IE Shuts down regularly

  • Thread starter Thread starter Matt Williams
  • Start date Start date
M

Matt Williams

With more and more frequency I am getting an "IEXPLORE.exe has generated
errors and will be closed by Windows. You will need to restart the program.
An error log is being created." Today it got to the point where every time I
logged onto ESPN.com the error appeared.

I have scanned the hard drive with Norton AntiVirus 2005, getting no
viruses. I then uninstalled Norton because it was interacting with my AT&T
DSL Service causing regular lost connections. I then installed and scanned
with AVG Anti-Virus 8.0. In addition I have addressed spyware/adware by first
installing and scanning with SpyBot, then uninstalling SpyBot and installing
and scanning with AVG Anti Spy Ware, then uninstalling AVG Spy Ware and
installing. and scanning with SuperAntiSpyWare.

Currently AVG AntiVirus 8.0 and SuperAntiSpyWare are resident on my machine.

Prior to submitting this post, I performed one more scan using Trend Micro's
HouseCall online scan. It found HTML_IFRAME.HT and ADWARE_BESTOFFERS. I had
it remove both, and then scanned one more time. That scan said I was clean
except for 23 "profileing cookies" which HouseCall did not suggest fixing.

After that second HouseCall scan I was still getting the "IEXPLORE.exe has
generated errors and will be closed by Windows. You will need to restart the
program. An error log is being created." error.

The following is my HijackThis scan log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:16 PM, on 6/15/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\WINNT\MWW32\MANAGER\MWSSW32.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco\Vpn Client\cvpnd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\system32\tp4mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe
C:\Cache\Temporary Internet Files\Content.IE5\8LMV012F\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NTime] ntime.exe
O4 - HKLM\..\Run: [CW3DSound] CWD3DSnd.exe
O4 - HKLM\..\Run: [Modem Update Reminder]
C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self
Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: ThinkPad Modem Copyright.lnk =
C:\WINNT\MWW32\manager\mwcpyrt.exe
O4 - Global Startup: UC Davis Health System VPN Client.lnk = C:\Program
Files\Cisco\Vpn Client\vpngui.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program
Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program
Files\ieSpell\wikipedia.HTM
O13 - WWW. Prefix: http://
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/29455573fa6 ... xIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
https://www.ibm.com/pc/support/access/s ... mEgath.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc.
- C:\Program Files\Cisco\Vpn Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program
Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. -
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program
Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM
Corporation - C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE

--
End of file - 5647 bytes

Thank you for your help.

Matt Williams
 
We do not handle HijackThis logs in the public newsgroups, Matt.

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, http://aumha.net/viewforum.php?f=30, or
other appropriate forum for review by an expert in such matters, not here.**

NOTES & OBSERVATIONS:

You need to download & run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

AVG v8.0 includes AVG Anti-Spyware now so you don't need the latter
installed anymore.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/



Matt said:
With more and more frequency I am getting an "IEXPLORE.exe has generated
errors and will be closed by Windows. You will need to restart the
program.
An error log is being created." Today it got to the point where every time
I
logged onto ESPN.com the error appeared.

I have scanned the hard drive with Norton AntiVirus 2005, getting no
viruses. I then uninstalled Norton because it was interacting with my AT&T
DSL Service causing regular lost connections. I then installed and scanned
with AVG Anti-Virus 8.0. In addition I have addressed spyware/adware by
first installing and scanning with SpyBot, then uninstalling SpyBot and
installing and scanning with AVG Anti Spy Ware, then uninstalling AVG Spy
Ware and installing. and scanning with SuperAntiSpyWare.

Currently AVG AntiVirus 8.0 and SuperAntiSpyWare are resident on my
machine.

Prior to submitting this post, I performed one more scan using Trend
Micro's
HouseCall online scan. It found HTML_IFRAME.HT and ADWARE_BESTOFFERS. I
had
it remove both, and then scanned one more time. That scan said I was clean
except for 23 "profileing cookies" which HouseCall did not suggest fixing.

After that second HouseCall scan I was still getting the "IEXPLORE.exe has
generated errors and will be closed by Windows. You will need to restart
the
program. An error log is being created." error.

The following is my HijackThis scan log
<snip>
 
1. Run Deckard's System Scanner (DSS
http://securitynewsfromthenet.blogspot.com/2008/06/deckards-system-scanner-dss.html

2. Run the vundo and combo fix
http://securitynewsfromthenet.blogspot.com/2007/05/vundofix-and-combo-fix.html

3. Run Malwarebytes Anti-Malwar
http://securitynewsfromthenet.blogspot.com/2008/03/malwarebytes-anti-malware-105.html

4. Run the anti spyware removal programs spybot
http://securitynewsfromthenet.blogspot.com/2007/03/spybot-search-and-destroy-spyware-and.html

5 Run Superantispyware
http://securitynewsfromthenet.blogspot.com/2007/04/superantispyware-home-edition-free.html

6. Run a complete scan with free curing utility Dr.Web CureIt!
http://securitynewsfromthenet.blogspot.com/2008/05/dr-web-cureit.html

Matt Williams said:
With more and more frequency I am getting an "IEXPLORE.exe has generated
errors and will be closed by Windows. You will need to restart the program.
An error log is being created." Today it got to the point where every time I
logged onto ESPN.com the error appeared.

I have scanned the hard drive with Norton AntiVirus 2005, getting no
viruses. I then uninstalled Norton because it was interacting with my AT&T
DSL Service causing regular lost connections. I then installed and scanned
with AVG Anti-Virus 8.0. In addition I have addressed spyware/adware by first
installing and scanning with SpyBot, then uninstalling SpyBot and installing
and scanning with AVG Anti Spy Ware, then uninstalling AVG Spy Ware and
installing. and scanning with SuperAntiSpyWare.

Currently AVG AntiVirus 8.0 and SuperAntiSpyWare are resident on my machine.

Prior to submitting this post, I performed one more scan using Trend Micro's
HouseCall online scan. It found HTML_IFRAME.HT and ADWARE_BESTOFFERS. I had
it remove both, and then scanned one more time. That scan said I was clean
except for 23 "profileing cookies" which HouseCall did not suggest fixing.

After that second HouseCall scan I was still getting the "IEXPLORE.exe has
generated errors and will be closed by Windows. You will need to restart the
program. An error log is being created." error.

The following is my HijackThis scan log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:16 PM, on 6/15/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\WINNT\MWW32\MANAGER\MWSSW32.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco\Vpn Client\cvpnd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\system32\tp4mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe
C:\Cache\Temporary Internet Files\Content.IE5\8LMV012F\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NTime] ntime.exe
O4 - HKLM\..\Run: [CW3DSound] CWD3DSnd.exe
O4 - HKLM\..\Run: [Modem Update Reminder]
C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self
Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: ThinkPad Modem Copyright.lnk =
C:\WINNT\MWW32\manager\mwcpyrt.exe
O4 - Global Startup: UC Davis Health System VPN Client.lnk = C:\Program
Files\Cisco\Vpn Client\vpngui.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program
Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program
Files\ieSpell\wikipedia.HTM
O13 - WWW. Prefix: http://
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/29455573fa6 ... xIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
https://www.ibm.com/pc/support/access/s ... mEgath.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc.
- C:\Program Files\Cisco\Vpn Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program
Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. -
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program
Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM
Corporation - C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE

--
End of file - 5647 bytes

Thank you for your help.

Matt Williams
 
Robear, Thanks for your response. I have posted the log to auhma.org. I
included it here for FYI purposes, and to indicate the steps I've taken. It
sounds like you are suggesting that my next step(s) will bwe determined by
the response I get from auhma.

I did use the Norton Removal Tool to remove NAV 2005, and I removed AVG
Anti-spyware prior to installing SuperAntiSpy.

Matt
 
Thank you D T. I'll take those steps.

Matt

Dell Techie said:
1. Run Deckard's System Scanner (DSS)
http://securitynewsfromthenet.blogspot.com/2008/06/deckards-system-scanner-dss.html

2. Run the vundo and combo fix
http://securitynewsfromthenet.blogspot.com/2007/05/vundofix-and-combo-fix.html

3. Run Malwarebytes Anti-Malware
http://securitynewsfromthenet.blogspot.com/2008/03/malwarebytes-anti-malware-105.html

4. Run the anti spyware removal programs spybot
http://securitynewsfromthenet.blogspot.com/2007/03/spybot-search-and-destroy-spyware-and.html

5 Run Superantispyware
http://securitynewsfromthenet.blogspot.com/2007/04/superantispyware-home-edition-free.html

6. Run a complete scan with free curing utility Dr.Web CureIt!
http://securitynewsfromthenet.blogspot.com/2008/05/dr-web-cureit.html

Matt Williams said:
With more and more frequency I am getting an "IEXPLORE.exe has generated
errors and will be closed by Windows. You will need to restart the program.
An error log is being created." Today it got to the point where every time I
logged onto ESPN.com the error appeared.

I have scanned the hard drive with Norton AntiVirus 2005, getting no
viruses. I then uninstalled Norton because it was interacting with my AT&T
DSL Service causing regular lost connections. I then installed and scanned
with AVG Anti-Virus 8.0. In addition I have addressed spyware/adware by first
installing and scanning with SpyBot, then uninstalling SpyBot and installing
and scanning with AVG Anti Spy Ware, then uninstalling AVG Spy Ware and
installing. and scanning with SuperAntiSpyWare.

Currently AVG AntiVirus 8.0 and SuperAntiSpyWare are resident on my machine.

Prior to submitting this post, I performed one more scan using Trend Micro's
HouseCall online scan. It found HTML_IFRAME.HT and ADWARE_BESTOFFERS. I had
it remove both, and then scanned one more time. That scan said I was clean
except for 23 "profileing cookies" which HouseCall did not suggest fixing.

After that second HouseCall scan I was still getting the "IEXPLORE.exe has
generated errors and will be closed by Windows. You will need to restart the
program. An error log is being created." error.

The following is my HijackThis scan log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:16 PM, on 6/15/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\WINNT\MWW32\MANAGER\MWSSW32.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco\Vpn Client\cvpnd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\system32\tp4mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe
C:\Cache\Temporary Internet Files\Content.IE5\8LMV012F\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NTime] ntime.exe
O4 - HKLM\..\Run: [CW3DSound] CWD3DSnd.exe
O4 - HKLM\..\Run: [Modem Update Reminder]
C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self
Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: ThinkPad Modem Copyright.lnk =
C:\WINNT\MWW32\manager\mwcpyrt.exe
O4 - Global Startup: UC Davis Health System VPN Client.lnk = C:\Program
Files\Cisco\Vpn Client\vpngui.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program
Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program
Files\ieSpell\wikipedia.HTM
O13 - WWW. Prefix: http://
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/29455573fa6 ... xIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
https://www.ibm.com/pc/support/access/s ... mEgath.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc.
- C:\Program Files\Cisco\Vpn Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program
Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. -
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program
Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM
Corporation - C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE

--
End of file - 5647 bytes

Thank you for your help.

Matt Williams
 
Do NOT use/run any of those tools yet, other than perhaps #4 thru #6.

Matt said:
Thank you D T. I'll take those steps.

:
1. Run Deckard's System Scanner (DSS)
http://securitynewsfromthenet.blogspot.com/2008/06/deckards-system-scanner-dss.html

And then do what with its logs Main.txt and Extra.txt? (DSS doesn't "fix"
anything, DT.)

And then do what with the 2 logs?

And then do what with the MBAM log? (Kinda overkill here, if you've already
run VundoFix and ComboFix.)

<pft> #4, #5, & #6 should be run BEFORE running any of the others.
 
PA Bear, that thread has been out there now for two weeks without any
response. Given the fact that the volunteers there may be swamped, should I
post the log elsewhere? Thanks for your advice.

Matt
 
From a private source:

<QP>
********************
TOP ISSUES OF MAY:
********************
<snip>

Issue #5
========
When you opened IE6 on Windows 2000 Server SP4, it [hangs]...

Cause
========
Google Toolbar was not correctly installed.

Resolution
========
Uninstall and reinstall Google Toolbar.
</QP>
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
 
Thanks for the heads up. Back in April in a previous thread, you and others
suggested uninstalling Google Toolbar, which I did at that time. I got a
Regedit expert here locally to double check to see if it was fully
uninstalled, and to the best of our collective knowledge it is.

Matt

PA Bear said:
From a private source:

<QP>
********************
TOP ISSUES OF MAY:
********************
<snip>

Issue #5
========
When you opened IE6 on Windows 2000 Server SP4, it [hangs]...

Cause
========
Google Toolbar was not correctly installed.

Resolution
========
Uninstall and reinstall Google Toolbar.
</QP>
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Matt said:
PA Bear, that thread has been out there now for two weeks without any
response. Given the fact that the volunteers there may be swamped, should
I
post the log elsewhere? Thanks for your advice.
 
With that said, there do appear to be references to Google Toolbar in the
HijackThis log, so I have to emphasize the "to the best of our collective
knowledge" part of my post above.

Matt

Matt Williams said:
Thanks for the heads up. Back in April in a previous thread, you and others
suggested uninstalling Google Toolbar, which I did at that time. I got a
Regedit expert here locally to double check to see if it was fully
uninstalled, and to the best of our collective knowledge it is.

Matt

PA Bear said:
From a private source:

<QP>
********************
TOP ISSUES OF MAY:
********************
<snip>

Issue #5
========
When you opened IE6 on Windows 2000 Server SP4, it [hangs]...

Cause
========
Google Toolbar was not correctly installed.

Resolution
========
Uninstall and reinstall Google Toolbar.
</QP>
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Matt said:
PA Bear, that thread has been out there now for two weeks without any
response. Given the fact that the volunteers there may be swamped, should
I
post the log elsewhere? Thanks for your advice.

:
Your thread is http://aumha.net/viewtopic.php?f=30&t=33875

Someone should be with your shortly, please be patient.


Matt Williams wrote:
Robear, Thanks for your response. I have posted the log to auhma.org.
I
included it here for FYI purposes, and to indicate the steps I've taken.
It
sounds like you are suggesting that my next step(s) will bwe determined
by
the response I get from auhma.

I did use the Norton Removal Tool to remove NAV 2005, and I removed AVG
Anti-spyware prior to installing SuperAntiSpy.

Matt

:

We do not handle HijackThis logs in the public newsgroups, Matt.

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
use.
It will help you to both identify and remove any hijackware/spyware
with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://aumha.net/viewforum.php?f=30,
or
other appropriate forum for review by an expert in such matters, not
here.**

NOTES & OBSERVATIONS:

You need to download & run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

AVG v8.0 includes AVG Anti-Spyware now so you don't need the latter
installed anymore.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/



Matt Williams wrote:
With more and more frequency I am getting an "IEXPLORE.exe has
generated
errors and will be closed by Windows. You will need to restart the
program.
An error log is being created." Today it got to the point where every
time
I
logged onto ESPN.com the error appeared.

I have scanned the hard drive with Norton AntiVirus 2005, getting no
viruses. I then uninstalled Norton because it was interacting with my
AT&T
DSL Service causing regular lost connections. I then installed and
scanned
with AVG Anti-Virus 8.0. In addition I have addressed spyware/adware
by
first installing and scanning with SpyBot, then uninstalling SpyBot
and
installing and scanning with AVG Anti Spy Ware, then uninstalling AVG
Spy
Ware and installing. and scanning with SuperAntiSpyWare.

Currently AVG AntiVirus 8.0 and SuperAntiSpyWare are resident on my
machine.

Prior to submitting this post, I performed one more scan using Trend
Micro's
HouseCall online scan. It found HTML_IFRAME.HT and ADWARE_BESTOFFERS.
I
had
it remove both, and then scanned one more time. That scan said I was
clean
except for 23 "profileing cookies" which HouseCall did not suggest
fixing.

After that second HouseCall scan I was still getting the "IEXPLORE.exe
has
generated errors and will be closed by Windows. You will need to
restart
the
program. An error log is being created." error.

The following is my HijackThis scan log
<snip>
 
I've posted some other observations in your thread.

Matt said:
With that said, there do appear to be references to Google Toolbar in the
HijackThis log, so I have to emphasize the "to the best of our collective
knowledge" part of my post above.

Matt

Matt Williams said:
Thanks for the heads up. Back in April in a previous thread, you and
others suggested uninstalling Google Toolbar, which I did at that time.
I
got a Regedit expert here locally to double check to see if it was fully
uninstalled, and to the best of our collective knowledge it is.

Matt

PA Bear said:
From a private source:

<QP>
********************
TOP ISSUES OF MAY:
********************
<snip>

Issue #5
========
When you opened IE6 on Windows 2000 Server SP4, it [hangs]...

Cause
========
Google Toolbar was not correctly installed.

Resolution
========
Uninstall and reinstall Google Toolbar.
</QP>
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Matt Williams wrote:
PA Bear, that thread has been out there now for two weeks without any
response. Given the fact that the volunteers there may be swamped,
should I
post the log elsewhere? Thanks for your advice.

:
Your thread is http://aumha.net/viewtopic.php?f=30&t=33875

Someone should be with your shortly, please be patient.


Matt Williams wrote:
Robear, Thanks for your response. I have posted the log to
auhma.org.
I
included it here for FYI purposes, and to indicate the steps I've
taken. It
sounds like you are suggesting that my next step(s) will bwe
determined
by
the response I get from auhma.

I did use the Norton Removal Tool to remove NAV 2005, and I removed
AVG
Anti-spyware prior to installing SuperAntiSpy.

Matt

:

We do not handle HijackThis logs in the public newsgroups, Matt.

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
use.
It will help you to both identify and remove any hijackware/spyware
with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://aumha.net/viewforum.php?f=30,
or
other appropriate forum for review by an expert in such matters, not
here.**

NOTES & OBSERVATIONS:

You need to download & run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

AVG v8.0 includes AVG Anti-Spyware now so you don't need the latter
installed anymore.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/



Matt Williams wrote:
With more and more frequency I am getting an "IEXPLORE.exe has
generated
errors and will be closed by Windows. You will need to restart the
program.
An error log is being created." Today it got to the point where
every
time
I
logged onto ESPN.com the error appeared.

