Help with explore.exe error

So I was trying to watch a video on the internet, it said I needed a codec, I clicked the link for the codec and installed it, and then the Microsoft Security center took over my machine, telling me that some malicious spyware had been installed and they wanted me to go to some site and pay $40 to get it removed. Of course I wasn't going to do that, so I restarted my computer to see if I could get it to go back to normal.

After restarting I now get an error when loading Windows that there is an exception and that explorer.exe cannot load. Once it gets into Windows then, there is no taskbar, the Windows key won't bring up the start menu, and the only way I can run a program is to hit ctrl+alt+del and then the "new process" button. I can load IE and pretty much any other program, but when I try to use the Windows Explorer, or use Internet Explorer to acces my hard drive and explore it gives me the same error message and exits the program.

I used a spyware scan and I think I was able to remove all of the spyware, or at least enough of the files so that it's disabled. There were 2 suspicious registry entries, but I don't know how to edit the registry and they don't look related to me.

Does anybody know how to get my explorer.exe working again? This program is located in the C:\Windows directory, and is always listed under the processes running by Task Manager. Can I reinstall it? Do I need to reinstall Windows? Please help. BTW i am running XP Pro SP2.

MS Security Center never asks you for money (probably a first for MS. Watch Ballmer to include it in the next version). In fact, it doesn't even tell you about malware: all it does is making sure you have a firewall, antivirus and regular updates.

The malware in question is most probably a DLL (shell extension for example) loaded by Explorer on every start. It would help if you could tell us more about the suspicious registry entries and the malware's name the scanner reported and supposedly removed.

OK, here's what I've got. I looked at the results of a scan I ran from a program not recommended by the MS security center site because I didn't trust it, so I found one suggested by someone on the forums here and downloaded that. Once again it would show me the bad files and reg entries but not remove them without me paying for it. I did a google search for one of the files and ended up at this page:

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43010

I deleted all the files they mentioned, and went through all the registry entries that they say were added by the Trojan and deleted those. Now I am able to access my normal homepage when I click that button in IE. Before it would take me to that sham homepage that they were fronting as suggested by the MS security center, but which I suspect was a front put up by the Trojan after reading the above page and seeing how it was setup to change my homepage etc. I think that everything harmful is removed from my machine, but I still cannot load explorer.exe. Any ideas?

try creating another user profile and see if you still have the same issue.

post a HijackThis text log please.

Know Nuttin said:

post a HijackThis text log please.

Click to expand...

Where might I find this?

Any ideas? Anybody? If not I'm just going to have to reformat, which as we all know is a major pain in the derrierre.

Check out the Malware Warfare article from the front page. There is a ton of useful info.

Hmm...those look like they might be able to help. Especially that registry editor. I'll give that a try when I get home from work.

ju5tin99 said:

then the Microsoft Security center took over my machine, telling me that some malicious spyware had been installed and they wanted me to go to some site and pay $40 to get it removed.

Click to expand...

That message isn't from the Microsoft Security Center!!! That message is because of a changed wallpaper or likely, because the desktop got hijacked!!! Because of malware. The malware likely hijacked your desktop.

ju5tin99 said:

Where might I find this?

Click to expand...

Google is your friend.

in any case, here's a link

http://www.majorgeeks.com/download3155.html

Safemode is your friend! If anything nasty ever gets on a system I'm "in charge" of the first thing I do it move over to safemode. It's helped me clean quite a few nasty things off of the family's computer.