Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Not Opening + More...


  • Please log in to reply
4 replies to this topic

#1 big_alex

big_alex

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 26 January 2007 - 09:24 PM

Hey guys, i have this problem when i restart my computer, and when i go into 2/3 log in's, it takes a while (about 2-5 minutes) for everything to boot (meaning that i can connect to the internet, and open folders). Then after that's done i cant even open up any folders or IE. Right now im using my other log in (on the same computer) which works fine (fingers crossed).

Here is my Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:20:59 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1C6F230-CCA9-4253-A839-C5AF0417493A}: NameServer = 206.47.244.110 206.47.244.61
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

I will be running a Ewido AntiMalware scan right now...

Please assist me in fixing this computer,
Thanks,
Alex

BC AdBot (Login to Remove)

 


m

#2 big_alex

big_alex
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 27 January 2007 - 12:03 AM

bump, here is the ewido anti malware scan results:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:00:26 AM, 1/27/2007
+ Report-Checksum: EC1B4AE8

+ Scan result:

C:\Documents and Settings\Alexander\Cookies\alexander@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@e-2dj6wakoqoajohq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@e-2dj6wflosndzskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@e-2dj6wgloojcpmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Alexander\Cookies\alexander@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@e-2dj6wjmiqldpiao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Rick\Cookies\rick@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Sandra\Cookies\sandra@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup


::Report End

#3 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 28 January 2007 - 07:23 AM

Well, you probably have a corrupted profile...

We can't fix that so we have to create a new profile and move the profile data:

Create new profile:

Go to Start > Control Panel

Double-Click User Accounts
Choose Create a new Account
Type any name for the account then click Next
Choose Computer Administrator then click Create Account

Log off your current account.

Reboot your computer, then log-in to the new account you just created.

Move profile data:

Please follow all instructions exactly - I would advise printing them out:

1.) I need you to create a third Administrator account.

2.) Log-off your account and log-in to the third account.

3.) Go into Windows Explorer. You can get to Windows Explorer by going to Start > Run and typing: explorer
Once in Windows Explorer, go up to View > Explorer Bar and put a check next to "Folders".

4.) Then go up to Tools > Folder Options. Click the "View" tab and click "Show Hidden Files and Folders". UNcheck "Hide File Extensions for known file types" and UNcheck "Hide protected operating system files"

5.) Navigate to this folder:

C:\Documents and Settings\Old Username

Old Username is not the actual name of that folder. The name of this folder is whatever name you have for the account with problems.

Once inside that folder, PRESS and HOLD the Ctrl key. Then use your mouse and LEFT-click ALL files and folders to highlight them EXCEPT the following:

Ntuser.dat
Ntuser.dat.log
Ntuser.ini

Do NOT highlight those 3 files.

Once all files and folders are highlighted (except the above three!) go up to "Edit > Copy"

Now, navigate to this folder:

C:\Documents and Settings\New Username

New Username is whatever the name of your second account (make sure it's NOT the 3rd account!)

Once inside that folder, go up to "Edit > Paste"

Now, log-off the third account and log-in into the second account and your data will be there now. :thumbsup:

If you use Outlook Express for your e-mails, please follow the instructions in this topic to move the e-mails/address book to your new profile:

http://support.microsoft.com/kb/313055/

----------------------------------------------------

Please tell me if that worked for you!

#4 big_alex

big_alex
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 28 January 2007 - 10:38 AM

thanks for the response, actually i ran a spyware scan using spyware doctor, now my computer seems to be running faster and IE loads much quicker and seems to be working fine.

Thanks for your help though
Alex

#5 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 28 January 2007 - 11:47 AM

This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts. If you are running Windows XP make sure you get updated to SP-2!!

    Please post back if you are still having any problems....

    Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users