I have scanned the hard drive with Norton AntiVirus 2005, getting
no
viruses. I then uninstalled Norton because it was interacting with
my
AT&T
DSL Service causing regular lost connections. I then installed and
scanned
with AVG Anti-Virus 8.0. In addition I have addressed
spyware/adware
by
first installing and scanning with SpyBot, then uninstalling SpyBot
and
installing and scanning with AVG Anti Spy Ware, then uninstalling
AVG
Spy
Ware and installing. and scanning with SuperAntiSpyWare.

Currently AVG AntiVirus 8.0 and SuperAntiSpyWare are resident on my
machine.

Prior to submitting this post, I performed one more scan using
Trend
Micro's
HouseCall online scan. It found HTML_IFRAME.HT and
ADWARE_BESTOFFERS.
I
had
it remove both, and then scanned one more time. That scan said I
was
clean
except for 23 "profileing cookies" which HouseCall did not suggest
fixing.

After that second HouseCall scan I was still getting the
"IEXPLORE.exe has
generated errors and will be closed by Windows. You will need to
restart
the
program. An error log is being created." error.

The following is my HijackThis scan log
<snip>
 
Thanks

PA Bear said:
I've posted some other observations in your thread.

Matt said:
With that said, there do appear to be references to Google Toolbar in the
HijackThis log, so I have to emphasize the "to the best of our collective
knowledge" part of my post above.

Matt

Matt Williams said:
Thanks for the heads up. Back in April in a previous thread, you and
others suggested uninstalling Google Toolbar, which I did at that time.
I
got a Regedit expert here locally to double check to see if it was fully
uninstalled, and to the best of our collective knowledge it is.

Matt

:

From a private source:

<QP>
********************
TOP ISSUES OF MAY:
********************
<snip>

Issue #5
========
When you opened IE6 on Windows 2000 Server SP4, it [hangs]...

Cause
========
Google Toolbar was not correctly installed.

Resolution
========
Uninstall and reinstall Google Toolbar.
</QP>
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


Matt Williams wrote:
PA Bear, that thread has been out there now for two weeks without any
response. Given the fact that the volunteers there may be swamped,
should I
post the log elsewhere? Thanks for your advice.

:
Your thread is http://aumha.net/viewtopic.php?f=30&t=33875

Someone should be with your shortly, please be patient.


Matt Williams wrote:
Robear, Thanks for your response. I have posted the log to
auhma.org.
I
included it here for FYI purposes, and to indicate the steps I've
taken. It
sounds like you are suggesting that my next step(s) will bwe
determined
by
the response I get from auhma.

I did use the Norton Removal Tool to remove NAV 2005, and I removed
AVG
Anti-spyware prior to installing SuperAntiSpy.

Matt

:

We do not handle HijackThis logs in the public newsgroups, Matt.

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
use.
It will help you to both identify and remove any hijackware/spyware
with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://aumha.net/viewforum.php?f=30,
or
other appropriate forum for review by an expert in such matters, not
here.**

NOTES & OBSERVATIONS:

You need to download & run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

AVG v8.0 includes AVG Anti-Spyware now so you don't need the latter
installed anymore.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/



Matt Williams wrote:
With more and more frequency I am getting an "IEXPLORE.exe has
generated
errors and will be closed by Windows. You will need to restart the
program.
An error log is being created." Today it got to the point where
every
time
I
logged onto ESPN.com the error appeared.

I have scanned the hard drive with Norton AntiVirus 2005, getting
no
viruses. I then uninstalled Norton because it was interacting with
my
AT&T
DSL Service causing regular lost connections. I then installed and
scanned
with AVG Anti-Virus 8.0. In addition I have addressed
spyware/adware
by
first installing and scanning with SpyBot, then uninstalling SpyBot
and
installing and scanning with AVG Anti Spy Ware, then uninstalling
AVG
Spy
Ware and installing. and scanning with SuperAntiSpyWare.

Currently AVG AntiVirus 8.0 and SuperAntiSpyWare are resident on my
machine.

Prior to submitting this post, I performed one more scan using
Trend
Micro's
HouseCall online scan. It found HTML_IFRAME.HT and
ADWARE_BESTOFFERS.
I
had
it remove both, and then scanned one more time. That scan said I
was
clean
except for 23 "profileing cookies" which HouseCall did not suggest
fixing.

After that second HouseCall scan I was still getting the
"IEXPLORE.exe has
generated errors and will be closed by Windows. You will need to
restart
the
program. An error log is being created." error.

The following is my HijackThis scan log
<snip>
 
Back
Top