| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64565 | 2005-12-19 20:29:00 | internet explorer errors. | jono98 (9448) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 414024 | 2005-12-19 20:29:00 | While browsing I am continually getting the message Internet explorer has encountered a problem and needs to close. Details: Appname iexplore Appver 6.0.2900.2180 Modname ntdll.dll Modver 5.1.2600.2180 Offset 003426f To explain how frustrating this is it occured last night at 8.16 pm, 8.20pm, 8.21pm and again at 8.26pm at which point I gave up and ended up watching Desperate Housewives! Each error has the same details except the Offset is different. I've done a bit of a search around and think it has something to do with NTDLL.DLL but dont know enough to know why or how. I run an Athlon XP2400+ with 512MB ram, GF FX5200 vid card and have just recently got broadband. (The above problem pretty much started the same day, or just after) have done full scan with Norton AV 2004. Have Adaware, Spybot and ZoneAlarm. I also update windows regularly. Please help. Jon. |
jono98 (9448) | ||
| 414025 | 2005-12-19 20:41:00 | Get Hijackthis (www.merijn.org) From here (www.spywareinfo.com) Unzip it first then scan and copy and paste the log here. Or paste the log here (www.hijackthis.de) |
Speedy Gonzales (78) | ||
| 414026 | 2005-12-19 21:16:00 | OK here goes.... Logfile of HijackThis v1.99.1 Scan saved at 10:14:39 a.m., on 20/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\taskswitch.exe C:\WINDOWS\System32\fast.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\Fast.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\jon\LOCALS~1\Temp\Rar$EX08.125\HijackT his.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xtramsn.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xtra O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://xtra.co.nz O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - www-secure.symantec.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - www.nick.com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www-secure.symantec.com O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - www.worldtourism.com.au O21 - SSODL: IEFilter - {DEF65112-B1D4-4A52-9A64-EDD308B9ECF6} - IEFilter.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
jono98 (9448) | ||
| 414027 | 2005-12-19 22:35:00 | Turn system restore off and boot into safe mode, and run hjt again. Tick these entries. Then tick fix checked. Then reboot. O21 - SSODL: IEFilter - {DEF65112-B1D4-4A52-9A64-EDD308B9ECF6} - IEFilter.dll (file missing) O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe - This maybe whats causing the prob with IE. The entries below arent nasty but not needed in startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit The iefilter.dll and service.exe file maybe related to this (www.sophos.com) |
Speedy Gonzales (78) | ||
| 414028 | 2005-12-20 00:25:00 | This is a hostile... O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe - Go to Start > Run and type cmd and OK. Type the below commands and hit "Enter" after each line sc stop Service sc delete Service Type Exit to close. ------------------------------ You can now delete this (red) file C:\WINDOWS\system32\Service.exe WARNING: Do not delete the C:\WINDOWS\system32\Services.exe note it has a "s" on the end. |
Pancake (6359) | ||
| 414029 | 2005-12-20 09:04:00 | Thanks Speedy Gonzales, all went well.........for a while. Had a good half hour or so of uninterupted surfing, first in a long while. Then things went a little crazy. Started getting pop ups telling me I had spyware........I ran Adaware, no result, and Spybot. It said I had Smitfraud??? When all this happened I was reading e-mails, my browser was sitting on the xtra home page so I dont know where it came from. I tried to remove Smitfraud using Spybot and it could not remove all of it. Now my screen is all wacked. I can only get a max 800x600 resolution and 4 colours? I was so happy earlier when the IE problem was fixed. Now this. Is it something to do with broadband? Problems only started since we got it last month. What do I do now? |
jono98 (9448) | ||
| 414030 | 2005-12-20 09:08:00 | As you will be working in safe mode its best if you print these instruction . Work throught the instructions in the order set out . Download all required program fixes first Download smitRem . exe ( . geekstogo . com/click%20counter/click . php?id=1" target="_blank">noahdfear . geekstogo . com) and save the file to your desktop . Double click on the file to extract it to it's own folder on the desktop . Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8 . Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode . Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED: Open the smitRem folder, then double click the RunThis . bat file to start the tool . Follow the prompts on screen . Wait for the tool to complete and disk cleanup to finish . ================================ Post a fresh HJT log when done . |
Pancake (6359) | ||
| 414031 | 2005-12-20 09:13:00 | Wow, quick reply . Just one question . "Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED" What are the following . . . . . . . or are they in the SmitRem folder? |
jono98 (9448) | ||
| 414032 | 2005-12-20 09:18:00 | What are the following.......or are they in the SmitRem folder? Whats the following say?? |
Speedy Gonzales (78) | ||
| 414033 | 2005-12-20 09:28:00 | Just wondering why hadn't anyone mention anything about abandoning IE and go for Firefox instead. Cheers :) |
Renmoo (66) | ||
| 1 2 | |||||