Internet Explorer freezes randomly – fixed with HijackThis [fi internet] [internet explorer]

Q: A few days ago I got about 5-10 spyware applications installed on my WinXP computer. I have them all removed using Ad-Aware and Spybot, and a stubborn one I removed and deleted from the registry manually (hnfagmhr5.exe) 0.

Anyway, because removing all that, the system runs great, except for Internet Explorer. Sometimes when I start IE, it just freezes or gives the Microsoft program closes window asking me if I want to report the problem. If I open another instance of IE, while the first is freezing, the second IE will work fine for a while.

I I reinstalled Service Pack 2, and can not really find a way to reinstall IE. So if anyone has any suggestions (other than using another browser or reinstall Windows), let me know.

Thanks!

Edit:
Fixed thanks to Guy and HijackThis, below.

---

Internet Rags-to-Riches
Re:Yes ! IE can be controlled and firefox is not the fix thet everyone thinks it is,all have faults,take control of your comp,and watch where you browse.

Never accept and download from sites you are not sure of.

---

Internet Rags-to-Riches
Re:Thanks for the info, guy. I would have thought something like hijackthis was incorporated in anti-spyware apps already But anyhow, I ran it and selected to fix a few things that looked suspicious and now IE seems to be working fine.

I think these dll's (which look like they were randomly generated) were causing my problems:
O2 – BHO: (no name) – {64165E89-E7AC-FCB0-7094-48A6E771FB7A} – C:\WINDOWS\system32\vidzrqwh.dll
O2 – BHO: (no name) – {B12AC1B8-A1AE-617B-116E-54DD30403192} – C:\WINDOWS\system32\battpxll.dll

There's a few other "file missing" entries that I should also probably get rid of..

Here's my before and after hijack this logs:

Logfile of HijackThis v1.99.0
Scan saved at 9:28:46 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe\Desktop\HijackThis.exe

R3 – Default URLSearchHook is missing
O2 – BHO: NavErrRedir Class – {0199DF25-9820-4bd5-9FEE-5A765AB4371E} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {64165E89-E7AC-FCB0-7094-48A6E771FB7A} – C:\WINDOWS\system32\vidzrqwh.dll
O2 – BHO: (no name) – {B12AC1B8-A1AE-617B-116E-54DD30403192} – C:\WINDOWS\system32\battpxll.dll
O3 – Toolbar: (no name) – {E0E899AB-F487-11D5-8D29-0050BA6940E3} – (no file)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v…86/client/wuweb_site.cab?1105020740109 (http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105020740109)
O17 – HKLM\System\CCS\Services\Tcpip\..\{FA88EBD8-BAFF-40AD-BEAD-8F1D0AFDF3D1}: NameServer = 192.168.0.1
O23 – Service: MySql – Unknown – C:/mysql/bin/mysqld-nt.exe
O23 – Service: OracleCSService – Unknown – D:\oracle\bin\ocssd.exe
O23 – Service: OracleDBConsoleTom – Oracle Corporation – D:\oracle\bin\nmesrvc.exe
O23 – Service: OracleOraDb10g_home1SNMPPeerEncapsulator – Unknown – D:\oracle\BIN\ENCSVC.EXE
O23 – Service: OracleOraDb10g_home1SNMPPeerMasterAgent – Unknown – D:\oracle\BIN\AGNTSVC.EXE
O23 – Service: OracleServiceTOM – Oracle Corporation – d:\oracle\bin\ORACLE.EXE
O23 – Service: Sandra Data Service – SiSoftware – C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 – Service: Sandra Service – SiSoftware – C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

———————————–
After:

Logfile of HijackThis v1.99.0
Scan saved at 9:51:33 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe\Desktop\HijackThis.exe

O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {64165E89-E7AC-FCB0-7094-48A6E771FB7A} – (no file)
O2 – BHO: (no name) – {B12AC1B8-A1AE-617B-116E-54DD30403192} – (no file)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v…86/client/wuweb_site.cab?1105020740109 (http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105020740109)
O17 – HKLM\System\CCS\Services\Tcpip\..\{FA88EBD8-BAFF-40AD-BEAD-8F1D0AFDF3D1}: NameServer = 192.168.0.1
O23 – Service: MySql – Unknown – C:/mysql/bin/mysqld-nt.exe
O23 – Service: OracleCSService – Unknown – D:\oracle\bin\ocssd.exe
O23 – Service: OracleDBConsoleTom – Oracle Corporation – D:\oracle\bin\nmesrvc.exe
O23 – Service: OracleOraDb10g_home1SNMPPeerEncapsulator – Unknown – D:\oracle\BIN\ENCSVC.EXE
O23 – Service: OracleOraDb10g_home1SNMPPeerMasterAgent – Unknown – D:\oracle\BIN\AGNTSVC.EXE
O23 – Service: OracleServiceTOM – Oracle Corporation – d:\oracle\bin\ORACLE.EXE
O23 – Service: Sandra Data Service – SiSoftware – C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 – Service: Sandra Service – SiSoftware – C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

---

Internet-Starter-Package
Re:No offense, but I hate answers like that. The guy wants his IE to work. He didn't ask about Firefox. And don't kid yourself, Firefox is NOT the perfect browser. Exploits have already been found. And that's no knock on Firefox. I like it, myself. But there's no perfect OS, and certainly no perfect browser.

By the way, IE is integral to the operating system. Removing it is impractical, if not impossible.

When asked why he robbed banks, Willie Sutton said "because that's where the money is".
That's why hackers and other malcontents spend their time looking for MS exploits. Because that's where the users are.

You're only kidding yourself if you think that if Firefox starts gaining significant market share, it won't get a corresponding significant rise in the amount of hack attempts and exploits.

Now, to the original problem:

You've run some antispyware stuff…good.

Have you run "hijackthis.exe"? You should, and you should post the results here (copy and paste the results)

http://www.merijn.org/files/hijackthis.zip

Unzip it, run it…choose "Scan" for now, and post the results here or Private Message me with the results.

There are other fixes (nothing drastic like a reformat!) that you can do, too, but first do the hijackthis report.

---

Internet Musikschule
Re:REMOVE IE, INSTALL FIREFOX, BE HAPPY. =D

Seriously man, ie sucks, your whole system will get filled with spyware, I found using mozilla firefox to be the BEST choice I have ever made.

---

Related posts

• Which version of Internet Explorer (IE) is the best? [explorer ie] [internet explorer] (0)
• Where is the 'download link' setting in Internet Explorer setting is stored? [software section] [internet explorer] (0)
• Where can I get Internet Explorer 6 and save it as a file? [internet explorer] [modem] (0)
• What is the use of 64-bit version of Internet Explorer? [firefox] [internet explorer] (0)
• what does it mean when the collision light blinks like crazy? [dls] [internet explorer] (0)

Tags: fi internet, internet explorer