MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Dser.exe and Iexplore problems
July 19, 2019, 02:40:50 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 19, 2019, 02:40:50 AM

Login with username, password and session length
 
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Dser.exe and Iexplore problems  (Read 4565 times)
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« on: November 01, 2004, 04:32:31 PM »

Hi Grin I have been having problems with Iexplore (or lexplore?) for around a year now causing shut downs in kernel32 and all sorts of variant problems of it but always Iexplore as the cause of shut downs. I got another computer 3 days ago and lo and behold the same problem with Iexplore despite me running Zone Alarm, Adaware and AVG all free editions (thanks for the sticky about AVG btw Sad ) To say i find this and odd coincidence would be an understatement. The problem seems to have been doubled by the new to me Dser.exe which i think has something to do with the services.exe file. Doesn't seem a major problem that one as ZA wont let it in. I have read a post by Shuichi(?) regarding a similar problem to mine but minus the change of computer scenario. Anyway, i have done a hijackthis log file and here are the results below. Just to say this 'new' computer of mine is 2nd hand but serviced by an engineer although nothing can explain the Iexplore continual nuisance on 2 computers working from the same place. This computer replaced my last one completely btw. Hopefully someone can help me clear this problem up once and for all. I am also not exactly a genius on computer language and very easily confused Embarrassed so please keep it basic if you can. Your help is much appreciated Grin Oh, my settings are set to 'show all hidden files and folders' already

Logfile of HijackThis v1.98.2
Scan saved at 05:34:02, on 01/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\MSOFFICE\SERVICES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\APPLICATION DATA\DSER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\SYSTEM\CUSTOMIE32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSOffice] C:\WINDOWS\SYSTEM\MSOFFICE\SERVICES.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Uhri] C:\WINDOWS\Application Data\dser.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #1 on: November 01, 2004, 04:41:22 PM »

As and add on thought i'd mention a couple of points. Dser.exe is said by Zone Alarm to be found in C:\WINDOWS\Application Data\dser.exe but i have been in and searched and it doesn't appear to be there, all files are showing. However Dser will appear in the opening dialog box when i first come online if i press alt ctl del once to view what is loaded and then it will try to access the internet. 2nd point i am almost 100% sure that the 2 problems are unconnected as Iexplore has been problematic for a long time Dser/exe is just 3 days old. Hope you have all the info needed to assist me Grin Thanks again
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #2 on: November 01, 2004, 04:48:30 PM »

There's always time for a bit more Tongue Just to say the services.exe which tried to access the internet is connected with MSoffice which i've only just got for the first time too. I allowed it in ZA as it is the only thing currently in the MSoffice folder and assumed it was ok until ZA took me to a warning Trojan 'page'. I have tried to isolate and remove the services.exe file but it will not allow it. Hope this helps a bit more Grin
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #3 on: November 02, 2004, 02:52:28 PM »

Hi again. Here are the results of the Norwegian jury Grin Hope this helps a bit more. Incidentally there are things i have on this computer that i may well not want or ever use so if something is a hassle if you could pinpoint it then i'll see if i want or not. Forgot about CWshredder as i used it once long ago but had nothing on my computer then. Not sure you need the last 2/3rds of the this one below but given anyway. Btw, it appears my notepad has now gone missing (was there 2 days ago) and i have no idea where it is. I've usede wordpad here but any ideas where i can find my notepad? Sad Thanks again Tongue

Service load:  0%        100%  
 
File:  SERVICES.EXE  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
Packers detected:  PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
   
AntiVir  No viruses found (1.30 seconds taken)
Avast  No viruses found (4.59 seconds taken)
BitDefender  Trojan.Downloader.Agent.EQ (2.55 seconds taken)
ClamAV  Trojan.Downlader.Small-160 (2.85 seconds taken)
Dr.Web  Trojan.DownLoader.909 (4.60 seconds taken)
F-Prot Antivirus  W32/Agent.DZ@dl (0.37 seconds taken)
Kaspersky Anti-Virus  TrojanDownloader.Win32.Agent.eq (5.86 seconds taken)
mks_vir  No viruses found (1.43 seconds taken)
NOD32  No viruses found (2.69 seconds taken)
Norman Virus Control  No viruses found (25.75 seconds taken)
   
Statistics  
Last piece of malware found was Backdoor.AnaFTP.0.1 in fpt1.exe, detected by:

