Explorer.exe / Viruses

[Perrako]

Some obnoxious things have been happening with my computer lately. After I installed Oblivion, my interface got all messed up. I rebooted. explorer.exe would freeze on startup and end the startup process, so my sound manager/g15 keyboard lcd software wouldn't start. I would open my taskmanager, end the explorer.exe process, and then from there have to go to New Task (Run) to do whatever. I then found that if I opened my startup manager program and clicked/ran the start-up button, explorer.exe would pop right up.

I then tried system restore, but nothing came of that. I tried reinstalling oblivion, nothing. I then realized how slack I had been on protecting my computer (only had Spybot S&D and hadn't run that in ages. I came here, and got CWShredder, Ad-Aware, the VX2 mod, and avast!. I ran them, they caught a few things, but my comp is still acting odd. Also, some of my desktop icons won't even load (seems random which) and in my new hard drive's program files folder, I found a disturbing set of programs (attached). They're empty, but when I try to delete them, they say they're being used. The lack of capitalization also worries me.

I've attached my Hijackthis log, and I'm praying that one of you can help me .

 

[howard_hopkinso]

Hello and welcome to Techspot.

I have moved this thread to the security and the web forum. Please post in the correct forum in future. Thanks.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel. Uninstall anything to do with(if there).

Viewpoint\Viewpoint Toolbar

Close control panel.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - URLSearchHook: _URLHandler - {FA1CC83B-E99A-45C2-B2F7-5CE576B7953A} - C:\PROGRA~1\X-RAYF~1\INSTAN~1\sfquick.dll

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

Reboot into normal mode and turn system restore back on.

Regards Howard :wave: :wave:

 

[Perrako]

Brilliantly quick response. Sorry for positng in the wrong forum, too.

However, after doing all that, I was only able to delete those conspicuous folders. Explorer still has the same problems and I still can't open regedit (gets an error and closes). In fact, explorer did the same thing in safe mode.

 

[howard_hopkinso]

Take a look at this thread HERE. It deals mostly with task manager problems, but also deals with regedit as well.

Regards Howard

 

[Perrako]

Sadly, no luck. I did an upgrade install, and followed that guide you linked to, but to no avail. Regedit comes up with the attached error, and explorer still does the exact same thing. What else can I do?

 

[howard_hopkinso]

Type regedit.exe in the Run dialog box and press the enter key. You should get the Registry Editor. The original Windows Registry editor file is regedit.exe and not regedit.com.

Then go HERE and follow all the instructions in the order they are given.

Post a fresh HJT log, only after doing the above.

Regards Howard