Internet Explorer freezes randomly - fixed with HijackThis

[Kogan]

A few days ago I got about 5-10 spyware applications installed on my WinXP computer. I removed them all using ad-aware and spybot, and one stuborn one I deleted and removed from the registry manually (hnfagmhr5.exe).

Anyhow, since removing all of those, the system runs great except for internet explorer. Sometimes when I start IE, it just freezes or gives the microsoft close program window that asks me if I want to report the problem. If I open another instance of IE while the first one is freezing, the 2nd IE usually works fine for a while.

I've re-installed service pack 2, and can't really find a way to re-install IE. So if anyone has any suggestions (other than using a different browser or re-installing windows), please let me know.

Thanks!

Edit:
Fixed thanks to Slikkster and HijackThis, see below.

 

[fstime]

REMOVE IE, INSTALL FIREFOX, BE HAPPY. =D

Seriously man, ie sucks, your whole system will get filled with spyware, I found using mozilla firefox to be the BEST choice I have ever made.

 

[Slikkster]

No offense, but I hate answers like that. The guy wants his IE to work. He didn't ask about Firefox. And don't kid yourself, Firefox is NOT the perfect browser. Exploits have already been found. And that's no knock on Firefox. I like it, myself. But there's no perfect OS, and certainly no perfect browser.

By the way, IE is integral to the operating system. Removing it is impractical, if not impossible.

When asked why he robbed banks, Willie Sutton said "because that's where the money is".
That's why hackers and other malcontents spend their time looking for MS exploits. Because that's where the users are.

You're only kidding yourself if you think that if Firefox starts gaining significant market share, it won't get a corresponding significant rise in the amount of hack attempts and exploits.


Now, to the original problem:

You've run some antispyware stuff...good.

Have you run "hijackthis.exe"? You should, and you should post the results here (copy and paste the results)

http://www.merijn.org/files/hijackthis.zip

Unzip it, run it...choose "Scan" for now, and post the results here or Private Message me with the results.

There are other fixes (nothing drastic like a reformat!) that you can do, too, but first do the hijackthis report.

 

[Kogan]

Thanks for the info, Slikkster. I would have thought something like hijackthis was incorporated in anti-spyware apps already But anyhow, I ran it and selected to fix a few things that looked suspicious and now IE seems to be working fine.

I think these dll's (which look like they were randomly generated) were causing my problems:
O2 - BHO: (no name) - {64165E89-E7AC-FCB0-7094-48A6E771FB7A} - C:\WINDOWS\system32\vidzrqwh.dll
O2 - BHO: (no name) - {B12AC1B8-A1AE-617B-116E-54DD30403192} - C:\WINDOWS\system32\battpxll.dll

There's a few other "file missing" entries that I should also probably get rid of..

Here's my before and after hijack this logs:

Logfile of HijackThis v1.99.0
Scan saved at 9:28:46 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64165E89-E7AC-FCB0-7094-48A6E771FB7A} - C:\WINDOWS\system32\vidzrqwh.dll
O2 - BHO: (no name) - {B12AC1B8-A1AE-617B-116E-54DD30403192} - C:\WINDOWS\system32\battpxll.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v...86/client/wuweb_site.cab?1105020740109
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA88EBD8-BAFF-40AD-BEAD-8F1D0AFDF3D1}: NameServer = 192.168.0.1
O23 - Service: MySql - Unknown - C:/mysql/bin/mysqld-nt.exe
O23 - Service: OracleCSService - Unknown - D:\oracle\bin\ocssd.exe
O23 - Service: OracleDBConsoleTom - Oracle Corporation - D:\oracle\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1SNMPPeerEncapsulator - Unknown - D:\oracle\BIN\ENCSVC.EXE
O23 - Service: OracleOraDb10g_home1SNMPPeerMasterAgent - Unknown - D:\oracle\BIN\AGNTSVC.EXE
O23 - Service: OracleServiceTOM - Oracle Corporation - d:\oracle\bin\ORACLE.EXE
O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

-----------------------------------
After:

Logfile of HijackThis v1.99.0
Scan saved at 9:51:33 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64165E89-E7AC-FCB0-7094-48A6E771FB7A} - (no file)
O2 - BHO: (no name) - {B12AC1B8-A1AE-617B-116E-54DD30403192} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v...86/client/wuweb_site.cab?1105020740109
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA88EBD8-BAFF-40AD-BEAD-8F1D0AFDF3D1}: NameServer = 192.168.0.1
O23 - Service: MySql - Unknown - C:/mysql/bin/mysqld-nt.exe
O23 - Service: OracleCSService - Unknown - D:\oracle\bin\ocssd.exe
O23 - Service: OracleDBConsoleTom - Oracle Corporation - D:\oracle\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1SNMPPeerEncapsulator - Unknown - D:\oracle\BIN\ENCSVC.EXE
O23 - Service: OracleOraDb10g_home1SNMPPeerMasterAgent - Unknown - D:\oracle\BIN\AGNTSVC.EXE
O23 - Service: OracleServiceTOM - Oracle Corporation - d:\oracle\bin\ORACLE.EXE
O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

 

[Blazer]

Yes ! IE can be controlled and firefox is not the fix thet everyone thinks it is,all have faults,take control of your comp,and watch where you browse.

Never accept and download from sites you are not sure of.

 

[PascalT]

www.firefox.com