 |  |  |  |  |  |  |  |
Unknown Internet Explorer Issue
 |
When I try and launch Internet Explorer, I get an error "Explorer has caused an error in <unknown>. Explorer will now close." I've ran Spybot and AdAware but they aren't getting it done. Please help!
Below are the results of a scan using Hijack This:
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\MPLAYER2.EXE
C:\DOWNLOADS\HIJACK THIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\MY DOCUMENTS\MESSENGER SERVICE RECEIVED FILES\PIC1324(6)(1)(2)(1).exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [JAVAEL.EXE] C:\WINDOWS\SYSTEM\JAVAEL.EXE
O4 - HKLM\..\Run: [NTAP32.EXE] C:\WINDOWS\SYSTEM\NTAP32.EXE
O4 - HKLM\..\Run: [NETTW.EXE] C:\WINDOWS\SYSTEM\NETTW.EXE
O4 - HKLM\..\Run: [WININ32.EXE] C:\WINDOWS\SYSTEM\WININ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SYSMC.EXE] C:\WINDOWS\SYSTEM\SYSMC.EXE
O4 - HKLM\..\RunServices: [NETXJ32.EXE] C:\WINDOWS\NETXJ32.EXE
O4 - HKLM\..\RunServices: [APPZE.EXE] C:\WINDOWS\SYSTEM\APPZE.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [WINMC32.EXE] C:\WINDOWS\SYSTEM\WINMC32.EXE
O4 - HKLM\..\RunServices: [IPTZ.EXE] C:\WINDOWS\IPTZ.EXE
O4 - HKLM\..\RunServices: [NETKX.EXE] C:\WINDOWS\NETKX.EXE
O4 - HKLM\..\RunServices: [NETLL.EXE] C:\WINDOWS\SYSTEM\NETLL.EXE
O4 - HKLM\..\RunServices: [ADDIP.EXE] C:\WINDOWS\ADDIP.EXE
O4 - HKLM\..\RunServices: [SYSHM32.EXE] C:\WINDOWS\SYSHM32.EXE
O4 - HKLM\..\RunServices: [ADDFI.EXE] C:\WINDOWS\ADDFI.EXE
O4 - HKLM\..\RunServices: [NTLJ.EXE] C:\WINDOWS\SYSTEM\NTLJ.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRID.EXE] C:\WINDOWS\SYSTEM\CRID.EXE
O4 - HKLM\..\RunServices: [IPCY32.EXE] C:\WINDOWS\IPCY32.EXE
O4 - HKLM\..\RunServices: [IPRS.EXE] C:\WINDOWS\IPRS.EXE
O4 - HKLM\..\RunServices: [ATLHC32.EXE] C:\WINDOWS\SYSTEM\ATLHC32.EXE
O4 - HKLM\..\RunServices: [WINUN32.EXE] C:\WINDOWS\SYSTEM\WINUN32.EXE
O4 - HKLM\..\RunServices: [ADDEK.EXE] C:\WINDOWS\ADDEK.EXE
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE
O4 - HKLM\..\RunServices: [APIGG32.EXE] C:\WINDOWS\SYSTEM\APIGG32.EXE
O4 - HKLM\..\RunServices: [ATLXN32.EXE] C:\WINDOWS\SYSTEM\ATLXN32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [APIDZ32.EXE] C:\WINDOWS\APIDZ32.EXE
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Dell Home (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.msn.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://www.expressit.com/Plugin/3DGreetings/vroom.CAB
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E62498E0-1412-4CCD-9378-219AC6E36D26} (FeelzPlayerSetup Class) - http://www.feelingz.com/feelingz/setup/FeelzPlayer.CAB
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central.clevercontent.com/020...verContent.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...868.0326041667
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.com/plugin/axvers...printQuick.cab
O16 - DPF: {2D814F22-D27C-41FD-AEE8-AEC592310759} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1...L/PhPSetup.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...d/install.html
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net...b/emCraft1.cab
O19 - User stylesheet: (file missing)
Below are the results of a scan using Hijack This:
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\MPLAYER2.EXE
C:\DOWNLOADS\HIJACK THIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\MY DOCUMENTS\MESSENGER SERVICE RECEIVED FILES\PIC1324(6)(1)(2)(1).exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [JAVAEL.EXE] C:\WINDOWS\SYSTEM\JAVAEL.EXE
O4 - HKLM\..\Run: [NTAP32.EXE] C:\WINDOWS\SYSTEM\NTAP32.EXE
O4 - HKLM\..\Run: [NETTW.EXE] C:\WINDOWS\SYSTEM\NETTW.EXE
O4 - HKLM\..\Run: [WININ32.EXE] C:\WINDOWS\SYSTEM\WININ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SYSMC.EXE] C:\WINDOWS\SYSTEM\SYSMC.EXE
O4 - HKLM\..\RunServices: [NETXJ32.EXE] C:\WINDOWS\NETXJ32.EXE
O4 - HKLM\..\RunServices: [APPZE.EXE] C:\WINDOWS\SYSTEM\APPZE.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [WINMC32.EXE] C:\WINDOWS\SYSTEM\WINMC32.EXE
O4 - HKLM\..\RunServices: [IPTZ.EXE] C:\WINDOWS\IPTZ.EXE
O4 - HKLM\..\RunServices: [NETKX.EXE] C:\WINDOWS\NETKX.EXE
O4 - HKLM\..\RunServices: [NETLL.EXE] C:\WINDOWS\SYSTEM\NETLL.EXE
O4 - HKLM\..\RunServices: [ADDIP.EXE] C:\WINDOWS\ADDIP.EXE
O4 - HKLM\..\RunServices: [SYSHM32.EXE] C:\WINDOWS\SYSHM32.EXE
O4 - HKLM\..\RunServices: [ADDFI.EXE] C:\WINDOWS\ADDFI.EXE
O4 - HKLM\..\RunServices: [NTLJ.EXE] C:\WINDOWS\SYSTEM\NTLJ.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRID.EXE] C:\WINDOWS\SYSTEM\CRID.EXE
O4 - HKLM\..\RunServices: [IPCY32.EXE] C:\WINDOWS\IPCY32.EXE
O4 - HKLM\..\RunServices: [IPRS.EXE] C:\WINDOWS\IPRS.EXE
O4 - HKLM\..\RunServices: [ATLHC32.EXE] C:\WINDOWS\SYSTEM\ATLHC32.EXE
O4 - HKLM\..\RunServices: [WINUN32.EXE] C:\WINDOWS\SYSTEM\WINUN32.EXE
O4 - HKLM\..\RunServices: [ADDEK.EXE] C:\WINDOWS\ADDEK.EXE
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE
O4 - HKLM\..\RunServices: [APIGG32.EXE] C:\WINDOWS\SYSTEM\APIGG32.EXE
O4 - HKLM\..\RunServices: [ATLXN32.EXE] C:\WINDOWS\SYSTEM\ATLXN32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [APIDZ32.EXE] C:\WINDOWS\APIDZ32.EXE
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Dell Home (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.msn.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://www.expressit.com/Plugin/3DGreetings/vroom.CAB
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E62498E0-1412-4CCD-9378-219AC6E36D26} (FeelzPlayerSetup Class) - http://www.feelingz.com/feelingz/setup/FeelzPlayer.CAB
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central.clevercontent.com/020...verContent.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...868.0326041667
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.com/plugin/axvers...printQuick.cab
O16 - DPF: {2D814F22-D27C-41FD-AEE8-AEC592310759} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1...L/PhPSetup.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...d/install.html
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net...b/emCraft1.cab
O19 - User stylesheet: (file missing)
•
•
Join Date: Feb 2004
Posts: 9,945
Reputation: 
Solved Threads: 712
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [JAVAEL.EXE] C:\WINDOWS\SYSTEM\JAVAEL.EXE
O4 - HKLM\..\Run: [NTAP32.EXE] C:\WINDOWS\SYSTEM\NTAP32.EXE
O4 - HKLM\..\Run: [NETTW.EXE] C:\WINDOWS\SYSTEM\NETTW.EXE
O4 - HKLM\..\Run: [WININ32.EXE] C:\WINDOWS\SYSTEM\WININ32.EXE
O4 - HKLM\..\RunServices: [SYSMC.EXE] C:\WINDOWS\SYSTEM\SYSMC.EXE
O4 - HKLM\..\RunServices: [NETXJ32.EXE] C:\WINDOWS\NETXJ32.EXE
O4 - HKLM\..\RunServices: [APPZE.EXE] C:\WINDOWS\SYSTEM\APPZE.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [WINMC32.EXE] C:\WINDOWS\SYSTEM\WINMC32.EXE
O4 - HKLM\..\RunServices: [IPTZ.EXE] C:\WINDOWS\IPTZ.EXE
O4 - HKLM\..\RunServices: [NETKX.EXE] C:\WINDOWS\NETKX.EXE
O4 - HKLM\..\RunServices: [NETLL.EXE] C:\WINDOWS\SYSTEM\NETLL.EXE
O4 - HKLM\..\RunServices: [ADDIP.EXE] C:\WINDOWS\ADDIP.EXE
O4 - HKLM\..\RunServices: [SYSHM32.EXE] C:\WINDOWS\SYSHM32.EXE
O4 - HKLM\..\RunServices: [ADDFI.EXE] C:\WINDOWS\ADDFI.EXE
O4 - HKLM\..\RunServices: [NTLJ.EXE] C:\WINDOWS\SYSTEM\NTLJ.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRID.EXE] C:\WINDOWS\SYSTEM\CRID.EXE
O4 - HKLM\..\RunServices: [IPCY32.EXE] C:\WINDOWS\IPCY32.EXE
