IE6.0 SP1 probs HJthis Log incl.

E

Ed G

Guys

After upgrading to IE 6 SP1, I have been having problems
whenever I try to sign onto certain sites (such as
www.aol.com). I get this error message "IEXPLORE caused an
invalid page fault in module Kernel 32". Ran Spybot and
got rid of all unwanted spyware. Ran hijack this, but am
uncertain on what should be deleted if anything.

Hijackthis log enclosed below. Any help would be greatly
appreciated.

Ed G


==========================================================

Logfile of HijackThis v1.97.3
Scan saved at 1:32:31 AM, on 11/3/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\DEVLDR16.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS.000\SYSTEM\SVCPACK.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\LOADQM.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WASHER\WASHER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://msn.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = http:///
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = http:///
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http:///
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar = http:///
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,HomeOldSP = http://cool-homepage.com/
F1 - win.ini: run=C:\WINDOWS.000\svcpack.exe
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-
AC7CC6B5FFB1} - C:\WINDOWS.000\MSGJGK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-
715F53797E85} - C:\WINDOWS.000\SYSTEM\DREPLACE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000
\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000
\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1
\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM
FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program
Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CreativeMixer] C:\Program
Files\Creative\Sharedll\AHQ\CTMIX32.EXE /t
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.000\Updreg.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1
\DEFALERT.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS.000
\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000
\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS.000
\SYSTEM\svcpack.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Washer] C:\Program
Files\Washer\washer.exe /0
O4 - Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?37926.3355208333



..
 
S

siljaline

Ed G said:
Guys

After upgrading to IE 6 SP1, I have been having problems
whenever I try to sign onto certain sites (such as
www.aol.com). I get this error message "IEXPLORE caused an
invalid page fault in module Kernel 32". Ran Spybot and
got rid of all unwanted spyware. Ran hijack this, but am
uncertain on what should be deleted if anything.

Hijackthis log enclosed below. Any help would be greatly
appreciated.

Ed G
Click to expand...

<log snipped>

Ed,

Please post your log here, for *expert* analysis:
http://forums.spywareinfo.com/
Sign in, or post as a guest in "Spyware and Hijackware Removal Support".

Regards and good luck.

--

siljaline MS - MVP IE/OE

(Please reply to group, as reply address is invalid,
so that we can all benefit)
 
Y

YoKenny

This is a CoolWebSearch variant.
Get CWShredder http://www.spywareinfo.com/~merijn/files/cwshredder.zip
unpack it and run the CWShredder.exe.

Delete all it finds. Reboot and rerun HijackThis and insure the following
are removed. Do not have any other applications running.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
http://cool-homepage.com/
F1 - win.ini: run=C:\WINDOWS.000\svcpack.exe
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} -
C:\WINDOWS.000\MSGJGK.DLL

The best place to go for HijackThis help is
http://forums.spywareinfo.com/index.php?showforum=11 and read the FAQ.

Ed said:
Guys

After upgrading to IE 6 SP1, I have been having problems
whenever I try to sign onto certain sites (such as
www.aol.com). I get this error message "IEXPLORE caused an
invalid page fault in module Kernel 32". Ran Spybot and
got rid of all unwanted spyware. Ran hijack this, but am
uncertain on what should be deleted if anything.

Hijackthis log enclosed below. Any help would be greatly
appreciated.

Ed G
Click to expand...
<snip long log>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

elite***32.exe [*** = random char] and EliteToolBar - please help remove 2
Bug from Hell 2
PLS HELP...(about: blank) 1
Weird Behavior 1
Help with highjack please 5
IE6 slow and hangs when launched 4
IE stops working after 3-4 minutes--attn MVPs 1
ie6 won't open any sites: netscape OK 6

Top