Jump to content


Photo

IE Freezes + Steals Focus After Using Address Bar


  • This topic is locked This topic is locked
17 replies to this topic

#1 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 14 December 2005 - 02:40 PM

Hello all.

Internet Explorer 6.0.2900.2180.xpsp_so2_gdr.050301-1519
Freezes / continuously steals focus when entering anything into the address bar and pressing enter. I can click links already on pages just fine, but it seems if I try to do anything through the buttons on the top it freezes/steals focus over and over. Ran MS AntiSpyware : nothing found. Ran Norton: no virus found. I recently tried reinstalling SP2 to hopefully restore IE to its former glory but no dice.

edit: This just in ... I'm now also recieving C++ Buffer Overrun errors on AIM.exe which leads me to believe I have a virus even though norton says I don't.
my log:

Logfile of HijackThis v1.99.1
Scan saved at 3:31:54 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\WINDOWS\system32\cisvc.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Autodesk\MapGuideServer6.3\Bin\MapServer.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\faxodbc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Citrix\GoToMeeting\124\g2mstart.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Citrix\GoToMeeting\124\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\124\g2mlauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
W:\gmw6.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\chris.JUNGLELASERS\Desktop\procexp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\chris.JUNGLELASERS\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mrburns/dotnet/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mrburns/dotnet/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\124\g2mstart.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe
O4 - Startup: Goldmine.lnk = ?
O4 - Startup: Konfabulator.lnk = C:\Config.Msi\1e9ba37e.rbf
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Palfun.lnk = C:\Program Files\AIM\palfun.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: bugmenot - file://C:\Program Files\bugmenot.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O15 - Trusted Zone: www.etaxmaps.com
O15 - Trusted Zone: http://www.etaxmaps.com
O15 - Trusted Zone: *.marzipan
O15 - Trusted Zone: http://*.marzipan
O15 - Trusted Zone: http://*.mrburns
O15 - Trusted Zone: www.nationalgeomatica.com
O15 - Trusted Zone: www.ordinance.com
O15 - Trusted Zone: *.ordinance.com
O15 - Trusted IP range: http://198.139.224.81
O16 - DPF: FileDownloaderCab - http://mrburns:88/Fi...wnloaderCab.CAB
O16 - DPF: {02C288AD-3B87-4E90-9C4C-F2B93F70ED07} (NatGeoCache Control) - http://mrburns:88/NatGeoCache.CAB
O16 - DPF: {065C0C9B-E32E-4403-895E-CE336F18590F} (Project1.UserControl1) - http://mrburns:88/CacheDownload.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1B4988D6-1723-11D4-A48B-00E02917C902} (GEOMAP ActiveX Control) - http://www.geomapgis...load/ggAx48.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://milhouse/proj...ts/pjclient.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.nationalg...om/mgaxctrl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Map 5\AcDcToday.ocx
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://nelson:1279/util/msrdp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtec...tall/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Map 5\InstBanr.ocx
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://milhouse/proj...033/pjcintl.cab
O16 - DPF: {B5985667-DEDF-480C-8EB6-6D6797A21BF6} (Project1.UserControl1) - http://mrburns:88/CacheDownload.CAB
O16 - DPF: {C1B6118C-E91B-4084-BADF-6A4D9A2E5E29} (Agent Class) - http://www.iinventor.../bin/agentx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Map 5\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Map 5\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = junglelasers.com
O17 - HKLM\Software\..\Telephony: DomainName = junglelasers.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = junglelasers.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: Netbcfg - {5F373E72-AB86-448A-A475-FF44C76E0832} - C:\WINDOWS\system32\actmac.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AutoStore (autostore) - NSI - C:\PROGRA~1\NSI\AUTOST~1\batch.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Autodesk MapGuideŽ Server 6.3 (MapServer6.3) - Autodesk, Inc. - C:\Program Files\Autodesk\MapGuideServer6.3\Bin\MapServer.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service1 - - c:\dotnettraining\windowsserviceexample\windowsserviceexample\bin\debug\windowsserviceexample.exe
O23 - Service: SMTP Capture - Unknown owner - C:\Program Files\NSI\AutoStore\smtpcap.exe
O23 - Service: System Event Dispatcher - Unknown owner - C:\WINDOWS\system32\faxodbc.exe

Edited by The Christopher, 14 December 2005 - 03:27 PM.


#2 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 16 December 2005 - 08:15 AM

Bump?

#3 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 16 December 2005 - 02:13 PM

Update: I have abandoned using IE for FireFox. I made FF my default browser and when I type something in the address bar in IE and hit enter it launches in FF! :wtf: This is really creepy and must be fixed. This is my work machine :weep: And I'm an asp.net developer for an IE only site. Any help is appriciated. Thank you.

#4 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 19 December 2005 - 02:14 PM

New Update : 12/19/2005

I was running a stand alone version of ie7 along with my ie6, I removed it. I have uninstalled FF in the hopes that maybe it was doing something (no luck). Now when I enter an address in my address bar and click go (or hit enter) I get a popup saying "Applicaiton not found". I'm assuming this is because it was trying to launch FF which is now uninstalled. I tried to get IE to recognized that it is the default browser now to no avail. I went to Internet Options and checked the "Internet Explorer should see if it is the default browser" box but I haven't gotten the ususal popup saying its not. I'm lost =[

#5 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 19 December 2005 - 03:18 PM

More updates: Panda scan comes up negative also. Uninstalled my Google Toolbar. Still no progress. Ill post my latest Hijack this log before I go home today...

#6 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 19 December 2005 - 03:53 PM

as promised here is my latest hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 4:53:57 PM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\WINDOWS\system32\cisvc.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Autodesk\MapGuideServer6.3\Bin\MapServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\NavNT\rtvscan.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\faxodbc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
W:\gmw6.exe
C:\Documents and Settings\chris.JUNGLELASERS\Desktop\procexp.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\chris.JUNGLELASERS\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mrburns/dotnet/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mrburns/dotnet/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe
O4 - Startup: Goldmine.lnk = ?
O4 - Startup: Konfabulator.lnk = C:\Config.Msi\1e9ba37e.rbf
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Palfun.lnk = C:\Program Files\AIM\palfun.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: bugmenot - file://C:\Program Files\bugmenot.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O15 - Trusted Zone: www.etaxmaps.com
O15 - Trusted Zone: http://www.etaxmaps.com
O15 - Trusted Zone: *.marzipan
O15 - Trusted Zone: http://*.marzipan
O15 - Trusted Zone: http://*.mrburns
O15 - Trusted Zone: www.nationalgeomatica.com
O15 - Trusted Zone: www.ordinance.com
O15 - Trusted Zone: *.ordinance.com
O15 - Trusted IP range: http://198.139.224.81
O16 - DPF: FileDownloaderCab - http://mrburns:88/Fi...wnloaderCab.CAB
O16 - DPF: {02C288AD-3B87-4E90-9C4C-F2B93F70ED07} (NatGeoCache Control) - http://mrburns:88/NatGeoCache.CAB
O16 - DPF: {065C0C9B-E32E-4403-895E-CE336F18590F} (Project1.UserControl1) - http://mrburns:88/CacheDownload.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1B4988D6-1723-11D4-A48B-00E02917C902} (GEOMAP ActiveX Control) - http://www.geomapgis...load/ggAx48.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://milhouse/proj...ts/pjclient.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.nationalg...om/mgaxctrl.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Map 5\AcDcToday.ocx
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://nelson:1279/util/msrdp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtec...tall/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Map 5\InstBanr.ocx
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://milhouse/proj...033/pjcintl.cab
O16 - DPF: {B5985667-DEDF-480C-8EB6-6D6797A21BF6} (Project1.UserControl1) - http://mrburns:88/CacheDownload.CAB
O16 - DPF: {C1B6118C-E91B-4084-BADF-6A4D9A2E5E29} (Agent Class) - http://www.iinventor.../bin/agentx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Map 5\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Map 5\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = junglelasers.com
O17 - HKLM\Software\..\Telephony: DomainName = junglelasers.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = junglelasers.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: Netbcfg - {5F373E72-AB86-448A-A475-FF44C76E0832} - C:\WINDOWS\system32\actmac.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AutoStore (autostore) - NSI - C:\PROGRA~1\NSI\AUTOST~1\batch.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Autodesk MapGuide® Server 6.3 (MapServer6.3) - Autodesk, Inc. - C:\Program Files\Autodesk\MapGuideServer6.3\Bin\MapServer.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service1 - - c:\dotnettraining\windowsserviceexample\windowsserviceexample\bin\debug\windowsserviceexample.exe
O23 - Service: SMTP Capture - Unknown owner - C:\Program Files\NSI\AutoStore\smtpcap.exe
O23 - Service: System Event Dispatcher - Unknown owner - C:\WINDOWS\system32\faxodbc.exe



Again, any help is appriciated.

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 20 December 2005 - 06:23 AM

Hello The Christopher, welcome to SWI.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Unless you know what these are leave them alone but to me they look very suspicious.
I would like to know what they are.
C:\WINDOWS\system32\faxodbc.exe
O23 - Service: System Event Dispatcher - Unknown owner - C:\WINDOWS\system32\faxodbc.exe
O21 - SSODL: Netbcfg - {5F373E72-AB86-448A-A475-FF44C76E0832} - C:\WINDOWS\system32\actmac.dll

Please submit the files in bold to the following link for a scan, then post the results in your next message for me to see.
http://www.kaspersky.com/scanforvirus

Problem with Internet Explorer try these fixes.

Download this .reg file to a temporary place, like Desktop.
http://www.spywarein...tools/IEFIX.reg
Close all other windows and browsers
Double-click on it and answer Yes.
This will restore all the default Search settings for I. E.

If still have connection problems continue with this.

Download: DelDomains.inf
http://mvps.org/winh.../DelDomains.inf
Right-click on the deldomains.inf file and select 'Install'.

Restart your computer to reset the registry.

Let me know about the files listed above and if your problems persist.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2005 - 07:49 AM

Hi nasdaq, thanks for the reply.

I went to the virus scan page and scanned the files but after hitting submit on each one it tells me to browse to the file and try again. =/

I downloaded / ran each of the reg and inf files and the problem still persits. After clicking Install on the inf, was something supposed to happen? I got a hour glass for a few seconds and that was it.

Recap of the problem: If I type in the address bar and click Go or hit enter I get a dialog saying "Application not Found". This happens with some links I click too like for the reg file I actually had to copy the link into Word and click it in there to follow it.

Edit: I think I'm on to something. Clicking my home button also gives me the Application not Found error. Same with clicking anythign in my history list. Could it be that IE has 'forgotten' how to process links? I'm guessing IE works like anything else Windows Explorer processes and has a list that checks what processes run what files (ie: EXE, DOC, TXT, etc?) Could it somehow have lost the ability to understand urls?

Edited by The Christopher, 20 December 2005 - 07:56 AM.


#9 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2005 - 10:27 AM

Sweet fixed it. Ok here is what happened: I was chatting over IM with my co-workers and I clicked a link he sent me. AIM proceeds to tell me it can't find a program associated with HTTP and to browse to it. I choose iExplore and everything works now. I'm going to go and scan those files like you suggested and will post my results here in a bit. I'm still really unsettled about IE losing the ability to navigate to webpages and I'd really like to know how it happened.

#10 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2005 - 10:34 AM

Correction: almost fixed it. I went to try scanning those files again and had the same problem (unless thats how the page works). Also: clicking my home button or favorites launches new instances of IE. :( I have 'Reuse windows for internet shortcuts' checked in Tools > Internet Options > Advanced Tab. I thought thats what it was, but it wasn't. Do you know what would cause this?

Edited by The Christopher, 20 December 2005 - 12:31 PM.


#11 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2005 - 01:28 PM

Ok. Back to completely broken, but i think i know why, but i can't fix it.

I went to look at my File Types tab in Explorer > Tools > Folder Options. I took a look at URL:http and it was still set to FireFox.exe (which I recently uninstalled). To top that... I took a look at a computer without problems and there was no URL:http, only URL:HyperText Transfer Protocol, so I changed mine to that... copied the settings from the working pc and gave it a go and i'm back to square one. Typing in a address in the address bar and hitting enter (or Go), clicking a link in my favorites or clicking my Home button all causes IE to lockup.

:'(

I don't know what to do.

The settings don't stick either, I know that the "Application Used to Perform action" should be

"C:\Program Files\Internet Explorer\iexplore.exe" -nohome

But it keeps reverting to

"C:\Program Files\Internet Explorer\iexplore.exe" %1

I don't get it :blink:

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 20 December 2005 - 02:14 PM

To tell you the truth you should repair I.E.
Let me know how you make out.

Method 1: Microsoft Internet Explorer 6.x Repair for Windows XP

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Method 2: Microsoft Internet Explorer 6.x Repair for Windows XP

From the Start menu, select Search, select All Files and Folders.
Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.
Ensure that Search System Folders and Search Subfolders are also checked.
In the All or Part of the File Name box, type ie.inf
In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.
Click the Search button.
In the search results pane, find the ie.inf file located in Windows\Inf folder.
Right click the ie.inf file and click Install on the context menu.
Reboot the computer when the file copy process is complete.

If all fails then try this.
http://www.michaelst...pairinstall.htm
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 21 December 2005 - 07:29 AM

Ok, I tried the first two with no luck. I'm running a repair install of XP at the moment. I'll let you know how it goes.

#14 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 21 December 2005 - 07:55 AM

Ok, after a repair install of windows everything seems normal again... I really wish I knew why this happened. I want to think its due to the install / uninstall of FireFox and somehow IE not realizing it was the only browser again. Thanks for all the suggestions. :thumbsup:

:ninja: <- I just wanted to make a ninja.

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 21 December 2005 - 10:09 AM

Glad we could help.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 The Christopher

The Christopher

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 03 January 2006 - 11:39 AM

Update

After my repair everything worked until i windows updated. One of them breaks my IE and i can't figure out which one. Just thought I'd throw that in there. I fixed it by uninstalling my updates since the install.

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 03 January 2006 - 01:45 PM

Any difficulties that I can help with?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 17 January 2006 - 01:54 PM

Glad we could help. :)

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button