0

I recently bought a compaq laptop to use for school and work. Now, completely out of the blue, windows explorer and internet explorer will not open. Most other programs work, although they like to freeze alot.
I have read through forums checking for an answer but with no luck.
Now I should stress that I don't use this computer to download stuff and I don't use it to visit any sites that might seem suspicious. So, it would be surprising to me if i got a hijacker or virus.
I don't know if this is related but for the past month when i shutdown windows it would now and then hang at the shutting down windows screen and i would have to manually turn the laptop off. Right before this major problem above happened i had to manually turn the computer off.
I have tried Ad-Aware but it hangs when it deep scans the registry (under shared dll's i think). This still happens when i am in safe mode. I was going to do a system restore but that hangs as well (in safe and in normal mode).
I am using windows xp with all the updates (as of two days ago). Any help would be much appreciated seeing as this is my school/work computer.
I used HackThis and obtained the following log:

Logfile of HijackThis v1.99.1
Scan saved at 8:10:42 AM, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\altera\quartus50sp1\bin\JTAGServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\AYYYTH~1\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=presario&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133493346796
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - C:\altera\quartus50sp1\bin\JTAGServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Thanks,
Sean

2
Contributors
8
Replies
9
Views
11 Years
Discussion Span
Last Post by DMR
0

I finally got AdAware to run completely in safe mode with system restore disabled. It found a few small things and one major thing...ByteVerify. It was deleted and when i restarted and scanned again it was gone. BUT...the same problem still persisits.

I suppose that it should also be noted that when the main desktop comes up the taskbar/startmenu disappears after a few seconds (~10 seconds) and then reappears and normal things are loaded in the bottom right corner (voluje control, network connection).

I checked the HJT log after the ByteVerify was deleted and it looked the same.

So what should I do? Get more spyware programs to check. I will use CCleaner when i get home. What about Repairing windows with the CD? Is that fine to do even though i have all the updates?

0

Can anyone help? It is fustrating problem.
I have now used CCleaner, AdAware, a-squared, SpyCleaner and eido to get rid of the spyware and what not. The computer seems clean, but still no luck opening my computer or internet explorer.

0

Open the Event Viewer utility in your Administrative Tools control panel. Look through the Application and System logs for "Error" or "Warning" entries; double-clicking on the entries will open a properties window with more details. If you see any entries whose details look like they might relate to the problem(s) you're having, post the full and complete contents of the details window(s) here. Here's the easiest way to post those details:

- In the Properties window, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard.
- Paste the details into your next post in the same way that you paste your HijackThis log- by choosing "Paste" from the "File" menu or by hitting CTRL+V.

0

Ok i will post the events in a bit....i have to burn the logs onto CD and then post them off my PC.
It should be noted that I repaired/re-installed windows (SP2) the other day and nothing changed. The event logs are the same today as they were before the re-install. I am waiting for windows to automatically get the updates i need to be up to date...then i will post the logs. It seems there is a fault in explorer.exe with the wininet.dll. Anyway, logs to come soon.

Thanks for the help.

0

Here are the errors that seem relevant. I have been trying to update windows after my repair (after the repair it already has SP2) but it has not tried to automattically get the updates.

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 15/01/2006
Time: 6:31:51 PM
User: N/A
Computer: THEFONZ
Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module wininet.dll, version 6.0.2900.2180, fault address 0x00037d96.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________________________________________________________________________
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1005
Date: 15/01/2006
Time: 6:31:41 PM
User: N/A
Computer: THEFONZ
Description:
Windows cannot access the file C:\Documents and Settings\AyyyTheFonz\Local Settings\Temporary Internet Files\Content.IE5\index.dat for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program index.dat because of this error.

Program: index.dat
File: C:\Documents and Settings\AyyyTheFonz\Local Settings\Temporary Internet Files\Content.IE5\index.dat

The error value is listed in the Additional Data section.
User Action
1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again.
2. If the file still cannot be accessed and
- It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.
Additional Data
Error value: C000009C
Disk type: 3

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

___________________________________________________________________________
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 12/01/2006
Time: 5:55:41 PM
User: N/A
Computer: THEFONZ
Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x771e7e6e.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

___________________________________________________________________________
Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 15/01/2006
Time: 6:40:08 PM
User: N/A
Computer: THEFONZ
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
___________________________________________________________________________

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 15/01/2006
Time: 6:40:17 PM
User: N/A
Computer: THEFONZ
Description:
The Computer Browser service entered the stopped state.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0

1.

The device, \Device\Harddisk0\D, has a bad block.

That error usually indicates a physically damaged spot on the hard drive. This is obviously not a Good Thing in itself, and it can also be an early warning sign of a failing drive. I'd suggest:

A) Running Windows' ScanDisk utility:
* Double-click My Computer
* Highlight a local hard disk drive by clicking on it once.
* Right click the highlighted local drive
* Click properties
* Click the tools tab and click check now to check the drive for errors.

B) Visiting the drive manufacturer's support site and downloading their hard drive diagnostic utility; it will probably do a more comprehensive job of testing/repairing your drive than ScanDisk.


2.

Faulting application explorer.exe, version 6.0.2900.2180, faulting module wininet.dll, version 6.0.2900.2180, fault address 0x00037d96.

There can be a number of different causes for this error. Read/try some of the pertinent fixes in these Microsoft support articles on the issue.

0

Problem solved.... the index.dat file was corruptted on the harddrive and scandisk fixed it. Who would have thought it would have been so simple. :rolleyes:

Thanks for your help DMR! :D

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.