|
#1
September 28th, 2003, 12:19 AM
|
|||
|
|||
|
Microsoft I Explorere clsing down repeatedly
Hi All
I am operating wk2 server and five or six times an hour the microsoft message flags up "we are closing down due to a problem with Internet Explorer so save any work you have or you will lose it."Anyone have any ideas?
__________________
lcyber 
|
|
#2
September 28th, 2003, 12:46 AM
|
||||
|
||||
|
Hi lcyber - It might help if we can see whats running on your PC. Go here and download and run a scan with Hijack This. Dont make any changes, just click on Save Log, copy it and post it back in this thread.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#3
September 28th, 2003, 11:35 PM
|
|||
|
|||
|
Quote:
Scan saved at 22:38:42, on 28/09/2003 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\msdtc.exe C:\WINNT\System32\CTsvcCDA.EXE C:\WINNT\system32\drivers\dcfssvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\System32\llssrv.exe C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\faxsvc.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\devldr32.exe C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE C:\WINNT\anvshell.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\A4tech\Mouse\AWMMAIN.EXE C:\WINNT\CNN.com Europe Clickbar\clickbar.exe C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\inKline Global\PC Booster\pcbooster.exe C:\PROGRA~1\PANICW~1\POP-UP~2\dpps2.exe C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe C:\WINNT\System32\internat.exe C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe C:\Program Files\SmartDisk\FlashPath for SD Memory Card\FPSDstat.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINNT\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\WinZip\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchwww.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Basic\Search Bar.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4tech\Mouse\AWMMAIN.EXE O4 - HKLM\..\Run: [WebforiaClickbarRun] "C:\WINNT\CNN.com Europe Clickbar\clickbar.exe" O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~2\dpps2.exe" O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe /nosplash O4 - Global Startup: FlashPath for SD Memory Card Status.lnk = C:\Program Files\SmartDisk\FlashPath for SD Memory Card\FPSDstat.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM) O9 - Extra button: Copernic Agent (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .eid: C:\Program Files\Internet Explorer\PLUGINS\NPIPRT32.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/AskBar-inst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d...ll/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...583.0133101852 O16 - DPF: {A6B13EE4-A974-11d2-8DB7-00C04FB6E8F6} (Clickbar Download) - http://europe.cnn.com/EUROPE/webfori.../cnneurope.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{50EED885-DBD0-402C-841F-D97AAAE9B2F2}: NameServer = 195.92.195.94 195.92.195.95 Thanks Marie hope I've done this right ,lcyber
__________________
lcyber
|
|
#4
September 29th, 2003, 06:11 AM
|
||||
|
||||
|
Hi lcyber - yep, thats fine.
 Have you recently run a Spyware Removal program or uninstalled spyware? If so, which one. Your winsock layers have been corrupted. Go here and download and run WinsockFix and see if it will repair the damage. Next consider whether or not you need this program - OpiStat. Opistat has a reputation of installing spyware on your PC without the users knowledge. You also have unneccesary programs running at startup. You might like to download msconfig for Win2K plus the help file and use it to disable some startups. Have a look here for help in deciding which programs can be safely disabled. Let us know how you get on. If you still have problems, run Hijack This again and post back a new log.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#5
October 3rd, 2003, 12:58 PM
|
|||
|
|||
|
Explorer keeps crashing
Quote:
Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\msdtc.exe C:\WINNT\System32\CTsvcCDA.EXE C:\WINNT\system32\drivers\dcfssvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\System32\llssrv.exe C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\faxsvc.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\devldr32.exe C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE C:\WINNT\anvshell.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\A4tech\Mouse\AWMMAIN.EXE C:\WINNT\CNN.com Europe Clickbar\clickbar.exe C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe C:\Program Files\inKline Global\PC Booster\pcbooster.exe C:\PROGRA~1\PANICW~1\POP-UP~2\dpps2.exe C:\WINNT\System32\internat.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe C:\Program Files\SmartDisk\FlashPath for SD Memory Card\FPSDstat.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINNT\system32\svchost.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\WinZip\winzip32.exe C:\unzipped\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchwww.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Basic\Search Bar.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4tech\Mouse\AWMMAIN.EXE O4 - HKLM\..\Run: [WebforiaClickbarRun] "C:\WINNT\CNN.com Europe Clickbar\clickbar.exe" O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~2\dpps2.exe" O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\PROGRA~1\GADWIN~1\PRINTS~1\PrintScreen.exe /nosplash O4 - Global Startup: FlashPath for SD Memory Card Status.lnk = C:\Program Files\SmartDisk\FlashPath for SD Memory Card\FPSDstat.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM) O9 - Extra button: Copernic Agent (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .eid: C:\Program Files\Internet Explorer\PLUGINS\NPIPRT32.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/AskBar-inst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d...ll/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...583.0133101852 O16 - DPF: {A6B13EE4-A974-11d2-8DB7-00C04FB6E8F6} (Clickbar Download) - http://europe.cnn.com/EUROPE/webfori.../cnneurope.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{50EED885-DBD0-402C-841F-D97AAAE9B2F2}: NameServer = 195.92.195.94 195.92.195.95 Hi Anne Marie,I thought I had cured the problem but it has come back I am posting another Hijack log as you asked Thanks lcyber
__________________
lcyber
|
|
#6
October 4th, 2003, 07:37 AM
|
||||
|
||||
|
Well, on the bright side your winsock layers are fine now.
Try repairing Internet Explorer. Go to Start > Settings and open Control Panel. Doubleclick on Add/Remove Programs and look in the list of installed programs for Microsoft Internet Explorer 6. When you find it, select it with your mouse and then click on Add/Remove. A dialogue box will open offering you three choices. Choose Repair Internet Explorer and follow the prompts.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 01:37 AM.
[
RSS ]
