Task manager Help PLease!!!

hi guys i'm new!! lol
um recently i went to my friend's profile in aim.. and then it suddenly like did stuff.. meaning.. when ever i boot up it opens a website : www.affoundation.com also it opens 2 windows of "My Documents" it does that all the time.. i mean when i boot up. then when i turn aim off. it just turns it back on and then puts a away message showing the site that loads when i boot up the computer! i've tried virus scanners.. nothing! i really don't know wat to do!! please help.. i would appreicate it =] and i got windows sp2!

um here is my log file from hijackthis

Logfile of HijackThis v1.98.2
Scan saved at 6:28:21 PM, on 9/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\EEXPLORER.EXE
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ikon\LOCALS~1\Temp\Rar$EX06.799\Hijack This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D 1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Windows Explorer] EEXPLORER.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [Windows Explorer] EEXPLORER.EXE
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093944294230
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab


here is the logfile after i restarted my computer.. currently i have the 2 windows of the "My Documents"

Logfile of HijackThis v1.98.2
Scan saved at 6:46:20 PM, on 9/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D 1.EXE
C:\WINDOWS\system32\EEXPLORER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Ikon\LOCALS~1\Temp\Rar$EX00.222\Hijack This.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D 1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [Windows Explorer] EEXPLORER.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [Windows Explorer] EEXPLORER.EXE
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093944294230
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

1. What virus scanners have you used?

2. If you haven't already, try this site: http://security.symantec.com/sscv6/vc_scan.asp?langid=ie&venid=sym&plfid=23&pkj=FKQDRHYTINMHDKDCWLL&vc_scanstate=2

It will check for viruses and such.

1.) i have used the one at trend micro. and i tried the panda virus scanner .. nothing came up but trojans.. which i deleted and stil didn't do anything

2.) thanks but i don't need it

i just need to know loll!!! it's an Aim Virus or something!
is there anything wrong with the log file i provided above??

In HJT put a check and fix this:
O4 - HKCU\..\RunOnce: [Windows Explorer] EEXPLORER.EXE

Reboot to safe mode, (instructions)

In safe mode, navigate to this file and delete it:
C:\WINDOWS\system32\EEXPLORER.EXE

Reboot

Post a new HJT log.

Also, did you install the ares filesharing client? If you didn't, we will need to get rid of it.

I just stumbled across this thread while trying to find out exactly what eexplorer.exe was. I just spent the last several nights with MS support and finally killed it. I think I can help...

I'm running XP SP2:

1) Boot into safe mode (without network support...this thing will reload from the internet if you try safe mode with network).
2) Run REGEDIT (which incidentally would not run in normal mode, as well as taskmanager and msconfig on my machine) and search for EEXPLORER and delete all keys and references to it.
3) Still in safe mode, run HIJACKTHIS hit SCAN and check all boxes with any reference to EEXPLORER.EXE and hit FIX.
4) Reboot into normal mode...and breath a sigh of relief !
5) It wouldn't hurt to do a normal FIND for EEXPLORER and delete any files you might turn up.

This should fix the underlying resident layer that keeps your system utilities from functioning and teases you with the little green box in the taskbar that disapears when you move your mouse cursor over it. You can always run another hijackthis scan and take out references to windows explorer that might be loading at bootup, but don't get too trigger happy...you can very quickly get into trouble with hijackthis.

By the way, affoundation is a site for the punk band AntiFlag. I doubt they are involved, probably just a favorite of the worm writer. Hope I helped.

BMXDAD

Hello Aznikon,

Virus scan doesn't help in your case. You need to install the antispyware program to get rid of it.
Download Spybot - Search & Destroy 1.3 and Ad-Ware . Hope this will help.

Boot your pc to safe mode then run the scan in the following order:
1) Spybot - Search & Destroy
2) Ad-ware SE Personal
3) HiJackThis

have a problem in OE on two Home Edition XP computers:

while composing a message

1- cannot load a stationary nor background pic
i.e. message area still blank after choosing a stationary or background.

2- text colors do not show in the message area
but they are received by the recipient of the message.
e.g. i select red as a text color, black is displayed in the message area, but recipient receives red text ?


i'm about half smart but this one baffles me... Thanks, Les Goldie