Scanner  Malware name  Time taken  
AntiVir  X  1.30 seconds  
Avast  X  4.59 seconds  
BitDefender  Backdoor.AnaFTP.0.1  8.71 seconds  
ClamAV  X  2.83 seconds  
Dr.Web  BackDoor.AnFTP.1  5.69 seconds  
F-Prot Antivirus  X  0.42 seconds  
Kaspersky Anti-Virus  Backdoor.AnaFTP.01.a  4.44 seconds  
mks_vir  X  1.61 seconds  
NOD32  X  2.30 seconds  
Norman Virus Control  Sandbox: W32/Malware  4.64 seconds  


 
Service statistics:

2526 files (1841 of those unique) have been uploaded & scanned since 26/10/2004, the day of the last database purge.
660 of those 1841 files contained a virus or any other form of malware.
This page has been visited 6504 times in this time period.
This service managed to spot 33 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 228 suspicious files without any help from scanner results.
However, 19 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 98.97% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.  
Most popular malware:

Rank  Malware name  Uploaded  Last known filename  
1  backdoor.sdbot.gen  32 times  rb.exe  
2  backdoor.agobot.3.gen  27 times  backupf.exe  
3  worm/bagle.at.2  24 times  Joke.scr  
4  win32:trojan-gen. {other}  21 times  server.exe  
5  tr/dldr.small.uv.3  18 times  lssas.exe  
6  tr/spam.avafx  18 times  vbsys.dll  
7  backdoor.win32.rbot.gen  14 times  rBot.exe  
8  win32.bagle.10.gen@mm  14 times  Price.cpl  
9  js:istbar  12 times  opr00226.js  
10  behaveslike:win32.explorerhijack  9 times  server2.exe  
11  tr/dldr.small.lx  9 times  MSMSGSVC.exe  
12  win32.p2p.spybot.gen  8 times  vpc32.exe  
13  bds/picharad  8 times  winset32.exe  
14  trojan.muldrop.1159  8 times  keygen.exe  
15  tr/dldr.istbar.er  8 times  crack.exe  
 


Logfile of HijackThis v1.98.2
Scan saved at 14:49:15, on 02/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\APPLICATION DATA\DSER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\SYSTEM\CUSTOMIE32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Uhri] C:\WINDOWS\Application Data\dser.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #4 on: November 02, 2004, 02:58:10 PM »

Incidentally i don't want to have anything like msn messenger which to my knowledge are for not a lot more than that most heinous of web activities, the chat. I don't and will never do chat rooms so getting shot of anything like thbis would be good if problematic. Thanks again
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: November 03, 2004, 01:50:47 AM »

Hi Jaxa,
Can you open CWShredder and let me know what version you ran

Thanks for the info on Services.exe, I see it's not running anymore
C:\WINDOWS\APPLICATION DATA\DSER.EXE
I see this in your running processes....
There might be a file to remove

Ensure you have properly set Windows to
Show Hidden Files and Folders

Open Hijackthis>>Config>>Misc Tools>>Open Process Manager
Kill this process
C:\WINDOWS\APPLICATION DATA\DSER.EXE

Do another Scan with Hijackthis and put a check next to these entries

O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\SYSTEM\CUSTOMIE32.DLL

O4 - HKCU\..\Run: [Uhri] C:\WINDOWS\Application Data\dser.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab


Leave Hijackthis open, close ALL other Windows, including this one, and then FIX CHECKED

Restart your computer
Find and delete these files if they exist
C:\WINDOWS\SYSTEM\CUSTOMIE32.DLL <--file
C:\WINDOWS\Application Data\dser.exe <--file

I've upload a file called Notepad_Me.zip
Could you please save the zip file to your desktop
UNZIP it to your
C:\WINDOWS folder, allow it to overwrite if prompted

The latest version of Ad-Aware is SE Personal 1.05
If you don't have this version you should uninstall yours and install this one
Do a Full System Scan and Remove All Critical objects
Restart your computer to finish the cleaning

Another great Spyware Remover is Spybot S&D 1.3
After installation--SEARCH FOR UPDATES
Download All updates
Check for Problems---FIX everything in RED
Restart your computer one more time

Post back a fresh hijackthis log and let me know if your problems are resolved....


Download Attachment: notepad_me.zip 20.3 KB
Right click and select Save Target As... then rename the file as shown here and save.
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #6 on: November 03, 2004, 04:23:57 AM »

Hi again Grin Much better now but i can only assume these nasties where already on this computer as i have and have had for a long while the latest Adaware, avg (i know about the sticky news on this) and ZA. This is a 2nd hand computer and i had problems the moment i launched it with both MSOffice and WMP the latter i had to get shot of and download again. The services.exe WAS still there but i had isolated it via block on ZA but whilst before i could not right click and delete it i could after the last cleaning done here and it's history Cool Dser is no longer evident either, whatever it actually was. I have never had computer troubles as such other than that mentioned til the day i got this less than a week ago so these things must have been here already...waiting to be destroyed. Lips Sealed  Sure all will be well but if the Iexplore (or lexplore problem) rears it's ugly head again i'll come back and post anew. Now i can get rid of the junky beast messenger too and should be fine. I'll return to read your reply about the current state of health of my computer. If there is anything at all potentially dangerous )i know anything is but it may be something i don't want anyway) left in the below log file then let me know could you. Thanks for the help and notepad too and here are the details you wanted. Grin

The CWShredder version is: 1.59.0.1

Logfile of HijackThis v1.98.2
Scan saved at 04:15:05, on 03/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #7 on: November 04, 2004, 01:33:12 AM »

Back again. Shocked Have now encountered the same problem which has haunted me for about a year. Over that time iexplore/lexplore has caused 'illegal operations' and will shut down now because of something in kernel32 or rnaap etc etc for no apparent reason. Over the last 2 or 3 months the above situations seem to have changed but with the same results. Now i periodically have problems with just trying to shut down when i'm finished online. I disconnect from online then with nothing apparently running of any note i click start menu and then shut down. After about 10 seconds of waiting on the typically 'rough' look screen for it to go to 'now safe to shut down computer' it doesn't and a box pop up saying 'this program is not responding' etc and gives the usual options of wait, end task or cancel. Without fail, and it matters not which of these options i click, it all goes funny, i can click nothing at all and it wont shut down and inevitably it 'reboots' and returns saying 'improper shut down' and starts scanning disks for errors. I've looked and there is no program running that i can see but behind all this i know that iexplore is the cause/problem area. Further, this time i also got Winmgmt showing in my what's running box when i alt ctl del once. Now this problem stems from my PREVIOUS computer and has been evident on this week old computer since shut down on the very first night caused bu iexplore. I know Winmgmt isn't really the cause (don't really know what this is exactly) and would love to get to the bottom of this as a year is a year too long and how can the SAME problem carry over IMMEDIATELY to another computer?Huh? So, what is causing these involuntary shut downs by iexplore in whatever module it chooses to use as an excuse on any given occassion? I've done another log below but whether this line will solve this particualr problem i doubt. Thanks again for the assistance GrinSadLips SealedTongue:Smiley

Logfile of HijackThis v1.98.2
Scan saved at 00:30:21, on 04/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #8 on: November 04, 2004, 05:18:35 AM »

Hi yet again. Encountered now another glitch that boccurs from time to time for no obvious reason. This goes back about 8 months periodically. For some reason (and similar to above mentioned problem) the system becomes 'unstable or too busy' and for love nor money can i do anything about it but shut down the wrong way, ie press the main button and then on again and let it scan disk for errors. Really would love to know what is causing this as it really gets on my.....nerves ???Cool
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #9 on: November 04, 2004, 04:19:56 PM »

Here what Dr Watson says about this problem. I think this is probably only highlighting 2 of the many things that seem to cause problems with iexplore. Hope this helps you? Smiley

Microsoft Internet Explorer
Application Failure  iexplore.exe 6.0.2800.1106 in wmpui.dll 7.0.0.1440 at offset 0004cd3e
Microsoft Internet Explorer
Application Failure  iexplore.exe 6.0.2800.1106 in urlmon.dll 6.0.2800.1106 at offset 0000c3bf
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #10 on: November 06, 2004, 03:35:12 PM »

Hi again. Grin Starting to wonder if my problems will ever be over. Here is an update of another recurring fault. I all of a sudden find that all pages cannot be displayed and dns errors the reason etc. Then i try to come out and close all windows first. I then right click on my connection icon at bottom right and click disconnect. It then shows the icon with a red cross thru it to indicate it has disconnected but the icon remains this way and doesn't go away. If i then press alt ctl del once and look i always seem to get Rnaap (not responding) and it always kicks in to a reboot and scan disk for 'not shutting down properly' and so on and so on and so on and so on. What is the cause of this annoyance??? I'm truely baffled why this happens??? Shall i shoot the it with a 12 bore? Tongue Thanks again SadRoll Eyes
Logged

 
Jaxa
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 60


Bookmark and Share

View Profile
« Reply #11 on: December 09, 2004, 01:24:40 AM »

Just to give more info on the services.exe icon that settled itself into my computer before as it was new to you. It seems to attach itself specifically to notepad and wont allow it to be used. ZA asked and i knew it was bad so checked it out and sure enough i discovered servies.exe lurking. All gone now though thru the above method listed by Benditup. Hope this helps you to help others
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 24, 2018, 04:09:37 AM