Hello I am actually having problems with my internet explorer poping up with Microsoft internet explorer has encountered a problem and must be shut down message all the time, It took me 6 tries to get in here to post this message. I have done all the updates and even installed the service pack upgrades. Ran Adaware and AVG but I am still having the same problem. Thought that there might be something in my Hijack this log that would help me out SO I am posting it for all of you Super smart people to tell me what to erase.. I appreciate any help Thanks Ryun

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:00 PM, on 3/18/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nipalsm.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\System32\lgbpd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1199482905&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NI-488.2 Getting Started Wizard] C:\Program Files\National Instruments\NI-488.2\Bin\Getting Started.exe
O4 - HKCU\..\Run: [LGBLiveUpdate] C:\WINNT\System32\lgbpd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUzed004YYUS_ZZzer000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {44A6A9CA-AC5B-4C39-8FE6-17E7D06903A9} (Image Uploader Control) - https://dealers.autotrader.com/dc/media/inc/ImageUploader4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205522042796
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe

--
End of file - 4854 bytes

Hello, ryun.
Delete this file:
C:\WINNT\System32\lgbpd.exe - if it is running just stop it in TM and then try to delete it again.
Good. Uninstall MyWebSearch via Add/Remove pgms.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 - HKCU\..\Run: [LGBLiveUpdate] C:\WINNT\System32\lgbpd.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...4YYUS_ZZzer000
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab

Finally: Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after

installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.6.0.5 is current....
And let's hope that is it. Say how things are...

commented: He is a genius +4

Hello, I have ran into two problems I erased the file you talked about I could not find the Mywebsearch in the add remove area, then I erased the hijack this stuff and went to update Jave and every time it starts the download it pops up a box that says java(tm) 6 update 5 at the top and the message is "Installer terminated prematurely" I have tried several time and get this message every time.. Im still getting the same Internet explorer error as well Thanks Ryun

Ryun, we need to look a little deeper then. Clean, then try the first, and then if your IE [it must be IE] will allow it, the second scan also.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

it might be my imagination but things seem to be better already after just running the combo fix? Thanks Ryun


Here is the combo fix scan

ComboFix 08-03-18.1 - Administrator 03/20/2008 9:53:46.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.84 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\My Documents\freeware\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\414642843.exe
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NEW_DRV


((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-20 09:26 . 08-03-20 09:26 <DIR> d-------- C:\Program Files\CCleaner
2008-03-18 12:15 . 08-03-18 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-18 12:13 . 08-03-18 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-18 12:13 . 08-03-18 12:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-18 10:57 . 08-03-18 12:03 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-03-18 10:49 . 99-11-30 01:33 8,976 --a------ C:\WINNT\system32\kbdjpn.dll
2008-03-18 10:49 . 99-11-30 01:33 8,976 --a--c--- C:\WINNT\system32\dllcache\kbdjpn.dll
2008-03-18 10:49 . 99-11-30 01:33 7,440 --a------ C:\WINNT\system32\kbd106.dll
2008-03-18 10:49 . 99-11-30 01:33 7,440 --a--c--- C:\WINNT\system32\dllcache\kbd106.dll
2008-03-18 10:37 . 08-03-19 14:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-18 09:38 . 08-03-18 09:38 <DIR> d-------- C:\Program Files\ACW
2008-03-15 09:08 . 08-03-15 09:08 <DIR> d-------- C:\WINNT\Cookies
2008-03-15 05:30 . 07-07-30 19:19 271,224 --a------ C:\WINNT\system32\mucltui.dll
2008-03-15 05:30 . 07-07-30 19:19 30,072 --a------ C:\WINNT\system32\mucltui.dll.mui
2008-03-14 16:00 . 08-03-14 16:00 <DIR> d-------- C:\WINNT\system32\Windows Media
2008-03-14 16:00 . 08-03-15 10:02 <DIR> d-------- C:\WINNT\msiinst.tmp
2008-03-14 16:00 . 08-03-14 16:00 <DIR> d--h-c--- C:\WINNT\$NtUpdateRollupPackUninstall$
2008-03-14 15:58 . 08-03-14 15:58 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2008-03-14 15:56 . 08-03-14 15:56 <DIR> d-------- C:\WINNT\mui
2008-03-14 15:56 . 08-03-14 15:57 957 --a------ C:\WINNT\setup.inf
2008-03-14 15:56 . 08-03-14 15:57 283 --a------ C:\WINNT\setup.rpt
2008-03-14 15:43 . 06-07-24 22:08 840,976 -----c--- C:\WINNT\system32\dllcache\mmcndmgr.dll
2008-03-14 15:10 . 08-03-14 15:10 <DIR> d-------- C:\WINNT\system32\ie_de
2008-03-14 15:10 . 08-03-14 15:10 <DIR> d-------- C:\WINNT\ServicePackFiles
2008-03-14 15:08 . 06-06-27 01:30 1,427,728 --a------ C:\WINNT\system32\query.dll
2008-03-14 15:07 . 03-06-19 12:05 1,385,744 --a------ C:\WINNT\system32\MSVBVM60.DLL
2008-03-14 15:06 . 03-06-19 12:05 575,517 --a------ C:\WINNT\system32\imejpknl.dll
2008-03-14 15:05 . 05-08-30 02:29 2,532,112 --a------ C:\WINNT\system32\cdosys.dll
2008-03-14 10:02 . 08-03-14 10:02 27,136 --a------ C:\WINNT\9129837.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:29 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-03-18 19:16 --------- d-----w C:\Program Files\Lavasoft
2008-03-18 19:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-28 18:05 --------- d-----w C:\Program Files\Picasa2
2005-10-28 13:41 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-04-12 23:15 271 ---h--w C:\Program Files\desktop.ini
2005-04-12 23:15 21,952 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [04-11-22 06:18 307200]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-10-23 14:18 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [05-10-19 06:59 155648]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [05-10-19 06:59 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [05-11-10 11:03 36975]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [05-11-15 10:12 473928]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-10-23 14:18 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 02:44:06 29696]

R0 NIPALK;NIPALK;C:\WINNT\system32\drivers\NIPALK.sys [04-11-04 14:57 ]
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [00-05-27 02:37 ]
R2 GpibPrtK;Gpib Port;C:\WINNT\system32\drivers\gpibprtk.sys [06-03-15 15:25 ]
R2 nidimk;nidimk;C:\WINNT\system32\drivers\nidimk.dll [04-03-26 19:23 ]
R2 nipxirmk;nipxirmk;C:\WINNT\system32\drivers\nipxirmk.dll [04-03-15 09:13 ]
R3 niorbk;niorbk;C:\WINNT\system32\drivers\niorbk.dll [04-03-31 16:03 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 12:05 ]
S3 NiViPxiK;NiViPxiK;C:\WINNT\system32\drivers\NiViPxiK.sys [04-03-30 09:22 ]

*Newly Created Service* - IPNAT
*Newly Created Service* - NIPALK
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 09:57:02
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\nipalsm.exe
.
**************************************************************************
.
Completion time: 2008-03-20 9:58:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-20 16:58:21
.
2008-03-15 17:03:45 --- E O F ---


Here is the active scan info


Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Virus:Trj/Bancos.RQ Not disinfected C:\Documents and Settings\Administrator\My Documents\freeware\ComboFix.exe[327882R2FWJFW\pv.cfexe]

Ryun, those logs look good to me. [the Panda virus detection is okay, it has just picked up a normal file in combofix].
You may delete combofix, its extracted files, C:\qoobox and combofix.txt.
So everything is fine now?

Pleased to be able to help, ryun.
Cheers.