virus that the other virus scanners did
    not find. I suspect this is the problem. I'm leaning towards recommending a
    format to the owner of this machine.
    KP

    "RJ" wrote:

    >
    >
    > cs_satan@cnns.net wrote:
    > > I think the reason is that the virus relate your iexplore.exe.When you
    > > run your IE,the virus is running again.You need repair your IE,Securety
    > > Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm to
    > > kone more.
    >
    > Can you run explorer.exe via the task manager?
    >
    >
  9. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    To: PCButts
    I missed your post above at first. I followed your instructions, but the
    problem is as soon as I delete or rename iexplore, a new copy of it is
    automatically placed in the folder to replace it.
    Thanks!
    KP

    "Ken Pryor" wrote:

    > Thanks everyone. Well, after running yet another virus scanner, I have
    > discovered another trojan and another virus that the other virus scanners did
    > not find. I suspect this is the problem. I'm leaning towards recommending a
    > format to the owner of this machine.
    > KP
    >
    > "RJ" wrote:
    >
    > >
    > >
    > > cs_satan@cnns.net wrote:
    > > > I think the reason is that the virus relate your iexplore.exe.When you
    > > > run your IE,the virus is running again.You need repair your IE,Securety
    > > > Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm to
    > > > kone more.
    > >
    > > Can you run explorer.exe via the task manager?
    > >
    > >
  10. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Try Webroot spysweeper. Look for nail.exe in Windows folder. I
    suspect the nail virus. While the following applies to explorer it
    sound like it could be your problem:

    The way to tell if you have Aurora/nail is two-fold:

    First, check for Nail.exe in the C:\Windows directory. If it's there,
    delete it. If it reappears, Aurora is at work on your system. The
    other place to check is in the registry under
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Winlogon. The Shell key will have the value
    "Explorer.exe c:\windows\nail.exe". If you try to modify this setting
    back to c:\windows\explorer.exe, the aurora software automatically
    renames it back to include the reference to nail.exe.

    The latest Symatec definition identifies this virus as "BetterInternet"
    and provides a remover that doesn't stop the behavior noted above. To
    stop the behavior noted above, I took the following steps:

    (1) From a command prompt, go to the Windows/System directory and type
    dir>nail.exe (this changes the contents of nail.exe and their
    software doesn't try to remedy this situation)

    (2) Reboot. Upon startup you'll get an error message, but ignore it.
    You can now delete Nail.exe and it will not reappear.

    (3) Finally, using RegEdit, go to
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Winlogon and change the shell key to
    "c:\windows\explorer.exe"

    Reboot and your system is now clean.
  11. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Your log looks fine. Try this first download IE6 from here and save it to
    your desktop
    http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en
    Move the iexplore.exe file out of the internet explorer folder or just
    rename it. Cut everything between these lines and paste it into notepad.
    Save the file to your desktop and name it installie.reg, make sure you
    change the save as....drop down box to all files. Once saved double click on
    the file to merge it into the registry, this will allow you to re-install
    IE. Double click the IE6 setup file you saved earlier to re-install IE. Once
    done go to windows update and install all the patches.

    ====================================================================================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
    Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    "IsInstalled"=dword: 00000000


    ====================================================================================

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Ken Pryor" <KenPryor@discussions.microsoft.com> wrote in message
    news:32CA53C2-C315-4A33-9A86-2407C0CB2146@microsoft.com...
    > Thanks for your help! Here it is:
    >
  12. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Follow RJ's advice first then you can still do mine even if it will not let
    you rename the file you will still be able to re-install IE. The main thing
    is to get rid of the virus. I have a nail remover tool on my site at
    http://www.pcbutts1.com/downloads/nailfix.exe

