Problems when running Internet Explorer/Microsoft products

Hi there, I am new here and I hope you guys could help me out.

I am using Windows XP Home edition SP2 on a Pentium 3. Just a few days ago, I just converted from the English edition to the Chinese edition of XP. And yesterday, after installing IE7, Live Messenger and WMP 11, I encountered problems after opening the above problems, particularly IE7.

It says "Internet Explorer has encountered a problem and needs to close." This happens everytime I open a new explorer window, and everytime I log into Live Messenger. I clicked to see the error report and this is the error signature:

AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: unknown
ModVer: 0.0.0.0 Offset: 00130711

And these are the things that I have done:
1. uninstalled IE7
2. uninstalled Live Messenger
3. reinstalled WMP11
4. ran Trend Micro HouseCall
5. ran Ad-Aware
6. ran CCleaner
7. ran Hijackthis scan

...but to no avail. The problem still persists.

Here is my Hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 21:57:42, on 19/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E282449B-0B2F-4059-B89E-D56D5ED05882}: NameServer = 203.198.23.208 205.252.144.126
O20 - Winlogon Notify: msldr32 - C:\WINDOWS\SYSTEM32\msldr32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

What should be done to resolve this problem? I could provide additional information if needed. I would really appreciate any help from any one of you.

Thanks!

 

Hi and welcome

Can you upload this file:

C:\WINDOWS\SYSTEM32\msldr32.dll

To this site please:

http://www.thespykiller.co.uk/index.php?board=1.0

Start yourself a new thread.
Put in subject "Request by Blender "
Put in body a link to this thread.
Press "browse ", locate the requested file.
Hilight it> click "open ".
Press "post" to upload file.

It is normal you cannot see your file you just uploaded cus only "approved" members can see em to download.

let me know here when you have posted.

Next....

Start Hijackthis
Click "open misc tools section "
Click "delete a file at reboot "
In the open box paste this line:

C:\WINDOWS\SYSTEM32\msldr32.dll

Click "open "

You will be asked if you are sure you want to delete file.
Say OK to reboot.

When machine restarts...
Run Hijackthis again, do "system scan only" and check:

O20 - Winlogon Notify: msldr32 - C:\WINDOWS\SYSTEM32\msldr32.dll (file missing)

Close all open windows except Hijackthis & click "fix checked ".
If you get error when fixing this line, just OK it. HJT is trying to back up a non existant file.

Next:

You really need to have an antivirus installed. Being on the internet this day in age with no AV is suicide.

There are some free versions availabble:

Avast:
http://www.avast.com/eng/avast_4_home.html

AVG:
http://free.grisoft.com/doc/1

AntiVir:
http://www.free-av.com/antivirus/allinonen.html

AntiVir I think will be the least felt on system memory yet effective.

Choose one, install it> update it> do full system scan and let it fix/quarentine whatever it finds.

if cleaning was done; reboot to finish cleanup.

Should add a firewall as well. XP has one but ineffective for controlling OUTgoing traffic.

Comodo:
http://www.personalfirewall.comodo.com/

That one is likely the best for not hogging system memory.
I recommend you install it.
Do make sure to disable XP firewall so no conflicts if you install comodo.

Understanding and using firewalls:

http://www.bleepingcomputer.com/tutorials/tutorial60.html

Post fresh hijackthis log and let me know how system is running.

Thanks

 

Hi,

Thanks for your help. I have uploaded the file to the site already : http://www.thespykiller.co.uk/index.php?PHPSESSID=b408af02eabc8e1c40164142f478b0d4&topic=4024.0

I followed your instructions and the IE is running perfectly without any problems currently. I also installed AntiVir and Comodo firewall as well but the only problem is that AntiVir is always unable to connect to the internet to complete the update.

I ran Hijackthis and this is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 21:31:21, on 20/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E282449B-0B2F-4059-B89E-D56D5ED05882}: NameServer = 203.198.23.208 205.252.144.126
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

What else do I need to do now? Should I install IE7 and Live Messenger now?

