Cant run explorer and random popups.

First of all, thanks for this awesome site!

I think theres something seriously wrong with my computer.
If i try to open the windows explorer by clicking on my computer or whatever way there is to open the explorer i immediately get the send/dont send error message and it doesnt even show the explorer.
I also get this when i try to acces the control panel or when i try to surf to online scanners with IE.
It's no problem with firefox but most online scanner dont support firefox..

I also cant rename hijackthis.exe because i can't browse to it's location, but i did extract it in C/Program Files/HJT.

I also dont have the panda scan log because the scanner keeps crashing.

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

I did all those steps again and i deleted some other files..

Here are the logs.

 

And here is the hijackthis log again.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - URLSearchHook: (no name) - {64925135-9CD7-9378-868A-C06936AC8BC7} - C:\WINDOWS\system32\rqlpksw.dll (file missing)

O2 - BHO: (no name) - {64925135-9CD7-9378-868A-C06936AC8BC7} - C:\WINDOWS\system32\rqlpksw.dll (file missing)
O2 - BHO: (no name) - {65879C0B-5B6D-4069-B6CE-3873F1D9C001} - C:\WINDOWS\system32\plugin_p_test.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00403} - C:\WINDOWS\system32\fontextc.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Whaowze] C:\Documents and Settings\Niels\Application Data\?racle\c?rss.exe
O4 - HKCU\..\Run: [Sers] "C:\PROGRA~1\CROSOF~1.NET\msiexec.exe" -vt ndrv

O20 - Winlogon Notify: winiar32 - winiar32.dll (file missing)

O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Documents and Settings\Niels\Application Data\?racle ← Search for this folder and delete when found. Please note that the ? represents an unprintable character so it will be at the bottom of the list!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\fontextc.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\plugin_p_test.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now. Also attach a fresh HJT log.

 

Damn, you guys sure are leet

I can run explorer again and everything seems to work fine. but I still get the errorsafe popup/add even on this site.

 

We need to remove a service, follow the below...

• Now Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to SX Service (SXServ)
• Then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteSX Service (SXServ) into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\sxserv101.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete this post, reboot again and attach a fresh HJT log. Also let me know how things are running.

 

When i try to delete the NT service i get this message:

Code:

Service 'SX Service (SXServ)' was not found in the registry.
Make sure you entered the short name of the service., vbExclemation

I also tried to delete 'SX Service' and '(SXServ)'

 

DId you find it to Stop and Disable it? If so, your ok. Go ahead and attach a fresh HJT log.

 

Yeah, i did find it in the services list and it was already stopped.

 

Your log looks good, you must now install a firewall and antivirus

Please see this thread on How to Protect yourself from malware!

 

Awesome, thanks!

I know i should protect my computer but i almost never have problems with viruses malware etc. but now i tried to download a no cd patch for a game but it gave me a wrong file but i opened it anyway

Anyway, it runs perfectly again, thank you very much, great site!

Till next time!

 

Your Welcome!

Surf Safely!