DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Unknown Internet Explorer Issue (http://www.daniweb.com/forums/thread7318.html)

Duke8888z Jun 21st, 2004 12:06 pm
Unknown Internet Explorer Issue
 
When I try and launch Internet Explorer, I get an error "Explorer has caused an error in <unknown>. Explorer will now close." I've ran Spybot and AdAware but they aren't getting it done. Please help!

Below are the results of a scan using Hijack This:

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\MPLAYER2.EXE
C:\DOWNLOADS\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\MY DOCUMENTS\MESSENGER SERVICE RECEIVED FILES\PIC1324(6)(1)(2)(1).exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [JAVAEL.EXE] C:\WINDOWS\SYSTEM\JAVAEL.EXE
O4 - HKLM\..\Run: [NTAP32.EXE] C:\WINDOWS\SYSTEM\NTAP32.EXE
O4 - HKLM\..\Run: [NETTW.EXE] C:\WINDOWS\SYSTEM\NETTW.EXE
O4 - HKLM\..\Run: [WININ32.EXE] C:\WINDOWS\SYSTEM\WININ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SYSMC.EXE] C:\WINDOWS\SYSTEM\SYSMC.EXE
O4 - HKLM\..\RunServices: [NETXJ32.EXE] C:\WINDOWS\NETXJ32.EXE
O4 - HKLM\..\RunServices: [APPZE.EXE] C:\WINDOWS\SYSTEM\APPZE.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [WINMC32.EXE] C:\WINDOWS\SYSTEM\WINMC32.EXE
O4 - HKLM\..\RunServices: [IPTZ.EXE] C:\WINDOWS\IPTZ.EXE
O4 - HKLM\..\RunServices: [NETKX.EXE] C:\WINDOWS\NETKX.EXE
O4 - HKLM\..\RunServices: [NETLL.EXE] C:\WINDOWS\SYSTEM\NETLL.EXE
O4 - HKLM\..\RunServices: [ADDIP.EXE] C:\WINDOWS\ADDIP.EXE
O4 - HKLM\..\RunServices: [SYSHM32.EXE] C:\WINDOWS\SYSHM32.EXE
O4 - HKLM\..\RunServices: [ADDFI.EXE] C:\WINDOWS\ADDFI.EXE
O4 - HKLM\..\RunServices: [NTLJ.EXE] C:\WINDOWS\SYSTEM\NTLJ.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRID.EXE] C:\WINDOWS\SYSTEM\CRID.EXE
O4 - HKLM\..\RunServices: [IPCY32.EXE] C:\WINDOWS\IPCY32.EXE
O4 - HKLM\..\RunServices: [IPRS.EXE] C:\WINDOWS\IPRS.EXE
O4 - HKLM\..\RunServices: [ATLHC32.EXE] C:\WINDOWS\SYSTEM\ATLHC32.EXE
O4 - HKLM\..\RunServices: [WINUN32.EXE] C:\WINDOWS\SYSTEM\WINUN32.EXE
O4 - HKLM\..\RunServices: [ADDEK.EXE] C:\WINDOWS\ADDEK.EXE
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE
O4 - HKLM\..\RunServices: [APIGG32.EXE] C:\WINDOWS\SYSTEM\APIGG32.EXE
O4 - HKLM\..\RunServices: [ATLXN32.EXE] C:\WINDOWS\SYSTEM\ATLXN32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [APIDZ32.EXE] C:\WINDOWS\APIDZ32.EXE
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Dell Home (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.msn.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://www.expressit.com/Plugin/3DGreetings/vroom.CAB
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E62498E0-1412-4CCD-9378-219AC6E36D26} (FeelzPlayerSetup Class) - http://www.feelingz.com/feelingz/setup/FeelzPlayer.CAB
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central.clevercontent.com/020...verContent.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...868.0326041667
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.com/plugin/axvers...printQuick.cab
O16 - DPF: {2D814F22-D27C-41FD-AEE8-AEC592310759} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1...L/PhPSetup.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...d/install.html
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net...b/emCraft1.cab
O19 - User stylesheet: (file missing)

crunchie Jun 22nd, 2004 8:13 am
Re: Unknown Internet Explorer Issue
 
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm

O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [JAVAEL.EXE] C:\WINDOWS\SYSTEM\JAVAEL.EXE
O4 - HKLM\..\Run: [NTAP32.EXE] C:\WINDOWS\SYSTEM\NTAP32.EXE
O4 - HKLM\..\Run: [NETTW.EXE] C:\WINDOWS\SYSTEM\NETTW.EXE
O4 - HKLM\..\Run: [WININ32.EXE] C:\WINDOWS\SYSTEM\WININ32.EXE
O4 - HKLM\..\RunServices: [SYSMC.EXE] C:\WINDOWS\SYSTEM\SYSMC.EXE
O4 - HKLM\..\RunServices: [NETXJ32.EXE] C:\WINDOWS\NETXJ32.EXE
O4 - HKLM\..\RunServices: [APPZE.EXE] C:\WINDOWS\SYSTEM\APPZE.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [WINMC32.EXE] C:\WINDOWS\SYSTEM\WINMC32.EXE
O4 - HKLM\..\RunServices: [IPTZ.EXE] C:\WINDOWS\IPTZ.EXE
O4 - HKLM\..\RunServices: [NETKX.EXE] C:\WINDOWS\NETKX.EXE
O4 - HKLM\..\RunServices: [NETLL.EXE] C:\WINDOWS\SYSTEM\NETLL.EXE
O4 - HKLM\..\RunServices: [ADDIP.EXE] C:\WINDOWS\ADDIP.EXE
O4 - HKLM\..\RunServices: [SYSHM32.EXE] C:\WINDOWS\SYSHM32.EXE
O4 - HKLM\..\RunServices: [ADDFI.EXE] C:\WINDOWS\ADDFI.EXE
O4 - HKLM\..\RunServices: [NTLJ.EXE] C:\WINDOWS\SYSTEM\NTLJ.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRID.EXE] C:\WINDOWS\SYSTEM\CRID.EXE
O4 - HKLM\..\RunServices: [IPCY32.EXE] C:\WINDOWS\IPCY32.EXE
O4 - HKLM\..\RunServices: [IPRS.EXE] C:\WINDOWS\IPRS.EXE
O4 - HKLM\..\RunServices: [ATLHC32.EXE] C:\WINDOWS\SYSTEM\ATLHC32.EXE
O4 - HKLM\..\RunServices: [WINUN32.EXE] C:\WINDOWS\SYSTEM\WINUN32.EXE
O4 - HKLM\..\RunServices: [ADDEK.EXE] C:\WINDOWS\ADDEK.EXE
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE
O4 - HKLM\..\RunServices: [APIGG32.EXE] C:\WINDOWS\SYSTEM\APIGG32.EXE
O4 - HKLM\..\RunServices: [ATLXN32.EXE] C:\WINDOWS\SYSTEM\ATLXN32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [APIDZ32.EXE] C:\WINDOWS\APIDZ32.EXE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/emCraft1.cab

O19 - User stylesheet: (file missing)

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

c:\Program Files\AutoUpdate< folder

Then dlete all those files that are listed above in the 04 lines as in:

C:\WINDOWS\SYSTEM\DP-HIM.EXE< file
C:\WINDOWS\SYSTEM\JAVAEL.EXE< file

Reboot normally after doing the above then post a fresh log plz.


All times are GMT -4. The time now is 6:18 am.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC