943,928 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Unknown Internet Explorer Issue
Ad:
Permalink
Jun 21st, 2004
0

Unknown Internet Explorer Issue

Expand Post »
When I try and launch Internet Explorer, I get an error "Explorer has caused an error in <unknown>. Explorer will now close." I've ran Spybot and AdAware but they aren't getting it done. Please help!

Below are the results of a scan using Hijack This:

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\MPLAYER2.EXE
C:\DOWNLOADS\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [MadExe] C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\MY DOCUMENTS\MESSENGER SERVICE RECEIVED FILES\PIC1324(6)(1)(2)(1).exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [JAVAEL.EXE] C:\WINDOWS\SYSTEM\JAVAEL.EXE
O4 - HKLM\..\Run: [NTAP32.EXE] C:\WINDOWS\SYSTEM\NTAP32.EXE
O4 - HKLM\..\Run: [NETTW.EXE] C:\WINDOWS\SYSTEM\NETTW.EXE
O4 - HKLM\..\Run: [WININ32.EXE] C:\WINDOWS\SYSTEM\WININ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SYSMC.EXE] C:\WINDOWS\SYSTEM\SYSMC.EXE
O4 - HKLM\..\RunServices: [NETXJ32.EXE] C:\WINDOWS\NETXJ32.EXE
O4 - HKLM\..\RunServices: [APPZE.EXE] C:\WINDOWS\SYSTEM\APPZE.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [WINMC32.EXE] C:\WINDOWS\SYSTEM\WINMC32.EXE
O4 - HKLM\..\RunServices: [IPTZ.EXE] C:\WINDOWS\IPTZ.EXE
O4 - HKLM\..\RunServices: [NETKX.EXE] C:\WINDOWS\NETKX.EXE
O4 - HKLM\..\RunServices: [NETLL.EXE] C:\WINDOWS\SYSTEM\NETLL.EXE
O4 - HKLM\..\RunServices: [ADDIP.EXE] C:\WINDOWS\ADDIP.EXE
O4 - HKLM\..\RunServices: [SYSHM32.EXE] C:\WINDOWS\SYSHM32.EXE
O4 - HKLM\..\RunServices: [ADDFI.EXE] C:\WINDOWS\ADDFI.EXE
O4 - HKLM\..\RunServices: [NTLJ.EXE] C:\WINDOWS\SYSTEM\NTLJ.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRID.EXE] C:\WINDOWS\SYSTEM\CRID.EXE
O4 - HKLM\..\RunServices: [IPCY32.EXE] C:\WINDOWS\IPCY32.EXE
O4 - HKLM\..\RunServices: [IPRS.EXE] C:\WINDOWS\IPRS.EXE
O4 - HKLM\..\RunServices: [ATLHC32.EXE] C:\WINDOWS\SYSTEM\ATLHC32.EXE
O4 - HKLM\..\RunServices: [WINUN32.EXE] C:\WINDOWS\SYSTEM\WINUN32.EXE
O4 - HKLM\..\RunServices: [ADDEK.EXE] C:\WINDOWS\ADDEK.EXE
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE
O4 - HKLM\..\RunServices: [APIGG32.EXE] C:\WINDOWS\SYSTEM\APIGG32.EXE
O4 - HKLM\..\RunServices: [ATLXN32.EXE] C:\WINDOWS\SYSTEM\ATLXN32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [APIDZ32.EXE] C:\WINDOWS\APIDZ32.EXE
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Dell Home (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.msn.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://www.expressit.com/Plugin/3DGreetings/vroom.CAB
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {E62498E0-1412-4CCD-9378-219AC6E36D26} (FeelzPlayerSetup Class) - http://www.feelingz.com/feelingz/setup/FeelzPlayer.CAB
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} (MailConfigure Class) - http://supportservices.msn.com/us/smtptool/MailCfg.cab
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central.clevercontent.com/020...verContent.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...868.0326041667
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - http://www.pqvalet.com/plugin/axvers...printQuick.cab
O16 - DPF: {2D814F22-D27C-41FD-AEE8-AEC592310759} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/1...L/PhPSetup.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...d/install.html
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.5.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net...b/emCraft1.cab
O19 - User stylesheet: (file missing)
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Duke8888z is offline Offline
1 posts
since Jun 2004
Permalink
Jun 22nd, 2004
0

