Jump to content


Photo

IE 6 Browser


  • This topic is locked This topic is locked
17 replies to this topic

#1 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 03 July 2004 - 09:38 PM

I have been having problems going on some sites. I can log into Hotmail but after logging in I get a dialog box saying Browser will shut down, Do I want to send an error report. It does this to other sites. I can ust keep on logging in several times and finally it will let me in. thank you for helping me. Alaski
My hijack log
Logfile of HijackThis v1.97.7
Scan saved at 6:28:40 PM, on 7/3/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\PROGRAM FILES\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\FREECELL.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtaonline.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MTA Online
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mtaonline.net/
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8131.7291435185
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse....iveX/winrep.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab

#2 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 06 July 2004 - 07:16 AM

:weep: Please someone help .

#3 thesh

thesh

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 07 July 2004 - 02:39 PM

If you can post the file name its erroring out on maybe I can help

#4 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 07 July 2004 - 10:40 PM

appname iexplore.exe modname msvcrt.dllok it says Exception information
code0x000000000000000 flags oxoooooooo recordoxoooooooo000000
address 0x000000078015ca3
than system info
then module 1 msgsc.dll to module 66
hen it goes to thread 1 - 19
then to memory range 1-memory range 22
i cannot copy and paste and will give you all if you want

#5 thesh

thesh

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 07 July 2004 - 11:12 PM

You can try this Microsoft Link

#6 thesh

thesh

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 07 July 2004 - 11:23 PM

this Line "then module 1 msgsc.dll to module 66" is an MSN Messenger System file, I would try to update MSN Messenger First then try the links below for further help.


You can try this Microsoft Link
Microsoft Help

You can try this sites Workaround Also
pctechforums.com IE 6 Help

Personaly I would just use a differnt web browser like Mozilla or firefox instead of IE 6

Hope this helps, if this works please post what you did so others having the same problem can benifit from it.

#7 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 17 July 2004 - 01:55 AM

I did the first two. Did not help. Have a question on the third.it says locate the file msvcrt.dll rename it. Can't rename it. It says it is being used by windows

#8 invis_tres

invis_tres

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 17 July 2004 - 05:11 AM

Msvcrt.dll == Microsoft visual c run time dll I donít think you got to do any thing with it

If at all you want to rename it (donít delete it) but make sure you find a fresh copy from somewhere go to msdn and search

Btw if you cant rename it because it is being used by windows
You need to boot into safe mode with command prompt

And do c:\>ren oldfilename newfilename

How to boot into safe mod
Press f8 several times during boot up till you get the menu

#9 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 18 July 2004 - 09:18 AM

Ok. I am at loss how to follow your instructions. I boot from safe mode then do what actually. My new Msvcrt.dll file is on my desktop. Thank you for your help and patience .

#10 Guest_pugs_*

Guest_pugs_*
  • Guests

Posted 19 July 2004 - 07:03 AM

Hello Alaski,

Ok reboot your computer, when the BIOS screen loads tap f8 until an option screen comes up. When it does select safe mode. Go to my computer and then go to C:\ ,Windows, System Then find the dll and right click and rename Msvcrt.dll to Msvcrt.dll.old Now reboot your computer normally. Find the Msvcrt.dll on your desktop, right click and select cut. Go to My Computer and go to C:\Windows\System and right click in an open area and select paste. Then let me know if you are still having problems

#11 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 19 July 2004 - 05:32 PM

I printed your instructions and followed to the letter. I could not rename the dll. It is being used by windows. I did it in safe mode. Thank you for the detailed instructions. :weep:
I can't even enter instant sweepstakes because Explorere wanta to send error report, blah blah blah.
I want my browser back!

#12 Guest_pugs_*

Guest_pugs_*
  • Guests

Posted 19 July 2004 - 09:31 PM

Alaski,

If you can get to www.mozilla.org go there and download firefox. It may work for you and be a temporary solution until we can get things back to normal.

#13 hue_j

hue_j

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 July 2004 - 02:17 AM

Delete MSN MESSENGER. It messes up IE thast why ure having problems.

