Author Topic: "explorasi.exe not found" pls help me  (Read 6722 times)

0 Members and 1 Guest are viewing this topic.

Offline ladygaga345

  • Full Member
  • ***
  • Posts: 119
"explorasi.exe not found" pls help me
« on: September 25, 2009, 12:33:03 PM »
pls help my pc canot access the regedit

help me plss

and after avast deleted the virus

the message still pops out when i start my pc that "explorasi.exe not found"

plss help me

this is the HiJackThis Log file of my pc:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:40 PM, on 9/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - E00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - D32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - 4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: nero.bat.lnk = C:\WINDOWS\system32\nero.bat
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9162 bytes
« Last Edit: September 25, 2009, 12:53:15 PM by ladygaga345 »
OS: Windows Xp
Processors: Pentium(R) Dual Core CPU E5800 @ 3.20 GHz 3.20 GHz
RAM: 2GB
32 BIT Operating System
Graphics Card : Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM1.0)
AVAST FREE ANTIVIRUS

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
The best things in life are free.

Offline ladygaga345

  • Full Member
  • ***
  • Posts: 119
Re: "explorasi.exe not found" pls help me
« Reply #2 on: September 25, 2009, 01:39:27 PM »
can u pls make a solution with the message when i startup "explorasi.exe not found"

pls help.My Pc has been infected by Win32:Brontok AA (wrm) then avast deleted the virus
after i delete i reboot then the message stills there and i cannot access the regedit becoz of the virus.

help me plsss :'(
OS: Windows Xp
Processors: Pentium(R) Dual Core CPU E5800 @ 3.20 GHz 3.20 GHz
RAM: 2GB
32 BIT Operating System
Graphics Card : Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM1.0)
AVAST FREE ANTIVIRUS

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: "explorasi.exe not found" pls help me
« Reply #3 on: September 25, 2009, 01:46:41 PM »
can u pls make a solution with the message when i startup "explorasi.exe not found"
Install WinPatrol > Options > Startup Programs > Display secret Startup Programs (Advanced Mode) > check for explorasi.exe
Remove or, at least, Disable.
The best things in life are free.

Offline ladygaga345

  • Full Member
  • ***
  • Posts: 119
Re: "explorasi.exe not found" pls help me
« Reply #4 on: September 25, 2009, 01:53:23 PM »
where can i find WinPatrol?
and doesnt the Hijackthis help with this problem?

tnx
OS: Windows Xp
Processors: Pentium(R) Dual Core CPU E5800 @ 3.20 GHz 3.20 GHz
RAM: 2GB
32 BIT Operating System
Graphics Card : Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM1.0)
AVAST FREE ANTIVIRUS

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: "explorasi.exe not found" pls help me
« Reply #5 on: September 25, 2009, 02:02:16 PM »
where can i find WinPatrol?
Google... http://www.winpatrol.com/

and doesnt the Hijackthis help with this problem?
I can't find it in your HijackThis. But I'm not an expert on it.
The best things in life are free.

Offline ladygaga345

  • Full Member
  • ***
  • Posts: 119
Re: "explorasi.exe not found" pls help me
« Reply #6 on: September 25, 2009, 02:30:48 PM »
Is'nt this the one whu causes the problem?

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
OS: Windows Xp
Processors: Pentium(R) Dual Core CPU E5800 @ 3.20 GHz 3.20 GHz
RAM: 2GB
32 BIT Operating System
Graphics Card : Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM1.0)
AVAST FREE ANTIVIRUS

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: "explorasi.exe not found" pls help me
« Reply #7 on: September 25, 2009, 02:31:29 PM »
That's a bit of a nasty infection by the indication:
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
 
Close all browsers then run HijackThis then select:
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
R3 - URLSearchHook: (no name) - E00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - D32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - 4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

then select Fixed checked

Get Malwarebytes Anti-Malware (MBAM) then update it then run a Quick scan and let it remove all it finds:
http://www.malwarebytes.org/mbam.php

Post its log here after it completes.  

Run Secunia Online Software Inspector to see what applications are vulnerable:
http://secunia.com/vulnerability_scanning/online
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline ladygaga345

  • Full Member
  • ***
  • Posts: 119
Re: "explorasi.exe not found" pls help me
« Reply #8 on: September 25, 2009, 02:42:12 PM »
MBAM log file

Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 5.1.2600 Service Pack 3

9/25/2009 8:41:06 PM
mbam-log-2009-09-25 (20-41-06).txt

Scan type: Quick Scan
Objects scanned: 93560
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
OS: Windows Xp
Processors: Pentium(R) Dual Core CPU E5800 @ 3.20 GHz 3.20 GHz
RAM: 2GB
32 BIT Operating System
Graphics Card : Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM1.0)
AVAST FREE ANTIVIRUS

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: "explorasi.exe not found" pls help me
« Reply #9 on: September 25, 2009, 02:49:57 PM »
Looking good.

I see Adobe Reader 8.0 which is vulnerable and the latest is 9.1 but is under constant attacks right now so its best to use a safe PDF reader like PDF-XCHANGE VIEWER:
http://www.docu-track.com/home/prod_user/PDF-XChange_Tools/pdfx_viewer
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline ladygaga345

  • Full Member
  • ***
  • Posts: 119
Re: "explorasi.exe not found" pls help me
« Reply #10 on: September 25, 2009, 03:00:38 PM »
I would Like to thank YoKenny for helping me fix the problems and also the tech for helping me too
tnx for your help without u I cannot fix this problem.AND TNX TO GOD!.

thanks for the help

GOD BLESS
OS: Windows Xp
Processors: Pentium(R) Dual Core CPU E5800 @ 3.20 GHz 3.20 GHz
RAM: 2GB
32 BIT Operating System
Graphics Card : Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM1.0)
AVAST FREE ANTIVIRUS

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: "explorasi.exe not found" pls help me
« Reply #11 on: September 25, 2009, 03:12:15 PM »
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
Yes, but you've wrote explorasi.exe, so I didn't find it due to the typo.
The best things in life are free.

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: "explorasi.exe not found" pls help me
« Reply #12 on: September 25, 2009, 03:13:43 PM »
I'm glad I could help.  

Keep your system safe with avast! and MBAM  8)

You may want to look at downloading and installing:
* User Profile Hive Cleanup Service
Brief Description
A service to help with slow log off and unreconciled profile problems.
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

* Winpatrol the Security Monitor and have Scotty the watchdog on duty:
http://www.winpatrol.com
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS