IE Will Not Open Anymore
 

Hello All,

I am not certain what has happened but all of a sudden, IE will not open anymore. I click on the icon and the window flashes; i.e. opens and closes very fast.

I do run Webroot Spy Sweeper and each time I attempt to open IE it pops and tells me that another application is attempting to change my home page to about:blank.

What else can I do to find out what is going on ?

Thank you in advance!

Bob

Re: IE Will Not Open Anymore
 

You can try to repair Internet Explorer, but the methods for doing so depend on the particular versions of Windows and IE that you have. Useful information and suggestions can be found in the links returned by this Google search:

http://www.google.com/search?hl=en&q...=Google+Search


As far as the posiible about:blank hijack:

Download HijackThis:

http://www.majorgeeks.com/download3155.html

Once downloaded, follow these instructions to install and run the program:

1. Create a new separate folder on your drive for HijackThis, move the program into thids folder, and run it from there. (Don't run HJT from within any Temp or Temporary Internet folder, and don't run it directly from your desktop.)

2. Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser(s)! HijackThis cannot fully perform its fixes while browsers are running.

3. Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

If you have no way of downloading to the machine with the "broken" IE, download HijackThis on another computer and transfer it via floppy or CD.

Re: IE Will Not Open Anymore
 

DMR,

Thank you for your help! Here is the log file generated by HijackThis.

========================================
Logfile of HijackThis v1.99.0
Scan saved at 5:37:10 PM, on 2/1/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmSecurityService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\mshelp32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\palmOne\HOTSYNC.EXE
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\BOB~1.MIX\LOCALS~1\Temp\ins1F.tmp
D:\PROGRA~1\Netscape\Netscape\Netscp.exe
D:\Software\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Sauce Reader - {a8f0736c-0b1a-4995-b239-843cd7f5f442} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Paessler Site Inspector Toolbar - {38D2A281-0444-433C-9ED6-A2851795F32A} - d:\Program Files\Paessler Site Inspector\psibar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] d:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\system32\mshelp32.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe
O4 - Startup: HotSync Manager.lnk = D:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WebPageToOneNote - res:///204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-tag.ieb
O8 - Extra context menu item: PSI: Copy Image URL - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-src.ieb
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-a-tag.ieb
O8 - Extra context menu item: PSI: Copy Meister - res://d:\Program Files\Paessler Site Inspector\psi.dll/copymeister.ieb
O8 - Extra context menu item: PSI: Open Frame In New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: PSI: Open Frame In This Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-this-window.ieb
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-selection.ieb
O8 - Extra context menu item: PSI: Show All Forms - res://d:\Program Files\Paessler Site Inspector\psi.dll/FormsModule.ieb
O8 - Extra context menu item: PSI: Show All Images - res://d:\Program Files\Paessler Site Inspector\psi.dll/ImagesModule.ieb
O8 - Extra context menu item: PSI: Show All Links - res://d:\Program Files\Paessler Site Inspector\psi.dll/LinksModule.ieb
O8 - Extra context menu item: PSI: Show All Scripts - res://d:\Program Files\Paessler Site Inspector\psi.dll/ScriptsModule.ieb
O8 - Extra context menu item: PSI: Show All Stylesheets - res://d:\Program Files\Paessler Site Inspector\psi.dll/StylesheetsModule.ieb
O8 - Extra context menu item: PSI: Show Complete Page Analysis - res://d:\Program Files\Paessler Site Inspector\psi.dll/element.ieb
O8 - Extra context menu item: PSI: Show Element Hilighter - res://d:\Program Files\Paessler Site Inspector\psi.dll/hilighter.ieb
O8 - Extra context menu item: PSI: Show HTTP Header - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModule.ieb
O8 - Extra context menu item: PSI: Show HTTP Header of Target - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModuleForAnchor.ieb
O8 - Extra context menu item: PSI: Show Source based on DOM - res://d:\Program Files\Paessler Site Inspector\psi.dll/DomDocumentModule.ieb
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PSI Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra 'Tools' menuitem: Paessler Site Inspector Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebPageToOneNote - {C20822F3-54CF-4da1-87B7-174090D62D36} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNote.dll (HKCU)
O9 - Extra button: (no name) - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O9 - Extra 'Tools' menuitem: WebPageToOneNote Options - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sp.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: Project Server Connector Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\CNCTSVC.EXE
O23 - Service: Project Server Scheduled Process Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
=============================================


Bob

IE Will Not Open - Updates
 

Hello all,

I started this thread
http://www.daniweb.com/techtalkforums/thread17833.html

and have posted results of HijackThis log file. Can anyone take a look at it and help me understand what has happened?

