Internet explorer problems

Status
Not open for further replies.

vilejames

Solid State Member
Messages
14
I am having many problems with internet explorer 6.0.

1) explorer keeps crashing after 1-2 mins on the net
2) it never remembers my homepage and loads up a blank page

I cant seem to get it to fully uninstall- I want to put it back on fresh and hopefully their wont be anymore problems. Im on windows 98. Any help would be great!
 
copy of the log

I have used adaware and here is a copy of the log...


Logfile of HijackThis v1.97.7
Scan saved at 18:08:58, on 10/05/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\PROGRAM FILES\OPISTAT\OPISTAT\OPISTAT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\IXFRVPS.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
D:\PROGRAM FILES\MICROSOFT INTERNET\IEXPLORE.EXE
D:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
C:\WINDOWS\RUNDLL32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-search.com/home.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R3 - URLSearchHook: {CF746002-94FB-101B-8C12-02608C454BFF} - - (no file)
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL
O2 - BHO: (no name) - {80BE7181-9A2D-11D8-83DC-00401F332DA3} - C:\WINDOWS\SYSTEM\MGK.DLL
O2 - BHO: (no name) - {73F41DC9-BA87-4884-974E-50469F619588} - C:\WINDOWS\LIEBK.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OPISTAT\OPISTAT\OPISTAT.EXE
O4 - HKLM\..\Run: [Norman ZANDA] D:\NORMAN\NVC\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [cgwf] C:\WINDOWS\ixfrvps.exe
O4 - HKLM\..\Run: [CloneCDTray] "d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVG_CC] d:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Norman ZANDA] D:\NORMAN\NVC\BIN\ZANDA.EXE /LOAD
O4 - HKLM\..\RunServices: [SCardSvr] C:\WINDOWS\SYSTEM\SCardSvr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] d:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Update2] c:\windows\system\explorer.exe
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - HKCU\..\Run: [sr64] C:\WINDOWS\SYSTEM\SR64\ANHFENFI.EXE
O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe
O4 - HKCU\..\Run: [SpyKiller] d:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Download with NetPumper - D:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.anna-kournikova-nude-pics-naked-pictures.com/lsdialer.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {05F0DE7F-30F7-4376-8CF7-3B3709FC986B} (VacPro.UK) - http://www.7adpower.com/dialer/UK.CAB
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://www.lesbians4free.com/cab/lesbians.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27f1a1d75c685f41ed22/netzip/RdxIE601.cab
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} (NSLiteUpdateCtrl Class) - http://217.145.76.16/nslite/nslite.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38082.0440625
O16 - DPF: {11111111-1111-1111-1111-111111111435} - http://thumbest.ud-dial.biz/dexmsbb.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = home
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1


Hope you can find something to help
 
first put hjt into its own folder not imto a temp or on the desktop

next down load these
CWShredder by Merijn Bellekom, the creator of Hijack This http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

Spybot - Search & Destroy from http://security.kolla.de

next

CWShredder

Run it, press 'Fix', and allow it to fix all it finds.
And remember to click "Fix" (Not "Scan only")
Reboot

Run Spybot - Search & Destroy

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED
Reboot

run hjackthis put a check next to these close all browsers and hit fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\MGK.DLL/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-search.com/home.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R3 - URLSearchHook: {CF746002-94FB-101B-8C12-02608C454BFF} - - (no file)
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)



O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL
O2 - BHO: (no name) - {80BE7181-9A2D-11D8-83DC-00401F332DA3} - C:\WINDOWS\SYSTEM\MGK.DLL
O2 - BHO: (no name) - {73F41DC9-BA87-4884-974E-50469F619588} - C:\WINDOWS\LIEBK.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [cgwf] C:\WINDOWS\ixfrvps.exe
O4 - HKCU\..\Run: [System Update2] c:\windows\system\explorer.exe
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - HKCU\..\Run: [sr64] C:\WINDOWS\SYSTEM\SR64\ANHFENFI.EXE
O4 - HKCU\..\Run: [Disk Master] C:\windows\diskserv.exe
O4 - Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O13 - WWW. Prefix: http://
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.anna-kournikova-nude-pics-naked-pictures.com/lsdialer.cab
O16 - DPF: {05F0DE7F-30F7-4376-8CF7-3B3709FC986B} (VacPro.UK) - http://www.7adpower.com/dialer/UK.CAB
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://www.lesbians4free.com/cab/lesbians.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27f1a1d75c685f41ed22/netzip/RdxIE601.cab
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} (NSLiteUpdateCtrl Class) - http://217.145.76.16/nslite/nslite.cabO16 - DPF: {11111111-1111-1111-1111-111111111435} - http://thumbest.ud-dial.biz/dexmsbb.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/roing.cab

reboot into safe mode


delete these

C:\WINDOWS\ixfrvps.exe
C:\WINDOWS\LIEBK.DLL
C:\WINDOWS\SYSTEM\MGK.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL
c:\windows\system\explorer.exe
C:\windows\dxsound.exe
C:\windows\diskserv.exe
C:\WINDOWS\ex.htm


repost another log
 
Status
Not open for further replies.
Back
Top Bottom