Goto:

Ctrl panel , add/remove progs, remove MSN MESSENGEr


Then:

goto C:/programs and delete folder MSN Messenger

IF that doesn't work:

boot in to "SAFE" mode , delete folder then reboot


All in all if non of that works goto:

START
RUN
TYPE: "services.msc"
hit ENTER

then scroll down the list to MESSENGER

right click and either "STOP PROGRAM" OR "DELETE"

if it says so.....

then reboot systerm and send your HJT file (HiJackTHis file and someone will help you)

~S

#14 Guest_pugs_*

Guest_pugs_*
  • Guests

Posted 22 July 2004 - 02:23 AM

You certainly can try posting a log and seeing if something is wrong, but deleteing messenger is next to impossible as Ive tried. Somehow its always there. Im not sure if maybe there is a download you can get from microsoft for messenger, and reinstall it that way it replaces any files missing. But like I said Im not sure if that exists.

#15 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 30 July 2004 - 01:55 AM

ok I deleted MSN messenger. I first wanted to see if Explorere worked . Went to Instant wins and it played fine but then this message came. IEXPLORE.EXE caused fault #c0000005 in GDI32.DLL at address 0187:bff24dd5.
So I went to ms config for normal startup. Something ugly happened, The computer found new hardware in safe mode, The following software was installed, Plug and play Bios, systemboard extensions, programmabele interrupt controllers, , direct memory access controller, system time, system CMOS/realtime clock, standard 101/102 keyboard microsoft natural keyboard, system speaker, numeric data processor, programmable interrupt controller, , three motherboRD

#16 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 30 July 2004 - 02:03 AM

sorry send before finishing, it also found PCI Bus, communication port, ECP printer port, standard floppy disc controller and IRQ holder for PCI steering.
So here is the hijack log
Logfile of HijackThis v1.97.7
Scan saved at 9:27:29 PM, on 7/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON CRASHGUARD\CGMENU.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\PROGRAM FILES\NORTON CRASHGUARD\CG16EH.EXE
C:\PROGRAM FILES\GATEWAY.NET INSTANT MESSENGER\AIM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW4\NKVWMON.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\NORTON CRASHGUARD DELUXE\CHECKUP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gnet.com/? @@@@@ ARE YOU OLDER THAN 13 YEARS OLD @@@@@
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtaonline.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MTA Online
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON CRASHGUARD\CGMENU.EXE"
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [IM] C:\PROGRAM FILES\GATEWAY.NET INSTANT MESSENGER\aim.exe -cnetwait.odl
O4 - Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Norton CrashGuard Deluxe Auto Check.lnk = C:\Program Files\Norton CrashGuard Deluxe\CheckUp.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mtaonline.net/
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8131.7291435185
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse....iveX/winrep.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://babygrant.abo...com/saxfile.cab

Incidentally I am now using Firefox. This is what happened FIREFOX caused an invalid page fault in
module <unknown> at 0000:02447a0f.
Registers:
EAX=02447ac4 CS=0187 EIP=02447a0f EFLGS=00010282
EBX=01e27b9c SS=018f ESP=00c8f770 EBP=00c8f794
ECX=041c80b4 DS=018f ESI=00000000 FS=4417
EDX=00c8f790 ES=018f EDI=04b1fbe0 GS=0000
Bytes at CS:EIP:
00 b4 80 1c 04 b4 80 1c 04 b0 ed 96 00 a0 ed 96
Stack dump:
02447a10 00460c39 02447a10 00530674 02426a80 00c8f790 04b1fbe0 02426a80 02447a10 00c8f7b0 0041a421 0258e390 02426a80 04b1fbe0 01e27c68 01e27c68

Thanks. I do not know why My computer found new hardware. Thanks for your help.

#17 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 02 August 2004 - 08:39 PM

I have deleted messenger. Any help forthcoming?

#18 alaski

alaski

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 11 August 2004 - 09:13 PM

i am going to reinstall messenger. I was hoping someone would tell me what to do next. I guess from the lack of replies that my hijack log is clean???




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button