IE6 SP1 Not responding

[Dave Partridge]

When I key in a web address that isn't in the drop down
history of the address bar, and I don't prefix it with
http://, IE6 SP1 just hangs up when I press the enter key.

The only way I've found to get out of this is to kill IE6
using Task Manager.

Environment:

Win2000 SP4 plus Windows update fixes to date
IE6 SP1 plus Windows update fixes to date

I have checked for the usual culprits with Ad-Aware and
Spy-Bot S&D.

FWIW I do have Norton Internet Security on the machine,
but it reports nothing in the logs.

 

[Robert Aldwinckle]

When I key in a web address that isn't in the drop down
history of the address bar, and I don't prefix it with
http://, IE6 SP1 just hangs up when I press the enter key.

Clear History. If necessary temporarily disable security programs.


---

 

[Dave partridge]

Seems a tad brutal, but I'll try anything once.

Can you explain why this works?

Thanks
Dave

 

[Robert Aldwinckle]

Clear History. If necessary temporarily disable security programs.

Seems a tad brutal, but I'll try anything once.

Can you explain why this works?

Maybe it would be sufficient to turn off AutoComplete as a test first.

<title>KB221085 - Error Message Typing Address in Address Box or in Open Box</title>

<title>KB251787 - Delayed Response When Editing Internet Explorer Forms and Outlook Express May Take a Long Time to Start</title>


Then if your symptom changes you will know that corrupt History is
more likely.


The point about your security programs is that certain ones are known
to interfere which the operation of the History folder.

Thanks
Dave

Good luck

Robert[/QUOTE]

 

[Dave Partridge]

Well I tried disabling NIS and NAV and deleted my History,
but this didn't change the behaviour:

No http:// => hung IE every time.

Surely this is a known problem with a fix!

Dave

-----Original Message----- security programs.




Maybe it would be sufficient to turn off AutoComplete as a test first.

<title>KB221085 - Error Message Typing Address in Address

<title>KB251787 - Delayed Response When Editing Internet

Explorer Forms and Outlook Express May Take a Long Time to

 

[Robert Aldwinckle]

Maybe it would be sufficient to turn off AutoComplete as a test first.

Did disabling AutoComplete change the symptom at all?

Mike Burgess has some stronger medicine if the the History folder
is the cause. Search for his recent posts which mention delcache
or just try

http://www.mvps.org/winhelp2002/delcache.htm


Oh. It sounds as if the error symptom does not occur until *after* you
press Enter. Then, if you are allowing search from the Address bar,
a search hijacker would be a more likely cause. Do all the *latest* scans
for malware. It might be sufficient as a test to disable search from the
Address bar (e.g. via the Options, Advanced tab) but I wouldn't be surprised
if that setting could appear to be ignored. (E.g. at one point the standard
Explorer search bar's Customize... dialog was the only way to set a user's
preferences reliably.) So Ctrl-e,Alt-z,Alt-A might be a better route to try.
It also might yield more clues.


Have you tried Reset Web Settings... or an IE Repair?
Sometimes they have been able to shed some of the tamer
hijackers. One caveat about Reset Web Settings... (Options, Program tab)
somebody who didn't tell me about his Google bar tried it once and
apparently caused his Google bar some difficulty. YMMV.


Good luck

Robert

 

[Guest]

Disabling auto-complete didn't change things.

Already scanned with latest Ad-Aware and SpyBot S&D, and
Norton AV.

Complete reinstall of IE6 SP1 more times than I can shake
a stick at.

Autosearch setting point to MSN and say go to most likely
site (using key stroke sequence you described).

I'll try changing the autlookup to use Lycos and see what
happens.

Dave

 

[Dave Partridge]

Update: Using lycos and reenabling autocomplete appeared
to work. However this only worked one time.

Normal (broken) service has resumed.

Interesting to note that even tho' I've reenabled
autocomplete it doesn't always do it, however it is when I
press Enter that the hang occurs (note well that it isn't
trying to connect to the search site). Selecting a web
address from the drop down or that has been autocompleted
works always, as does one prefixed with http://

Dave

 

[Robert Aldwinckle]

Update: Using lycos and reenabling autocomplete appeared
to work. However this only worked one time.

Normal (broken) service has resumed.

Interesting to note that even tho' I've reenabled
autocomplete it doesn't always do it, however it is when I
press Enter that the hang occurs (note well that it isn't
trying to connect to the search site). Selecting a web
address from the drop down or that has been autocompleted
works always, as does one prefixed with http://

Entering anything from the Address bar which doesn't have
something recognizable as a protocol prefix has to be processed
somehow. There are some prefix patterns in the registry which
might be involved (but which can be used by hijackers); otherwise
a search may be done with it.

See if HijackThis! picks anything up? Have you tried the latest
"Cool Web Shredder"? See others' posts for links for these tools.


Good luck

Robert
---

 

[Dave Partridge]

I had already manually checked the obvious IE registry
entries, and had run CWShredder which said all was clear.