Really appreciate your help.

 

Hi,

Thanks for the file

Could be a couple reasons for having difficulty to update your AV.

Servers are really busy and you may need to try several times to get updates or you might have blocked one of AntiVir processes access with your firewall.
Looks like others are having difficulty at times as well. Seems half the planet is trying to update.

http://forum.antivir.de/thread.php?threadid=20362&threadview=0&hilight=&hilightuser=0&page=1

These guys should be allowed out if asked by your firewall.

sched.exe
avcenter.exe
avguard.exe
avgnt.exe
update.exe
avconfig.exe
preupd.exe

Check your firewall logs to see if AntiVir is being blocked.

If all is working well yes you can download/IE7 and Live Messenger.

To finally finish cleaning up the infection you had though you should "reset" your restore points to remove any backed up infected files stored there.

Right click "my computer "
Click "properties "
Click "system restore" tab
Checkmark "turn off system restore "
Hit apply> ok> ok.

Reboot

Go back and turn system restore back on by removing the check, hit apply, and OK.

A new restore point is created at this time.
You will not be able to restore computer to any earlier than today.

Since the HJT log is clean, here is some great information from Tony Klein, Texruss, ChrisRLG, TeMerc and Grinler to help you stay clean and safe online:
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I
http://boards.cexx.org/index.php?topic=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://temerc.com/hddncounttuts.html

Let me know how the updates go.

 

Great. It is running perfectly alright now, while AntiVir is still trying to update itself.

Thanks for all your help!

 

Hi,

Glad things are well.
you are welcome.

You check Comodo's logs to make sure it is not blocking something from AntiVir?

Can you update if you run this file:

C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe

Also check these settings in Antivir:

Antivir control panel > Configuration > Expert mode > General > Update
The setting you should have is "use existing connection ( Network)."
Check the Proxy setting, it should be "Do not use a proxy serverâ€

If you had to make changes you may need to restart to have it take effect.

Let me know if you get it to update.

Thanks

 

Hi. Sorry for the late reply! It got an update, but now I have another problem with my computer!

That day I rebooted my computer by pressing the reboot button on it, and it then restarted to the black screen asking me to choose which mode I would like to start Windows in. However, it just keeps bringing me back to this screen again and again no matter I chose to start in Safe mode, the last known good configuration, or start Windows normally. The Windows loading screen did show up for a while, but it restarted itself again and asked me to choose which mode to start in. I have tried many times but to avail, and I couldn't start Windows now.

What could possibly be the problem leading to this? Hope to hear from you soon. Thanks!

 

ewww!!

Why press the reboot button? (You mean the reset button?)
Were you froze up?

Any chance you remember if your antivirus removed something just before you rebooted?

Anything you installed just before the reboot?

In case we need it do you have your XP CD? (the real deal not the recovery cd)

Thanks

 

Hi. Sorry for bringing you so much hassles!

Yes, it was frozen so all I could do was to reset it. And I am sure my antivirus didn't remove anything nor did I install or remove anything before the reboot.

And yes, I do have my XP CD with me.

Thanks for your help!

 

Hi,

Sorry for delay. Connection issues here for me.

No other errors trying to boot?

Lets do a repair install of Windows. I hope you have your XP CD key cus you will need it to do repair.
Doing repair will mean you have to do your Windows updates again but the repair should not hurt any of your other installed programs, personal documents, pictures, music, etc.

How to do repair install:

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

You may want to print that page out so you have it handy at the unbootable computer.

Once you get back up and running please post me a fresh hijackthis log.
let me know how system is running at this ppoint.

Thanks

 

Hi.

Unfortunately, the option "Repair" was not there. It asked to choose which disk to install Windows in and asked something about disk partition.

I tried to follow this one:
http://www.michaelstevenstech.com/XPrepairinstall.htm#warning2

But it just didn't work. It said I have something in my disk which is not repairable.

Perhaps I should just take it to somebody for a repair?

Thanks for your help.