Problems with Explorer

Status
Not open for further replies.

Denium

Beta member
Messages
5
Hi, here's my problem, when I start my PC, I get a error message concerning Internet Explorer. I can't open internet explorer, My computer, Control Panel or any folders. However, in Safe Mode, everything works fine. I've removed all items in my start-up, but still the problem remains. I've scan my PC with Panda, Norton and Bitdefender already. Below is my HijackThis Log. Please Help. Thanx




Logfile of HijackThis v1.98.2
Scan saved at 12:56:50 AM, on 4/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINDOWS\System32\ie2cltr.dll
O2 - BHO: (no name) - {33A0EAAD-C96B-4E52-9FD8-EDDA917EC512} - D:\WINDOWS\System32\akjo.dll (file missing)
O2 - BHO: (no name) - {65E1E63D-52CA-BFA1-A0DD-1E839592A8A2} - D:\WINDOWS\system32\javabn32.dll (file missing)
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - D:\WINDOWS\drexinit.dll
O2 - BHO: IE SP2 AddOn - {C8E6F01E-312A-4782-A68E-4500289611B8} - D:\WINDOWS\System32\spppy.dll
O2 - BHO: ActiveX Control - {EBD4195E-B6E4-4604-980B-1A145EDB1CDF} - D:\WINDOWS\System32\msvvw.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINDOWS\System32\ie2cltr.dll
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [mptsgsvc.exe] mptsgsvc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4461A251-3891-4EE3-AA43-D77D295D20CE}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{77CF270E-AAD6-4663-B8C7-A31D3496B11F}: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - D:\WINDOWS\System32\Adccmh32.dll
 
Hello Denium

Welcome to Tech Forums

Download, then unzip to "C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.

===============

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u ie2cltr.dll
regsvr32 /u drexinit.dll
regsvr32 /u spppy.dll
regsvr32 /u msvvw.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R3 - Default URLSearchHook is missing

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINDOWS\System32\ie2cltr.dll
O2 - BHO: (no name) - {33A0EAAD-C96B-4E52-9FD8-EDDA917EC512} - D:\WINDOWS\System32\akjo.dll (file missing)
O2 - BHO: (no name) - {65E1E63D-52CA-BFA1-A0DD-1E839592A8A2} - D:\WINDOWS\system32\javabn32.dll (file missing)
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - D:\WINDOWS\drexinit.dll
O2 - BHO: IE SP2 AddOn - {C8E6F01E-312A-4782-A68E-4500289611B8} - D:\WINDOWS\System32\spppy.dll
O2 - BHO: ActiveX Control - {EBD4195E-B6E4-4604-980B-1A145EDB1CDF} - D:\WINDOWS\System32\msvvw.dll

O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINDOWS\System32\ie2cltr.dll

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
...(Unless you've set these with a anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)

O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binari...ice_9_EN_XP.cab
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - D:\WINDOWS\System32\Adccmh32.dll


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

files...

D:\WINDOWS\System32\ie2cltr.dll
D:\WINDOWS\drexinit.dll
D:\WINDOWS\System32\spppy.dll
D:\WINDOWS\System32\msvvw.dll
D:\WINDOWS\System32\Adccmh32.dll

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let me know how everything goes.

-

Lobos.
 
if you could give me another HjT log with the updated verion of 1.99.1 there may be more to see that should be cleaned.

Lobos
 
Remove entries at your own risk


R3 - Default URLSearchHook is missing Should be fixed if you do not know the application or if no application is mentioned. This entry should be fixed.

O2 - BHO: (no name) - {33A0EAAD-C96B-4E52-9FD8-EDDA917EC512} - D:\WINDOWS\System32\akjo.dll (file missing Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {33A0EAAD-C96B-4E52-9FD8-EDDA917EC512} - D:\WINDOWS\System32\akjo.dll (file missing)
Unnecessarily Entries found in this registry zone are potentially nasty. This application ([33A0EAAD-C96B-4E52-9FD8-EDDA917EC512] - Result: ) has been checked. Hit rate: -1 % Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {65E1E63D-52CA-BFA1-A0DD-1E839592A8A2} - D:\WINDOWS\system32\javabn32.dll (file missing) Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - D:\WINDOWS\drexinit.dll
Unknown Entries found in this registry zone are potentially nasty. This application ([A0269420-A638-4509-889C-8FC3CC85DA7E] - Result: ) has been checked. Hit rate: -1 % Unknown application.

O2 - BHO: IE SP2 AddOn - {C8E6F01E-312A-4782-A68E-4500289611B8} - D:\WINDOWS\System32\spppy.dll
Unknown Entries found in this registry zone are potentially nasty. This application ([C8E6F01E-312A-4782-A68E-4500289611B8] - Result: ) has been checked. Hit rate: -1 % Unknown application.

O2 - BHO: ActiveX Control - {EBD4195E-B6E4-4604-980B-1A145EDB1CDF} - D:\WINDOWS\System32\msvvw.dll Unknown application.

O4 - HKLM\..\RunOnce: [mptsgsvc.exe] mptsgsvc.exe It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.

O15 - Trusted Zone: *.frame.crazywinnings.com If you did not add these pages to your trusted pages, they should be fixed.

O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binari...ice_9_EN_XP.cab Should be fixed.

O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - D:\WINDOWS\System32\Adccmh32.dll
 
Status
Not open for further replies.
Back
Top Bottom