To reiterate, all the following say my system is clean:

Norton Anti-Virus
Ad-Aware
SpyBot S&D
CWShredder

Here's the log from HiJackThis - which looks all fine to
me:

Logfile of HijackThis v1.97.7
Scan saved at 08:59:54, on 30/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Acronis\Schedule2
\schedul2.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Executive
Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\atiisrgl.exe
C:\Program Files\Kiwi\Syslogd\Syslogd_Service.exe
C:\Program Files\IBM\MQSeries\bin\amqsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\IBM\MQSeries\bin\amqmsrvn.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\TpChrSrv.exe
C:\Program Files\VMware\VMware Workstation\Programs\vmware-
authd.exe
C:\WINNT\System32\vmnetdhcp.exe
C:\WINNT\System32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common
Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2
\schedhlp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nokia\Nokia PC Suite 5\PcSync.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\IBM\MQSeries\bin\amqmtbrn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\IBM\Bluetooth Software\BTStackServer.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\QUICKV~1\PROGRAM\QVP32.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Download\CW Shredder\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager]
mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1
\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [CSScheduleCheck]
C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [TimeSync] C:\PROGRA~1
\TimeSync\TimeSync.exe /t
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1
\TP98TRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia
PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program
Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [frymxins] "C:\Program Files\ATI
Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [FRYHIGHRES] rundll32 "C:\WINNT\System32
\atipmogl.dll",DetectHighResMonitor
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BMMLREF] C:\Program
Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1
\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog
Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program
Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program
Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program
Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program
Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC
Suite 5\PcSync.exe
O4 - Global Startup: BTTray.lnk = C:\Program
Files\IBM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VMware Toolbox.lnk = C:\Program
Files\VMware\VMTBox.exe
O4 - Global Startup: WebSphere MQ Task Bar.lnk =
C:\Program Files\IBM\MQSeries\bin\amqmtbrn.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: symsupportutil - https://www-
secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED}
(Support.com ActionRunner Class) - file://C:\Program
Files\ThinkPad\Access
Support\Agent\common\install\sprt\tgctlar.cab
O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS
Tracker I-Net Client for MSIE) -
http://62.17.172.97/trackdoc/trkpm660ie.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office
Update Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM
Access Support) - http://www-
306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl
..CAB?37869.3535648148
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
(Symantec RuFSI Registry Information Class) -
http://security3.norton.com/SSC/SharedContent/sc/bin/cabsa.
cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
https://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
(GpcContainer Class) -
https://mqsoftware.webex.com/client/latest/webex/ieatgpc.ca
b
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3}
(acpRunner Class) - https://www-
3.ibm.com/pc/support/access/aslibmain/aslib/content/AcpCont
rol.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30AACE74-C1B8-
48B7-AC25-7CB75357CFF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{72CE71DC-BE5D-
4142-9FAA-DF6EA9B7F5C9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{30AACE74-C1B8-
48B7-AC25-7CB75357CFF9}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{30AACE74-C1B8-
48B7-AC25-7CB75357CFF9}: NameServer = 192.168.1.1

Dave

 

[Frank Saunders, MS-MVP]

When I key in a web address that isn't in the drop down
history of the address bar, and I don't prefix it with
http://, IE6 SP1 just hangs up when I press the enter key.

The only way I've found to get out of this is to kill IE6
using Task Manager.

Environment:

Win2000 SP4 plus Windows update fixes to date
IE6 SP1 plus Windows update fixes to date

I have checked for the usual culprits with Ad-Aware and
Spy-Bot S&D.

FWIW I do have Norton Internet Security on the machine,
but it reports nothing in the logs.

Using Regedit, browse to the following registry key and make sure the noted
setting is correct:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]
"Append Completion"="yes"

also see the following values:

"Use AutoComplete"="yes"
"AutoSuggest"="no"

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Guest]

All appears to be present and correct ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Explorer\AutoComplete]
"Append Completion"="yes"
"AutoSuggest"="yes"

One thing for sure the problem is a) persistent, and b)
consistent :-(

Dave

-----Original Message-----

When I key in a web address that isn't in the drop down
history of the address bar, and I don't prefix it with
http://, IE6 SP1 just hangs up when I press the enter key.

The only way I've found to get out of this is to kill IE6
using Task Manager.

Environment:

Win2000 SP4 plus Windows update fixes to date
IE6 SP1 plus Windows update fixes to date

I have checked for the usual culprits with Ad-Aware and
Spy-Bot S&D.

FWIW I do have Norton Internet Security on the machine,
but it reports nothing in the logs.

Using Regedit, browse to the following registry key and make sure the noted
setting is correct:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Explorer\AutoComplete]
"Append Completion"="yes"

also see the following values:

"Use AutoComplete"="yes"
"AutoSuggest"="no"

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/


.

 

[Frank Saunders, MS-MVP]

I had already manually checked the obvious IE registry
entries, and had run CWShredder which said all was clear.

To reiterate, all the following say my system is clean:

Norton Anti-Virus
Ad-Aware
SpyBot S&D
CWShredder

Here's the log from HiJackThis - which looks all fine to
me:

Logfile of HijackThis v1.97.7
Scan saved at 08:59:54, on 30/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Dave

**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Frank Saunders, MS-MVP IE/OE]

All appears to be present and correct ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Explorer\AutoComplete]
"Append Completion"="yes"
"AutoSuggest"="yes"

One thing for sure the problem is a) persistent, and b)
consistent :-(

Dave

-----Original Message-----

When I key in a web address that isn't in the drop down
history of the address bar, and I don't prefix it with
http://, IE6 SP1 just hangs up when I press the enter key.

The only way I've found to get out of this is to kill IE6
using Task Manager.

Environment:

Win2000 SP4 plus Windows update fixes to date
IE6 SP1 plus Windows update fixes to date

I have checked for the usual culprits with Ad-Aware and
Spy-Bot S&D.

FWIW I do have Norton Internet Security on the machine,
but it reports nothing in the logs.

Using Regedit, browse to the following registry key and make sure
the noted setting is correct:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Explorer\AutoComplete]
"Append Completion"="yes"

also see the following values:

"Use AutoComplete"="yes"
"AutoSuggest"="no"

Check the below Registry entries vs. yours:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
Default="http://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Guest]

Here's what is there:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

Is the first one (the (Default) entry) as you expect, or
did you expect to see a string value with the explicit
name Default?

Dave

Check the below Registry entries vs. yours:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\URL\DefaultPrefix]

Default="http://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/


.