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Ken Pryor" <KenPryor@discussions.microsoft.com> wrote in message
    news:5666F40F-BB66-493E-88E4-6EC9B8A1B6A8@microsoft.com...
    > To: PCButts
    > I missed your post above at first. I followed your instructions, but the
    > problem is as soon as I delete or rename iexplore, a new copy of it is
    > automatically placed in the folder to replace it.
    > Thanks!
    > KP
    >
    > "Ken Pryor" wrote:
    >
    >> Thanks everyone. Well, after running yet another virus scanner, I have
    >> discovered another trojan and another virus that the other virus scanners
    >> did
    >> not find. I suspect this is the problem. I'm leaning towards
    >> recommending a
    >> format to the owner of this machine.
    >> KP
    >>
    >> "RJ" wrote:
    >>
    >> >
    >> >
    >> > cs_satan@cnns.net wrote:
    >> > > I think the reason is that the virus relate your iexplore.exe.When
    >> > > you
    >> > > run your IE,the virus is running again.You need repair your
    >> > > IE,Securety
    >> > > Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm
    >> > > to
    >> > > kone more.
    >> >
    >> > Can you run explorer.exe via the task manager?
    >> >
    >> >
  13. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Another thing I noticed is that the version of Hijackthis you used is not
    current and it looks as if you may have ran it in safe mode. Download the
    current version from here and run it while booted in normal mode. Posts the
    results.
    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Ken Pryor" <KenPryor@discussions.microsoft.com> wrote in message
    news:5666F40F-BB66-493E-88E4-6EC9B8A1B6A8@microsoft.com...
    > To: PCButts
    > I missed your post above at first. I followed your instructions, but the
    > problem is as soon as I delete or rename iexplore, a new copy of it is
    > automatically placed in the folder to replace it.
    > Thanks!
    > KP
    >
    > "Ken Pryor" wrote:
    >
    >> Thanks everyone. Well, after running yet another virus scanner, I have
    >> discovered another trojan and another virus that the other virus scanners
    >> did
    >> not find. I suspect this is the problem. I'm leaning towards
    >> recommending a
    >> format to the owner of this machine.
    >> KP
    >>
    >> "RJ" wrote:
    >>
    >> >
    >> >
    >> > cs_satan@cnns.net wrote:
    >> > > I think the reason is that the virus relate your iexplore.exe.When
    >> > > you
    >> > > run your IE,the virus is running again.You need repair your
    >> > > IE,Securety
    >> > > Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm
    >> > > to
    >> > > kone more.
    >> >
    >> > Can you run explorer.exe via the task manager?
    >> >
    >> >
  14. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Sorry I haven't checked back in till now. My ISP has been down. I'm at work
    right now, but will check on all mentioned above tonight hopefully and will
    advise. Thanks very much for the help.
    KP

    "pcbutts1" wrote:

    > Another thing I noticed is that the version of Hijackthis you used is not
    > current and it looks as if you may have ran it in safe mode. Download the
    > current version from here and run it while booted in normal mode. Posts the
    > results.
    > HijackThis
    > http://www.pcbutts1.com/downloads/HijackThis.zip
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "Ken Pryor" <KenPryor@discussions.microsoft.com> wrote in message
    > news:5666F40F-BB66-493E-88E4-6EC9B8A1B6A8@microsoft.com...
    > > To: PCButts
    > > I missed your post above at first. I followed your instructions, but the
    > > problem is as soon as I delete or rename iexplore, a new copy of it is
    > > automatically placed in the folder to replace it.
    > > Thanks!
    > > KP
    > >
    > > "Ken Pryor" wrote:
    > >
    > >> Thanks everyone. Well, after running yet another virus scanner, I have
    > >> discovered another trojan and another virus that the other virus scanners
    > >> did
    > >> not find. I suspect this is the problem. I'm leaning towards
    > >> recommending a
    > >> format to the owner of this machine.
    > >> KP
    > >>
    > >> "RJ" wrote:
    > >>
    > >> >
    > >> >
    > >> > cs_satan@cnns.net wrote:
    > >> > > I think the reason is that the virus relate your iexplore.exe.When
    > >> > > you
    > >> > > run your IE,the virus is running again.You need repair your
    > >> > > IE,Securety
    > >> > > Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm
    > >> > > to
    > >> > > kone more.
    > >> >
    > >> > Can you run explorer.exe via the task manager?
    > >> >
    > >> >
    >
    >
    >
  15. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    You guys are awesome! It seems to be fixed, thanks to all of your advice. I
    truly appreciate your help. Just for the sake of being careful, here is the
    new Hijack log and I would appreciate it if you would give it the once over
    and see how it looks to you.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:22:13 AM, on 7/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet
    Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    F:\HijackThis.exe

    N3 - Netscape 7: user_pref("browser.startup.homepage",
    "http://home.netscape.com/"); (C:\Documents and Settings\Michelle\Application
    Data\Mozilla\Profiles\default\xt341en2.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",
    "http://www.google.com/"); (C:\Documents and Settings\Michelle\Application
    Data\Mozilla\Profiles\default\xt341en2.slt\prefs.js)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet
    Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet
    Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure
    Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft AntiSpyware helper -
    {F556A6EE-5601-493D-9829-965DFF511307} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
    {F556A6EE-5601-493D-9829-965DFF511307} - (no file) (HKCU)
    O15 - Trusted IP range: 67.19.178.84
    O15 - Trusted IP range: 67.19.178.84 (HKLM)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114712068768
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O23 - Service: F-Secure product (BackWeb Plug-in - 4476822) - Unknown owner
    - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. -
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet
    Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
    Corporation - C:\Program Files\F-Secure Internet
    Security\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure
    Internet Security\Common\FSMA32.EXE
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner -
    C:\Program Files\Ahead\InCD\InCDsrv.exe

    Thanks again!
    KP

    "Ken Pryor" wrote:

    > Sorry I haven't checked back in till now. My ISP has been down. I'm at work
    > right now, but will check on all mentioned above tonight hopefully and will
    > advise. Thanks very much for the help.
    > KP
    >
    > "pcbutts1" wrote:
    >
    > > Another thing I noticed is that the version of Hijackthis you used is not
    > > current and it looks as if you may have ran it in safe mode. Download the
    > > current version from here and run it while booted in normal mode. Posts the
    > > results.
    > > HijackThis
    > > http://www.pcbutts1.com/downloads/HijackThis.zip
    > >
    > > --
    > >
    > >
    > > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > > NEW Embedded system W/Linux. We now sell DVR cards.
    > > See it all at http://www.seedsv.com/products.htm
    > > Sharpvision simply the best http://www.seedsv.com
    > >
    > >
    > >
    > > "Ken Pryor" <KenPryor@discussions.microsoft.com> wrote in message
    > > news:5666F40F-BB66-493E-88E4-6EC9B8A1B6A8@microsoft.com...
    > > > To: PCButts
    > > > I missed your post above at first. I followed your instructions, but the
    > > > problem is as soon as I delete or rename iexplore, a new copy of it is
    > > > automatically placed in the folder to replace it.
    > > > Thanks!
    > > > KP
    > > >
    > > > "Ken Pryor" wrote:
    > > >
    > > >> Thanks everyone. Well, after running yet another virus scanner, I have
    > > >> discovered another trojan and another virus that the other virus scanners
    > > >> did
    > > >> not find. I suspect this is the problem. I'm leaning towards
    > > >> recommending a
    > > >> format to the owner of this machine.
    > > >> KP
    > > >>
    > > >> "RJ" wrote:
    > > >>
    > > >> >
    > > >> >
    > > >> > cs_satan@cnns.net wrote:
    > > >> > > I think the reason is that the virus relate your iexplore.exe.When
    > > >> > > you
    > > >> > > run your IE,the virus is running again.You need repair your
    > > >> > > IE,Securety
    > > >> > > Expert can help you.Goto http://securityexpert.cnns.net/IErepair.htm
    > > >> > > to
    > > >> > > kone more.
    > > >> >
    > > >> > Can you run explorer.exe via the task manager?
    > > >> >
    > > >> >
    > >
    > >
    > >
  16. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    I finally fixed this problem. I was running AUTORUNS from SYSINTERNALS
    (you guys are awesome). There was this entry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution
    Options

    + explorer.exe File not found: C:\WINDOWS\System32\grpmnt.exe

    I deleted then fixed the registry entry that I previously changed and
    it now works.
Ask a new question

Read More

Internet Explorer Explorer Windows XP