Internet Explorer error Messages [HJT Log]

To anyone nad everyoone out there that may be able to help,

I am trying to download a program from a financial services website but as soon as I hit the download key IE comes up with a error message that state IE will be closing down due to an error that occured. As soon as I click on close the whole IE shuts down.

Please help, i'm desperate

Thanks a mil

Carl

 

Reading your other thread tells me you have a nasty infection. SpySheriff is malware and eAccelerator has been considered so in the past.

Do oyu have another computer that you can download programs on then burn them to a CD? If so download and burn the following programs to install on your computer then follow the directions.

Download, update, run and remove anything they find (read the tutorials to set them up);

Ewido Security Suite

Ewido Security Suite tutorial

AdAware

AdAware tutorial


SpyBot S&D

SpyBot tutorial

Please go to control panel/ folder options/ view and select show hidden and system files
Also uncheck "hide file extensions of known file types "

The first thing you should do after you download HijackThis is follow this.

Put HijackThis in a Permanent folder.

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis ". Now you have C:\HJT.

Put your HijackThis.exe there, and double click to run it.
Click the button Do a sytem scan and save a logfile.
This will open the logfile in Notepad. You will need to copy & paste the complete log into your HijackThis thread.

This will allow backups to be made and saved By Hijack This in case something goes wrong.


HijackThis 1.99.1

HijackThis Quick Start Guide

After doing all this post the HJT log at http://www.windowsbbs.com/forumdisplay.php?f=41.

Windows BBS > Operating Systems > Windows 2000 >IE Error messages

 

Thanks for the reply guys, I'm using XP 2000 and tried to upgrade it to SP1, don't know how successful it was.

I have already downloaded and ran Skybod earlier and it removed quite a number of traces, if I don't have another computer, can I download the other two programs onto this machine directly from the internet and then follow the rest of the process as described?

Thanks again for teh help

 

when I download XP SP1 a message pops up saying the expected version was not found on my computer thus SP 1 can not be installed?????

 

Okay, I have gone through all the processes and have attached the hijack logfile below. Just one other thing, Spybot seems to have trouble getting rid of one file related to EAnthology on my C drive, but I can't find teh file on my c-drive, and furthermore, Spybot says an important registry entry was changed in Category : System Startup-global entry, Change : Value added by name of wextract_cleanup0 but the window that pops up won't allow me to see what options I have on this, ie. to accept or whatever. It mentions the new entry to be rundll32.exe C:\WINDOWS\System32\advpack.dll, DelNodeRunDLL32 "C:\DOCUM 2\Carl\LOCALS 1|Temp\IXP000.TMP\ "
After running all the anti-virus software my screensaver seems to have shrunken and is not full screen size anymore. I have no clue what all teh above means.


Here's the log file:


Logfile of HijackThis v1.99.1
Scan saved at 6:56:15 AM, on 3/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\BSS\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\HPConfig.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\BSS\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CallMe\CallMe.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Carl\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\WindowsXP-KB329441-x86-ENU.exe
c:\e84fc0fbbc995069ab\xpsp1hfm.exe
c:\e84fc0fbbc995069ab\sp1\update\update.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/notebooks/omnibook/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.20:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Internet Explorer\BSS\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Internet Explorer\BSS\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Internet Explorer\BSS\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CallMe.lnk = C:\Program Files\CallMe\CallMe.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://beacon.dnsalias.net/Remote/msrdp.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O18 - Protocol hijack: ct - {774E529C-2458-48A2-8F57-3ED3105D8612}
O18 - Protocol: cw - {774E529C-2458-48A2-8F57-3ED3105D8612} - C:\Program Files\CaseWare\cwproto.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Internet Explorer\BSS\ewido anti-malware\ewidoctrl.exe
O23 - Service: FWService - Unknown owner - C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe (file missing)
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe



Whenever you guys have a moment please have a look and give me some direction as to which files need to be repaired/deleted.

Thanks guys

Carl

 

Correction, Spybot can't seem to fix an eAcceleration file on my c drive. I have checked, there are only two files in that folder called:
asiclayer.dll AND shexhook.dll

What are these files, Spybot can't remove them because they are running constantly. What should I do?

Thanks

Carl

 

Hi to everyone that responded.

I went through your instructions regarding the different spyware and adware removal programs and my IE is now working.

Thnak you very much

Take care