O4 - HKLM\..\RunServices: [IPRS.EXE] C:\WINDOWS\IPRS.EXE
O4 - HKLM\..\RunServices: [ATLHC32.EXE] C:\WINDOWS\SYSTEM\ATLHC32.EXE
O4 - HKLM\..\RunServices: [WINUN32.EXE] C:\WINDOWS\SYSTEM\WINUN32.EXE
O4 - HKLM\..\RunServices: [ADDEK.EXE] C:\WINDOWS\ADDEK.EXE
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE
O4 - HKLM\..\RunServices: [APIGG32.EXE] C:\WINDOWS\SYSTEM\APIGG32.EXE
O4 - HKLM\..\RunServices: [ATLXN32.EXE] C:\WINDOWS\SYSTEM\ATLXN32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [APIDZ32.EXE] C:\WINDOWS\APIDZ32.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/emCraft1.cab
O19 - User stylesheet: (file missing)
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
c:\Program Files\AutoUpdate< folder
Then dlete all those files that are listed above in the 04 lines as in:
C:\WINDOWS\SYSTEM\DP-HIM.EXE< file
C:\WINDOWS\SYSTEM\JAVAEL.EXE< file
Reboot normally after doing the above then post a fresh log plz.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [JAVAEL.EXE] C:\WINDOWS\SYSTEM\JAVAEL.EXE
O4 - HKLM\..\Run: [NTAP32.EXE] C:\WINDOWS\SYSTEM\NTAP32.EXE
O4 - HKLM\..\Run: [NETTW.EXE] C:\WINDOWS\SYSTEM\NETTW.EXE
O4 - HKLM\..\Run: [WININ32.EXE] C:\WINDOWS\SYSTEM\WININ32.EXE
O4 - HKLM\..\RunServices: [SYSMC.EXE] C:\WINDOWS\SYSTEM\SYSMC.EXE
O4 - HKLM\..\RunServices: [NETXJ32.EXE] C:\WINDOWS\NETXJ32.EXE
O4 - HKLM\..\RunServices: [APPZE.EXE] C:\WINDOWS\SYSTEM\APPZE.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [WINMC32.EXE] C:\WINDOWS\SYSTEM\WINMC32.EXE
O4 - HKLM\..\RunServices: [IPTZ.EXE] C:\WINDOWS\IPTZ.EXE
O4 - HKLM\..\RunServices: [NETKX.EXE] C:\WINDOWS\NETKX.EXE
O4 - HKLM\..\RunServices: [NETLL.EXE] C:\WINDOWS\SYSTEM\NETLL.EXE
O4 - HKLM\..\RunServices: [ADDIP.EXE] C:\WINDOWS\ADDIP.EXE
O4 - HKLM\..\RunServices: [SYSHM32.EXE] C:\WINDOWS\SYSHM32.EXE
O4 - HKLM\..\RunServices: [ADDFI.EXE] C:\WINDOWS\ADDFI.EXE
O4 - HKLM\..\RunServices: [NTLJ.EXE] C:\WINDOWS\SYSTEM\NTLJ.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRID.EXE] C:\WINDOWS\SYSTEM\CRID.EXE
O4 - HKLM\..\RunServices: [IPCY32.EXE] C:\WINDOWS\IPCY32.EXE
O4 - HKLM\..\RunServices: [IPRS.EXE] C:\WINDOWS\IPRS.EXE
O4 - HKLM\..\RunServices: [ATLHC32.EXE] C:\WINDOWS\SYSTEM\ATLHC32.EXE
O4 - HKLM\..\RunServices: [WINUN32.EXE] C:\WINDOWS\SYSTEM\WINUN32.EXE
O4 - HKLM\..\RunServices: [ADDEK.EXE] C:\WINDOWS\ADDEK.EXE
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE
O4 - HKLM\..\RunServices: [APIGG32.EXE] C:\WINDOWS\SYSTEM\APIGG32.EXE
O4 - HKLM\..\RunServices: [ATLXN32.EXE] C:\WINDOWS\SYSTEM\ATLXN32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [APIDZ32.EXE] C:\WINDOWS\APIDZ32.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/emCraft1.cab
O19 - User stylesheet: (file missing)
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
c:\Program Files\AutoUpdate< folder
Then dlete all those files that are listed above in the 04 lines as in:
C:\WINDOWS\SYSTEM\DP-HIM.EXE< file
C:\WINDOWS\SYSTEM\JAVAEL.EXE< file
Reboot normally after doing the above then post a fresh log plz.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- News Story: Internet Explorer fault (Network Security)
- Help with this annoyinh pop ups and unknown internet explorer toolbar.. (Viruses, Spyware and other Nasties)
- News Story: Microsoft announces host of new Internet Explorer 8 security features (Web Browsers)
- News Story: New Internet Explorer 8 functionality revealed (Web Browsers)
- Internet Explorer Connection Issue (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: bxxs.5 error
- Next Thread: Lots of problems (HJT log)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday