Highjackthis: MSIE: Unable to get Internet Explorer version!

Vape · April 19, 2005

Logfile of HijackThis v1.99.1

Scan saved at 8:36:06 AM, on 20/04/05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile]

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

C:\WINDOWS\Explorer[Caution: ExecutableFile]

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: ExecutableFile]

C:\WINDOWS\mHotkey[Caution: ExecutableFile]

C:\WINDOWS\SOUNDMAN[Caution: ExecutableFile]

C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile]

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings[Caution: ExecutableFile]

C:\Program Files\Folding@Home\FAH502-Console[Caution: ExecutableFile]

C:\Program Files\Winamp\winamp[Caution: ExecutableFile]

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\Program Files\Folding@Home\FahCore_82[Caution: ExecutableFile]

C:\Program Files\mIRC\mirc[Caution: ExecutableFile]

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

C:\Program Files\Nvu\nvu[Caution: ExecutableFile]

C:\Program Files\Adobe\Photoshop 6.0\Photoshp[Caution: ExecutableFile]

C:\Program Files\Common Files\Adobe\Web\AOM[Caution: ExecutableFile]

C:\Program Files\HijackThis\HijackThis[Caution: ExecutableFile]

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [PRONoMgr[Caution: ExecutableFile]] C:\Program Files\Intel\NCS\PROSet\PRONoMgr[Caution: ExecutableFile]

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz[Caution: ExecutableFile] /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [urlLSTCK[Caution: ExecutableFile]] C:\Program Files\Norton Internet Security\UrlLstCk[Caution: ExecutableFile]

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile]

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck[Caution: ExecutableFile]

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [CHotkey] mHotkey[Caution: ExecutableFile]

O4 - HKLM\..\Run: [soundMan] SOUNDMAN[Caution: ExecutableFile]

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: ExecutableFile] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched[Caution: ExecutableFile]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: ExecutableFile]" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

O4 - Startup: FAH502-Console[Caution: ExecutableFile].lnk = C:\Program Files\Folding@Home\FAH502-Console[Caution: ExecutableFile]

O4 - Global Startup: Adobe Gamma Loader[Caution: ExecutableFile].lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

O4 - Global Startup: XP Keep Per User Display Settings.lnk = C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings[Caution: ExecutableFile]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b30149.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3582809406

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

O20 - AppInit_DLLs: MsgPlusLoader.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: ExecutableFile]

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc[Caution: ExecutableFile]

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: ExecutableFile]

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan[Caution: ExecutableFile]

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

:| ?

Phyco1312 · April 20, 2005

Well, after reading line after line, the only thing I have questions about is the following

O4 - HKLM\..\Run: [PRONoMgr.e3e (CAUTION - executable file)] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.e3e (CAUTION - executable file)

The above entry appears to be an executable, and is running off of your registry, and is set to open on startup. Not sure what it is, maybe you do.

O4 - HKLM\..\Run: [nwiz] nwiz.e3e (CAUTION - executable file) /install

This one is quite interesting, it has a install parameter. Might be something bad, unless you know what it is. Might be good to just remove it if you're not sure what it is.

O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing

This one is also questionable. Obviously you use X-Fire, but your .dll file is missing to correctly connect to it. This shouldn't affect IE though.

Wish I could help ya out more, but there really doesn't seem to be anything blocking or halting IE from what I can tell on the HJT log. Sorry ... tried :cry:

Vape · April 20, 2005

PRONoMgr is by Intel and is the configuration and diagnostic console for their PRO Ethernet adapter.

Nwiz is Nvidia's (graphics card.)

I've no idea what xfire is, my brother installed it. I think it's for online multiplayer caming or some such thing. Shouldn't be affecting IE anyway.

Mercifull · April 20, 2005

Try re-installing HJT, according to some other security forums its not that big a deal.

Chungyz · April 23, 2005

Where or how do you find the HJT log files?

zonda · April 24, 2005

Where or how do you find the HJT log files?

There are links to it, and many other useful programs in the stickies on this board :wink:

Sign In

Highjackthis: MSIE: Unable to get Internet Explorer version!

Recommended Posts

Vape

Link to comment

Share on other sites

Phyco1312

Link to comment

Share on other sites

Vape

Link to comment

Share on other sites

Mercifull

Link to comment

Share on other sites

Chungyz

Link to comment

Share on other sites

zonda

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity

Important Information