Thank you in advance for all the help!

Bob

Re: IE Will Not Open Anymore
 

run adaware and winsock fix in my signature

Re: IE Will Not Open Anymore
 

To add to/expand on that advice, please do the following:

A) Run a full anti-virus scan, making sure that your anti-virus program is using the most current virus definition updates.


B) Download and run Ad Aware and SpyBot Search & Destroy (download links are in my sig below)

1. Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days


2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file


3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT


4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only


Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot


Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found


* Run SpyBot.

When you first run SpyBot, it will walk you through a Wizard which will perform a few critical functions (making a registry backup, getting the latest updates, etc.).

1. Perform all of the Wizard's tasks.
2. Run the program. Once it completes, have it fix everything it finds.
3. Reboot.


C) Boot into Safe Mode (do this by hitting the F8 key as the computer is booting) and:

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- For every user account listed under C:\Documents and Settings, delete everything inside the following folders (don't delete the folders themselves though):

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

(If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed.)

- Empty your Recycle Bin.

- Reboot normally.


D) Run HijackThis again and post a fresh log.

Re: IE Will Not Open Anymore
 

Okay, I have done exactly as the directions posted. Here is the new copy of the HijackThis Log File. Thank you again for all of your help! :)

Does this log file show you anything?


Logfile of HijackThis v1.99.0
Scan saved at 9:36:44 AM, on 2/4/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\mshelp32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Netscape\Netscape\Netscp.exe
D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\palmOne\HOTSYNC.EXE
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cmd.exe
D:\Software\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Sauce Reader - {a8f0736c-0b1a-4995-b239-843cd7f5f442} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Paessler Site Inspector Toolbar - {38D2A281-0444-433C-9ED6-A2851795F32A} - d:\Program Files\Paessler Site Inspector\psibar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] d:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\system32\mshelp32.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe
O4 - Startup: HotSync Manager.lnk = D:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WebPageToOneNote - res:///204
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-tag.ieb
O8 - Extra context menu item: PSI: Copy Image URL - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-src.ieb
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-a-tag.ieb
O8 - Extra context menu item: PSI: Copy Meister - res://d:\Program Files\Paessler Site Inspector\psi.dll/copymeister.ieb
O8 - Extra context menu item: PSI: Open Frame In New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: PSI: Open Frame In This Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-this-window.ieb
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-selection.ieb
O8 - Extra context menu item: PSI: Show All Forms - res://d:\Program Files\Paessler Site Inspector\psi.dll/FormsModule.ieb
O8 - Extra context menu item: PSI: Show All Images - res://d:\Program Files\Paessler Site Inspector\psi.dll/ImagesModule.ieb
O8 - Extra context menu item: PSI: Show All Links - res://d:\Program Files\Paessler Site Inspector\psi.dll/LinksModule.ieb
O8 - Extra context menu item: PSI: Show All Scripts - res://d:\Program Files\Paessler Site Inspector\psi.dll/ScriptsModule.ieb
O8 - Extra context menu item: PSI: Show All Stylesheets - res://d:\Program Files\Paessler Site Inspector\psi.dll/StylesheetsModule.ieb
O8 - Extra context menu item: PSI: Show Complete Page Analysis - res://d:\Program Files\Paessler Site Inspector\psi.dll/element.ieb
O8 - Extra context menu item: PSI: Show Element Hilighter - res://d:\Program Files\Paessler Site Inspector\psi.dll/hilighter.ieb
O8 - Extra context menu item: PSI: Show HTTP Header - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModule.ieb
O8 - Extra context menu item: PSI: Show HTTP Header of Target - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModuleForAnchor.ieb
O8 - Extra context menu item: PSI: Show Source based on DOM - res://d:\Program Files\Paessler Site Inspector\psi.dll/DomDocumentModule.ieb
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PSI Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra 'Tools' menuitem: Paessler Site Inspector Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebPageToOneNote - {C20822F3-54CF-4da1-87B7-174090D62D36} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNote.dll (HKCU)
O9 - Extra button: (no name) - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O9 - Extra 'Tools' menuitem: WebPageToOneNote Options - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sp.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: Project Server Connector Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\CNCTSVC.EXE
O23 - Service: Project Server Scheduled Process Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe

Re: IE Will Not Open Anymore
 

1. Make sure all instances of your web browser(s) are closed before having HJT fix anything! This log entry indicates that you had Netscape running when you did your last scan:

" D:\Program Files\Netscape\Netscape\Netscp.exe"


2. Run HJT and have it fix:

O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll
O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\system32\mshelp32.exe
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe


3. Reboot into safe mode. Find and delete:

C:\WINDOWS\system32\javafix3.dll <-- HJT may have already deleted this one
C:\WINDOWS\system32\mshelp32.exe
c:\windows\jjfixer.exe


4. Empty your recylce bin and reboot normally.


5. Post a fresh log, and tell us if you are still experiencing symptoms of infection.

Re: IE Will Not Open Anymore
 

I did have Netscape shutdown. I believe it may have been running in the system tray. This time I made sure it was completely shutdown. I did as you directed and IE still opens and closes right away. I really do appreciate all of your help on this! :)

Here is the latest log file:


Logfile of HijackThis v1.99.0
Scan saved at 3:25:49 PM, on 2/4/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\mshelp32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\palmOne\HOTSYNC.EXE
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cmd.exe
D:\Software\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Sauce Reader - {a8f0736c-0b1a-4995-b239-843cd7f5f442} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Paessler Site Inspector Toolbar - {38D2A281-0444-433C-9ED6-A2851795F32A} - d:\Program Files\Paessler Site Inspector\psibar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] d:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\system32\mshelp32.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe
O4 - Startup: HotSync Manager.lnk = D:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WebPageToOneNote - res:///204
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-tag.ieb
O8 - Extra context menu item: PSI: Copy Image URL - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-src.ieb
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-a-tag.ieb
O8 - Extra context menu item: PSI: Copy Meister - res://d:\Program Files\Paessler Site Inspector\psi.dll/copymeister.ieb
O8 - Extra context menu item: PSI: Open Frame In New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: PSI: Open Frame In This Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-this-window.ieb
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-selection.ieb
O8 - Extra context menu item: PSI: Show All Forms - res://d:\Program Files\Paessler Site Inspector\psi.dll/FormsModule.ieb
O8 - Extra context menu item: PSI: Show All Images - res://d:\Program Files\Paessler Site Inspector\psi.dll/ImagesModule.ieb
O8 - Extra context menu item: PSI: Show All Links - res://d:\Program Files\Paessler Site Inspector\psi.dll/LinksModule.ieb
O8 - Extra context menu item: PSI: Show All Scripts - res://d:\Program Files\Paessler Site Inspector\psi.dll/ScriptsModule.ieb
O8 - Extra context menu item: PSI: Show All Stylesheets - res://d:\Program Files\Paessler Site Inspector\psi.dll/StylesheetsModule.ieb
O8 - Extra context menu item: PSI: Show Complete Page Analysis - res://d:\Program Files\Paessler Site Inspector\psi.dll/element.ieb
O8 - Extra context menu item: PSI: Show Element Hilighter - res://d:\Program Files\Paessler Site Inspector\psi.dll/hilighter.ieb
O8 - Extra context menu item: PSI: Show HTTP Header - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModule.ieb
O8 - Extra context menu item: PSI: Show HTTP Header of Target - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModuleForAnchor.ieb
O8 - Extra context menu item: PSI: Show Source based on DOM - res://d:\Program Files\Paessler Site Inspector\psi.dll/DomDocumentModule.ieb
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PSI Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra 'Tools' menuitem: Paessler Site Inspector Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebPageToOneNote - {C20822F3-54CF-4da1-87B7-174090D62D36} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNote.dll (HKCU)
O9 - Extra button: (no name) - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O9 - Extra 'Tools' menuitem: WebPageToOneNote Options - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sp.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: Project Server Connector Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\CNCTSVC.EXE
O23 - Service: Project Server Scheduled Process Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe

Re: IE Will Not Open Anymore
 

These entries are still present in your lastest log:

O2 - BHO: (no name) - {A708A39C-8DA7-4e36-B3B0-0A1FFAFD4B6D} - C:\WINDOWS\system32\javafix3.dll
O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\system32\mshelp32.exe
O4 - HKCU\..\Run: [msjava critical update] c:\windows\jjfixer.exe

Did you fully follow my previous instructions for deleting them? If not, please do that now. If you did do that, and the files appeared to be deleted but reappeared in your HJT log after doing so, please tell us if that was the case.