Please help me! Internet Explorer is freezing when i try to open it

I don't know how this happened, but I'm sure i have a virus. When I open IE through the icon or a link, the window opens and freezes instantly (showing just the blue bar at the top and a white page). I can sometimes get a browser open by signing onto MSN messager and using the e-mail link to hotmail. I have been looking everywhere on the internet to find out what it is and can't find anything about it. I have run Adaware, Spybot search and destory and a few other programs which all detect nothing. I will post a HiJackthis log.
Can anyone help me?

Logfile of HijackThis v1.98.2
Scan saved at 14:41:58, on 09/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Web Protection\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINNT\system32\saristar.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\msvrl.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - file://C:\Documents and Settings\Administrator\Local Settings\Temp\FCabtmp1214.xms
O16 - DPF: {7B8DF65F-FED6-468D-AFAF-4DC02FAD019C} - http://activex.microsoft.com/objects/ocget.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A16A343-6BB3-4F2D-BA92-765A0EB2F457}: NameServer = 213.120.62.103 213.120.62.98
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A16A343-6BB3-4F2D-BA92-765A0EB2F457}: NameServer = 213.120.62.103 213.120.62.98

Hi Mr Spoon,

You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.

If you have any questions before starting the fix, please don't hesitate to ask!

Download Ad-Aware SE Personal Edition version 1.05 from:

http://www.lavasoft.de/support/download/

Run Adaware, click the "Check for Updates now" link. Install the latest reference file

Just update it for now, you will scan with it later!

Next...

Please download and run LSPFix from here:

http://cexx.org/LSPFix.exe

On the opening screen, click "I know what I'm doing".. Check all instances of "msvrl.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish.

Next...

Is PC MightyMax a pay per fix program? If so

Please go to Start > Control Panel > Add/Remove programs and remove:

PC MightyMax

Next...

Boot into Safe Mode. Reboot your computer, start tapping F8 when it first starts booting, select Safe Mode.

Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed.

O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINNT\system32\saristar.dll
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O16 - DPF: {1B3E3251-658E-4F03-8881-68302FE3CE9E} - file://C:\Documents and Settings\Administrator\Local Settings\Temp\FCabtmp1214.xms

If you removed PcMightyMax from add/remove programs, fix this line too
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R


These are resource hogs that can be fixed also:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Next...

Make sure your computer is configured to show all files and folders.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders.
Uncheck hide extensions for known file types.
Uncheck the Hide Protected Operating System Files option.
Click Yes to confirm.
Click OK.

Search for and delete the following files:

C:\WINNT\system32\saristar.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\FCabtmp1214.xms

Search for and delete the following folder:

C:\Program Files\Windows AdTools < delete the entire Windows AdTools folder

Next....

Go to Start > Run > type "cleanmgr" (without the quotes). > Select the drive to clean up (usually C ) > Place a checkmark next to the following:

Temporary Internet Files
Recycle Bin
Temporary Files

Then click OK.

Next...

Perform a "Full system scan" with Adaware. Allow it to remove anything it finds.

Reboot normally.

Please post a fresh HijackThis log.

Tom

Tom, you are a genius thank you so much! Everything is fine with my Internet Explorer now, however, I did not do the final Adaware scan as I had problems installing the reference file. What do I do once I have downloaded it? – Click on “check for updates” and then what?
Also, the file C:/WINNT\system32\saristar.dll was not present.
I will post a HJT log now anyway. Thank you once again!

Logfile of HijackThis v1.98.2
Scan saved at 12:45:51, on 12/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Administrator\Desktop\Web Protection\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {7B8DF65F-FED6-468D-AFAF-4DC02FAD019C} - http://activex.microsoft.com/objects/ocget.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A16A343-6BB3-4F2D-BA92-765A0EB2F457}: NameServer = 213.120.62.101 213.120.62.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A16A343-6BB3-4F2D-BA92-765A0EB2F457}: NameServer = 213.120.62.101 213.120.62.100

Spoon.

Spoon,

You are doing great! It's OK that you could not find saristar.dll Your log is clean, excellent work

Grinler has an excellent Adaware tutorial over at his site:

http://www.bleepingcomputer.com/for...showtutorial=48

Please scan with Adaware and allow it to remove anything it finds.

Next...

I don't see an antivirus program running in your log...

AVG has a new, free version available - AVG7 Free edition:

http://free.grisoft.com/freeweb.php.

Be sure to update it right away and perform a full system scan.

Next...

I don't see a firewall running in your log.

ZoneAlarm has a free firewall:

http://www.zonelabs.com/store/conte...reeDownload.jsp

Both are necessary to keep your computer safe.

Then...

These are tools that will help keep you from getting infected again:

SpywareBlaster prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially dangerous sites in InternetExplorer.

http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

http://www.wilderssecurity.net/spywareguard.html

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

http://mvps.org/winhelp2002/hosts.htm

All are very small free programs. Occasionally check for updates.

Check for updates for Windows and Internet Explorer every week or so. Download each critical update one by one, rebooting when necessary.. Repeat this until you get the message "no critical updates available"

http://windowsupdate.microsoft.com/

Please take a minute to read: So how did I get infected in the first place?

http://forums.net-integration.net/i...?showtopic=3051

Tom