Re: Unknown Internet Explorer Issue

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm

O2 - BHO: (no name) - {4324EC06-E339-D60F-9E06-C4507E11B1F3} - C:\WINDOWS\MFCSI32.DLL

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [JAVAEL.EXE] C:\WINDOWS\SYSTEM\JAVAEL.EXE
O4 - HKLM\..\Run: [NTAP32.EXE] C:\WINDOWS\SYSTEM\NTAP32.EXE
O4 - HKLM\..\Run: [NETTW.EXE] C:\WINDOWS\SYSTEM\NETTW.EXE
O4 - HKLM\..\Run: [WININ32.EXE] C:\WINDOWS\SYSTEM\WININ32.EXE
O4 - HKLM\..\RunServices: [SYSMC.EXE] C:\WINDOWS\SYSTEM\SYSMC.EXE
O4 - HKLM\..\RunServices: [NETXJ32.EXE] C:\WINDOWS\NETXJ32.EXE
O4 - HKLM\..\RunServices: [APPZE.EXE] C:\WINDOWS\SYSTEM\APPZE.EXE
O4 - HKLM\..\RunServices: [NETLB32.EXE] C:\WINDOWS\NETLB32.EXE
O4 - HKLM\..\RunServices: [WINMC32.EXE] C:\WINDOWS\SYSTEM\WINMC32.EXE
O4 - HKLM\..\RunServices: [IPTZ.EXE] C:\WINDOWS\IPTZ.EXE
O4 - HKLM\..\RunServices: [NETKX.EXE] C:\WINDOWS\NETKX.EXE
O4 - HKLM\..\RunServices: [NETLL.EXE] C:\WINDOWS\SYSTEM\NETLL.EXE
O4 - HKLM\..\RunServices: [ADDIP.EXE] C:\WINDOWS\ADDIP.EXE
O4 - HKLM\..\RunServices: [SYSHM32.EXE] C:\WINDOWS\SYSHM32.EXE
O4 - HKLM\..\RunServices: [ADDFI.EXE] C:\WINDOWS\ADDFI.EXE
O4 - HKLM\..\RunServices: [NTLJ.EXE] C:\WINDOWS\SYSTEM\NTLJ.EXE
O4 - HKLM\..\RunServices: [APPVZ32.EXE] C:\WINDOWS\APPVZ32.EXE
O4 - HKLM\..\RunServices: [CRID.EXE] C:\WINDOWS\SYSTEM\CRID.EXE
O4 - HKLM\..\RunServices: [IPCY32.EXE] C:\WINDOWS\IPCY32.EXE
O4 - HKLM\..\RunServices: [IPRS.EXE] C:\WINDOWS\IPRS.EXE
O4 - HKLM\..\RunServices: [ATLHC32.EXE] C:\WINDOWS\SYSTEM\ATLHC32.EXE
O4 - HKLM\..\RunServices: [WINUN32.EXE] C:\WINDOWS\SYSTEM\WINUN32.EXE
O4 - HKLM\..\RunServices: [ADDEK.EXE] C:\WINDOWS\ADDEK.EXE
O4 - HKLM\..\RunServices: [MFCFK32.EXE] C:\WINDOWS\MFCFK32.EXE
O4 - HKLM\..\RunServices: [APIGG32.EXE] C:\WINDOWS\SYSTEM\APIGG32.EXE
O4 - HKLM\..\RunServices: [ATLXN32.EXE] C:\WINDOWS\SYSTEM\ATLXN32.EXE
O4 - HKLM\..\RunServices: [CRMP.EXE] C:\WINDOWS\CRMP.EXE
O4 - HKLM\..\RunServices: [APIDZ32.EXE] C:\WINDOWS\APIDZ32.EXE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/emCraft1.cab

O19 - User stylesheet: (file missing)

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

c:\Program Files\AutoUpdate< folder

Then dlete all those files that are listed above in the 04 lines as in:

C:\WINDOWS\SYSTEM\DP-HIM.EXE< file
C:\WINDOWS\SYSTEM\JAVAEL.EXE< file

Reboot normally after doing the above then post a fresh log plz.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: bxxs.5 error
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Lots of problems (HJT log)





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC