[Metallica]

Can you post a HijackThis log for me?

And copy the part in bold below into notepad and save it as lookupie.bat
Set filetype to "All files"

dir %Systemdrive%\iexplore.exe /a h /s > files.txt
start notepad files.txt

Doubleclick that file and post the content of files.txt it will create and open.

Regards,

[Advertisements]

You got it.

*****************************************

Logfile of HijackThis v1.99.1
Scan saved at 3:44:06 AM, on 7/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\gearsec.exe
D:\mysql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\EPoX\USDM\USDM.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Netscape\Netscape\Netscp.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
d:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\Wtablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINNT\system32\taskmgr.exe
D:\Program Files\Microsoft Office\Office\Winword.exe
D:\Program Files\hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPoXUSDM] "D:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Terminate Popup] d:\Program Files\Zero-PopUps\zpu.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\Wtablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - D:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "D:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe

************************************

And the files.txt file reads as follows:

************************************

Volume in drive C has no label.
Volume Serial Number is 081E-AFFE

Directory of C:\Program Files\Internet Explorer

08/29/2002 07:14a 91,136 iexplore.exe
1 File(s) 91,136 bytes

Directory of C:\WINNT\system32\dllcache

08/29/2002 07:14a 91,136 iexplore.exe
1 File(s) 91,136 bytes

[jasonfultz]

You got it.

*****************************************

Logfile of HijackThis v1.99.1
Scan saved at 3:44:06 AM, on 7/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\gearsec.exe
D:\mysql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\EPoX\USDM\USDM.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Netscape\Netscape\Netscp.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
d:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\Wtablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINNT\system32\taskmgr.exe
D:\Program Files\Microsoft Office\Office\Winword.exe
D:\Program Files\hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPoXUSDM] "D:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Terminate Popup] d:\Program Files\Zero-PopUps\zpu.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\Wtablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - D:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "D:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe

************************************

And the files.txt file reads as follows:

************************************

Volume in drive C has no label.
Volume Serial Number is 081E-AFFE

Directory of C:\Program Files\Internet Explorer

08/29/2002 07:14a 91,136 iexplore.exe
1 File(s) 91,136 bytes

Directory of C:\WINNT\system32\dllcache

08/29/2002 07:14a 91,136 iexplore.exe
1 File(s) 91,136 bytes

[Metallica]

OK. I'll let you know my train of thought here, so you can point out if I make a mistake.

Your version of iexplore.exe that is in use is the same as the one in the dllcache, so the file is OK by itself. (Which is as expected since you alread did a Reapir install)

You can surf using explorer and there are a few differences in what gets loaded when using IE or explorer. Most of them show up in a HijackThis log and yours is clean.

I would like to try one thing if you agree.

Rightclick C:\Program Files\Internet Explorer\iexplore.exe and rename it to iexplore.old
Then copy & paste C:\WINNT\Explorer.EXE to C:\Program Files\Internet Explorer
and change the name to iexplore.exe

Then reboot and let me know how everything works.

Regards,

[jasonfultz]

Alright. I renamed iexplore.exe to iexplore.old. Then I copied explorer.exe to the IE directory and renamed it iexplore.exe. I rebooted, then opened up "iexplore.exe". The icon looks different, as expected. I changed a bunch of settings to mimic IE and went to an internet address.

It then went into Internet Explorer Compatibility Mode and sent me a message box stating so. It also informed me that some features were not going to be available while in that mode. I'm not sure if it meant features of explorer.exe or features of iexplore.exe.

Either way, it's a temporary solution and will probably allow me to go to Microsoft's website now and use certain other plugins that I was unable to install "since the incident". But I really would prefer to find out why iexplore.exe isn't working correctly, and I'd like to get it back up and running properly again.

But so far, thank you so much for your help, time, and patience. This is much better than it was before.

Since the problem isn't with the program file itself, do you think maybe it could be traced back to the registry? We are bound to have checked this already, however, much like we've probably already checked for dependency files for iexplore.exe.

[Metallica]

Click Start > Run > copy&paste regedit.exe /e C:\appath.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE" > OK

This will create C:\appath.txt

Post the content of that file please.

And can you upload your old iexplore.old follwoing the instructions here:
http://www.thespykil...x.php?topic=5.0
I'd like to have a look, just to make sure.

Regards,

[jasonfultz]

This is the contents of the file that was created:

*****************************************

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]
@="C:\\PROGRA~1\\INTERN~1\\IEXPLO~1.OLD"
"Path"="C:\\Program Files\\Internet Explorer;"

****************************************

The file is located in the post here:
http://www.thespykil...php?topic=451.0

[Metallica]

Nothing wrong with iexplore.old

It didn't feel at home on my XP system, but it worked and didn't crash.

Copy the part in bold below into notepad and save it as correctpath.reg
Set Filetype to "All files"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"


Doubleclick that file and confirm you want to merge it with the registry.

Click Start > Run > copy&paste regsvr32 urlmon.dll > OK
You should get a confirmation that urlmon.dll was registered.

Repeat that procedure for these files:

Mshtml.dll
Actxprxy.dll
Oleaut32.dll
Shell32.dll
shdocvw.dll
browseui.dll
msjava.dll

Reboot when you are done and let me know if it worked.

Regards,

[jasonfultz]

I did everything you asked from above. Except I also renamed the current "iexplore.exe" back to explorer.exe (it's the 280K file) and tried to rename the iexplore.old to iexplore.exe, but in the middle of the process, a new 89k file appeared with the iexplore.exe filename automatically (while I was changing the name of the .old file). Weird.

I did this because the .old file is the original IE file and I assumed when you asked if it worked you meant that you wanted to know if it worked like it should (with the original 89k .old file). I know, I shouldn't assume things.

That's why after I rebooted and tried to start up IE, and after seeing that nothing happened (no messages or windows opened anyway), then I deleted the iexplore.exe file (89k) and quickly renamed the explorer.exe file to iexplore.exe (280k). I rebooted and tried starting up IE again, and of course the 280k file explorer popped up instead of the 89k Internet Explorer, as I expected since the link goes directly to the 280k file.

In summary, it didn't do anything different. The problem persists. The 89k iexplore.exe file never opens a window and doesn't even send me an error message any longer.

*shrugs* I'm about ready to give up. I suppose I'm glad it makes as little sense to a malware expert as it makes to me. It's almost worth reinstalling Windows 2000 Professional, reinstalling all my drivers, re-updating them all, re-installing all programs, etc at this point. But not quite.

And now Maya is even giving me inconsistent problems opening. Sometimes it opens just fine and other times it locks my whole computer while loading the user interface. This has never happened to me before. Maya has always worked until recently.

Have you ever had the urge to just drop kick a computer after spending countless hours trying to 'fix' it with little or no results?

[Metallica]

Have you ever had the urge to just drop kick a computer after spending countless hours trying to 'fix' it with little or no results?

On a regular base, yes. But never my own.

You did not get any errors while registering the dll's ?

I had some success a while ago by replacing oleaut32.dll but that is a problem that usually only occurs on Windows 98 systems.

By replacing the files you may have altered the registry key we worked on.

Click Start > Run > copy&paste regedit.exe /e C:\appath2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE" > OK

This will create C:\appath2.txt

Post the content of that file please.

Regards,

[jasonfultz]

That is correct, I did not get any errors while registering the dll's.

Here are the contents of appath2.txt:

********************************************

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
"Path"="C:\\Program Files\\Internet Explorer;"

[Metallica]

Another piece of the registry I'd like to have a look at.

regedit.exe /e C:\appid.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\iexplore.exe\\AppId"

Post the content of C:\appid.txt

Regards,

[jasonfultz]

Ok, I ran that line at least 3 times. I waited about 15-20 minutes for the last one, and still I don't see C:\appid.txt. Does that sound like a possibility if I did everything correctly?

[Metallica]

I made a mistake.

Who put the value of the key in there?

Time for the old man to retreat, I guess.

This is the correct command

regedit.exe /e C:\appid.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\iexplore.exe"

Regards,

[jasonfultz]

Well dangit! I ran that one twice, waiting about 15 minutes for the second one before deciding that appid.txt isn't going to appear.

Assuming the line is correct, what would it mean that it didn't pump out the file we expected it to generate?

[Metallica]

It usually means that the key we are trying to export does not exist.
If that is the case we may have found the cause of the problem.

Copy the part in bold below into notepad and save it as Appid.reg
Set Filetype to "all files"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\iexplore.exe]
"AppId"="{0002DF01-0000-0000-C000-000000000046}"

Doubleclick that file and confirm you want to merge it with the registry.

Reboot and try to start IE.

Regards,