IE 8 Flashes on Screen will not display

[the rescue tech]

I am a new tech working for myself in rural Southwest Missouri.

Presently trying to work on a COMPAQ: Presario with XP Home SP3

Client brought machine in as for the last couple of weeks (months) they have not been able to start Internet Explorer 8 without restoring to a previous date.

Symptoms:
Desktop has IE icon with a numeric label of significant length: 123456789101112131415161718192021222324252627282930313332133343536373839404142434445464474849

Also on desktop is Shortcut to IE Troubleshooting
IE8 upon opening the first time displays a dialog box:
Your last browser session closed unexpectedly. Would you like to restore your last session, [etc.]

When either response is chosen, IE8 window disappears.
Task manger/Processes shows iexplorer.exe as running

Running it a second time produces similar results, though without the dialog box, and additional iexplorer processes appear in Task manager for each attempt to run IE.

I have loaded FireFox and found it to run without difficulty.

SAFE MODE w/ networking:
IE8 will run normally in safe mode, with Firewall in place as well.

Virus Checking:
I have not perfected removal by hand yet, though I am attempting to check for myself. Having run a variety of scanners I have found nothing significant, other than what appears to be remnants of adware.

I have tried Fix IE script, SFC, and reset IE Advanced options all to no avail.

I have also tried uninstalling, and reinstalling IE8.

I have tried Setting MSCONFIG to Diagnostic mode for start up, in normal mode, with no difference in results.

I have search the forums and the web, all to no avail.

I have about run out of ideas and options I seek any insight that you may be able to add.

The best I can assess, Microsoft pushed the IE8 upgrade, and something went wrong.

 

[NickCat11]

Did you run hijackthis yet? If so, how did the log look?

 

[the rescue tech]

RE: Hijackthis
I did run it, though I question my ability to analyse it well.
Rerunning it as I type.

New issues (may be my efforts or something else)
System restore was turned off this morning
Also found most of services disabled, and unable to Enable them.
Properties in Computer management on a service displays :
Configuration Manager: The Plug and Play service or another required service is not available.

 

[the rescue tech]

HiJack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:01, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Owner\Desktop\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=au...&src_id=11009&camp_id=49&tb_version=2.4.3.405
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Java runtime] javaw.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1851376988-2847828937-3368639936-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1851376988-2847828937-3368639936-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1851376988-2847828937-3368639936-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Java runtime] javaw.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Java runtime] javaw.exe (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://unkmail2.unk.edu/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50B113D7-E591-4031-8A55-4E5996E2C9B7}: NameServer = 192.167.0.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe

--
End of file - 8344 bytes

 

[TLE]

If you are unsure as to how to read HiJack this logs, take a look at the following site. You can upload the log file and have the site analyze it.

http://www.hijackthis.de/

Hope this helps you.

TLE

 

[the rescue tech]

Thanks for the tip.
I am forcing myself to push throught it, but will probably go to the site to check my work.

 

[PatrickB]

1) Can you rename that icon? How about just using
Start > Run > iexplore.exe
to start IE?

2) Is the computer using both Avast! and Comodo antiviruses? Maybe it is using Avast! but with only the firewall portion of Comodo. If using both antiviruses, one should be uninstalled.

3) Avast! can be made to do a boot-time full scan by opening its antivirus interface and right-clicking on the logo to get that option. I understand the newest version of Avast! has a nicer interface. If they still have the older version, you can change to the Flat 'N Simple interface from the Avast! website.

4) Start > Run > Control inetcpl.cpl
may allow you to start up the IE control applet. If so, then you could click on the Advanced tab and "Reset Internet Explorer ..."

5) Do the Windows Event logs show anything that might indicate the issue?

-- Patrick B.

 

[the rescue tech]

PatrickB

1) Yes, I can rename the icon. No effect, though I wonder how/why the name was changed in first place.
Run > iexplore.exe produces same results

2) Comodo is running only firewall.

3) Did a boot scan over night, couple of days ago, but found the machine booted the next morning, no apparent signs of problems, other than IE* issues.

4) I have done the Reset in the past, though I did not delete personal settings. (Thought I would avoid this unless last resort)

5) Presently cannot pull up event logs, though I could pull it up earlier. (See new issues in post #3)

Looking through the hijack this log has produced little.
javaw.exe was questioned but appears to be part of java.

 

[PatrickB]

Hi Bill,

Have you tried opening the "No Add-ons" version of IE? It's under Accessories > System Tools.

There are many forums dedicated to analyzing HiJack This! logs. I'll PM you some entries I would question.

Looks like Norton is/was there as well
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

Use Autoruns from www.sysinternals.com to evaluate the programs that run automatically. One clue is if they have no Company Name, they are questionable.

There are several threads with virus removal tips. One of them is:
http://www.technibble.com/forums/showthread.php?t=10212&highlight=virus&page=2


-- Patrick B.

 

[topshelfpc]

Also found most of services disabled, and unable to Enable them.
Properties in Computer management on a service displays :
Configuration Manager: The Plug and Play service or another required service is not available.

I believe this is because you changed it to diagnostic mode in MSCONFIG.

 

[the rescue tech]

PatrickB, NickCat11, TLE and topshelfpc,

Guys thanks for the insights.
You provided the needed ideas to keep me going and to encourage me to delve into the HijackThis log and Autoruns.
Feels like I just took a 3 credit seminar on HiJackThis and trojans.

I believe after the second round of cleaning and pounding the keyboard, I have finally cleaned it up.

PatrickB, thanks for the PM. It's good to know there is some else on Technibble from our area.

Thanks again.