1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Explorer xp

Discussion in 'Windows XP' started by porky, Feb 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. porky

    porky Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    17
    Hello guys and gals
    My problem is I cannot close Internet explorer in xp.
    Also I cannot download anyfiles. I would appreciate any help.

    Thank You
    Porky
    :confused:
     
  2. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi porky

    If you post your startup list we may be able to spot something

    Please post your startup list by doing the following :-

    Please go here and download startuplist 1.51 :-

    http://www.lurkhere.com/~nicefiles/

    Download to any folder or your desktop
    Unzip the zipfile
    Double click the exe file
    go to Edit - select all - copy - and paste the results in a new post here

    steam
     
  3. porky

    porky Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    17
    Here is the startup list report generated by StartupList.EXE.
    I hope this helps.

    StartupList report, 02/14/2003, 3:26:59 PM
    StartupList version: 1.51
    Started from : C:\Documents and Settings\Robert Perreault_2\Desktop\startuplist151\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\WINDOWS\System32\driverpg.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\WINDOWS\System32\lexpps.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Robert Perreault_2\Desktop\startuplist151\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    setFTPBack = C:\WINDOWS\System32\createsw.exe
    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    POINTER = C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    Lexmark X74-X75 = "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    Sentry = C:\WINDOWS\Sentry.exe
    NAV Agent = C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    KAZAA = C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY
    BMail Installation = C:\Program Files\iMesh\Client\FTP_back.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - c:\windows\iexplorr22.dll - {39AF31DD-EAFC-45EA-A56C-385B52E25CC0}
    (no name) - C:\WINDOWS\system32\m030106shop.dll - {3A279869-C6B6-4410-A041-0435DE6AD916}
    MediaLoads Enhanced - C:\Program Files\MediaLoads Enhanced\ME1.DLL - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    (no name) - c:\windows\iexplorr11.dll - {BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A}
    NAV Helper - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer.job
    Norton SystemWorks One Button Checkup.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{0335A685-ED24-4F7B-A08E-3BD15D84E668}]
    CODEBASE = http://www.photoparade.com/autoinstall/phpsetup.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe

    [{6CB5E471-C305-11D3-99A8-000086395495}]
    CODEBASE = http://toolbar.google.com/data/en/deleon/1.1.56-deleon/GoogleNav.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37660.4208680556

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/Z4/heartbeat.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------
    End of report, 5,607 bytes
     
  4. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi porky

    Go to Control panel\add remove programs and see if "downloadware" is listed, if it is uninsyall it.

    Then look for this and uninstall it :-
    Network Essentials (or its variant 'MediaLoads Enhanced')

    I'm checking one or two other things then I will post back

    steam
     
  5. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Download hijackthis

    http://www.spywareinfo.com/downloads.php#det

    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    After the scan has finished the "scan" button will turn into a "save log" button

    save the log file and paste it here

    steam
     
  6. porky

    porky Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    17
    here is the log file hope this helps thanks in advance.
    sorry about the late replLogfile of HijackThis v1.91.2
    Scan saved at 4:16:10 PM, on 02/14/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {39AF31DD-EAFC-45EA-A56C-385B52E25CC0} - c:\windows\iexplorr22.dll
    O2 - BHO: (no name) - {3A279869-C6B6-4410-A041-0435DE6AD916} - C:\WINDOWS\system32\m030106shop.dll
    O2 - BHO: (no name) - {BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A} - c:\windows\iexplorr11.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [setFTPBack] C:\WINDOWS\System32\createsw.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [Sentry] C:\WINDOWS\Sentry.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [BMail Installation] C:\Program Files\iMesh\Client\FTP_back.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://www.photoparade.com/autoinstall/phpsetup.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.56-deleon/GoogleNav.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37660.4208680556
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    y.
     
  7. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi Porky

    There are several items which need to be deleted from your "hijackthis" log - one of the items may be a new BHO and I have pm'd some one who would like have a look at it if it is.

    Please bear with us and do not delete anything untill you get a reply - we'll get back to you as soon as we can.

    steam
     
  8. porky

    porky Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    17
    Thank you Steamwiz. I hope you guys can help me. I am getting frustrated
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Iexplorr22.dll is related to iexplorr11.dll and should be a new InetSpeak variant: http://www.doxdesk.com/parasite/InetSpeak.html

    The other one is totally unknown, and I'd like to have a look at it for analysis.

    Would you mind terribly going to
    C:\WINDOWS\system32, and send me a copy of m030106shop.dll, please?

    It may be an all new baddie, and in that case copies will go to SpyBot's PMK, the Lavasoft folks and other interested parties.

    I'll PM you with my e-mail addie.

    Thanks heaps! :)
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Meanwhile, the following are safe to have Hijack This fix. Before you press "fix checked", be sure to close ALL Internet Explorer windows.

    O2 - BHO: (no name) - {39AF31DD-EAFC-45EA-A56C-385B52E25CC0} - c:\windows\iexplorr22.dll
    O2 - BHO: (no name) - {BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A} - c:\windows\iexplorr11.dll

    O4 - HKLM\..\Run: [Sentry] C:\WINDOWS\Sentry.exe


    As soon as I know more about the other file, I'll get back to you.
     
  11. porky

    porky Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    17
    Tony I can't close Internet explorer window
     
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Ah, I forgot.

    Try this:

    Do a Ctrl-Alt-Delete, highlight Iexplore.exe, and press "end process".

    That should work.
     
  13. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Also, re-reading the beginning of this thread, it seems like restrictions could have been imposed.

    Please do this:

    Download the attached remieres.txt, and rename to remieres.reg

    Doubleclick remieres.reg and answer 'yes' when asked to add its contents to the Registry.

    Now reboot.

    Tell us whether that makes a difference. Can you close IE now?
     

    Attached Files:

  14. porky

    porky Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    17
    I'll try this and get back to you. I'll e-mail that other stuff as soon as I find it. Thank you.
     
  15. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You're welcome! :)

    As it's 1.40 AM down here, I really have to sign off, but I'll be back later.

    Cheers,
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/118822

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice