error messages

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

shirbungy

Thread Starter
Joined
Nov 25, 2002
Messages
12
I have been receiving error messages when I am in Microsoft Outlook - Inbox, that I haven't been able to correct by searching for a solution. I hope someone can help me.

1. Crash proof has intercepted a crash in your InBox or DDE Server Window. To be on the safe side you should save your data now.

2. Cannot process read memory - and then my computer shuts down.


Thanks
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
The first thing to do is to shut down and disable your "crash proofing" prgram.

These usually cause more crashes than they prevent, and moreover frequently make it very hard to examine the original Windows error message, which is the one we're really interested in.

Do you have the error message for us?

Example: "Msimn caused an invalid page fault in module msoe.dll"

Also please do this:

Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist' (in the "Startup Program Management" section).

Unpack, doubleclick it, and it will generate a text file that will list all running processes, Browser Helper Objects, ActiveX objects, all applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and please post the contents here.
 

Del

Joined
Aug 31, 2001
Messages
3,452
You're right there Tony. Had one of those one time and everytime I turned around it was causing trouble. Got rid of it and no problems since.
 

shirbungy

Thread Starter
Joined
Nov 25, 2002
Messages
12
Tony - I downloaded the Startuplist but I don't know where it is to unpack it. More help please.

Thanks, Shirley
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Shirley,

Just download it again.

Click the link. Choose "save to disk" and NOT "open from current location"

You'll get the "Save as" dialogue box.

It has a "Save in:" box. Look closely what it says there.

That's where the download goes to.

Remember that or write it down, and press 'cancel'.

Now you know where the file is.
 

shirbungy

Thread Starter
Joined
Nov 25, 2002
Messages
12
Hi Tony:

I don't know what I'm doing wrong. I saved it in My Documents and couldn't open it, tried Desktop, still can't open it.

What next? Thank you!
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Why can't you open it?

The download comes in the shape of a *.zip (compressed) file and it has to be unpacked with an application such as WinZip in order to be able to access the Startuplist.exe file inside.

Does this sound at all familiar to you?
 

shirbungy

Thread Starter
Joined
Nov 25, 2002
Messages
12
As you probably guessed, I am a novice computer user!
I right clicked on the download on my desktop and under Properties it shows that it is a ZIP file. It is called STARTU~1.ZIP and it contains 50.9 kb. When I double click on it, things shake around a bit but it just won't open.
I then went to FIND files or folders and typed in Winzip and came up Zero. Is this possible? Do I have to download Winzip?

Thanks for your patience Tony,

Shirley (in the frozen north)
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
No prob Shirley.


Many downloads come in the shape of a compressed file, so WinZip is an indispensible tool, really.

It has an evaluation version which you can use for a month or so

Here are a couple of tutorials:

WinZip Tutorial

Using Winzip Tutorial

And QuickZip is an excellent alternative to WinZip that's freeware: http://www.tucows.com/system/preview/194312.html


However, if you don't feel like bothering with that right now, send me a private message with your e-mail addie (if you don't mind, of course), and I'll send you the decompressed version via e-mail.

Then you'll only need to doubleclick it to let it generate the log.
 

shirbungy

Thread Starter
Joined
Nov 25, 2002
Messages
12
I decided to go ahead and download Quickzip and I was able to get the files. I hope.

StartupList report, 1/22/03, 6:05:57 AM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMP\QZTEMP\3365450\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\INTERNET CALL MANAGER\ICM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\QUICKZIP\QUICKZIP.EXE
C:\WINDOWS\TEMP\QZTEMP\3365450\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE
Billminder.lnk = C:\QUICKENW\billmind.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AtiCwd32 = Aticwd32.exe
AtiKey = Atitask.exe
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
MSOOBD = C:\WINDOWS\SYSTEM\OOBE\MSOOBD.EXE
LoadQM = loadqm.exe
webHancer Agent = "C:\Program Files\webHancer\Programs\whAgent.exe"
ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE
ccEvtMgr = C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 11/1/2003, 3:57:6)

[Rename]
NUL=C:\WINDOWS\AVShlExt.dll
NUL=C:\WINDOWS\UnVet32.exe

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

if exist C:\WININST0.400\SuWarn.Bat call C:\WININST0.400\SuWarn.Bat
if exist C:\WININST0.400\SuWarn.Bat del C:\WININST0.400\SuWarn.Bat
SET BLASTER=A220 I5 D1 H5 P330 T6
SET CTCM=C:\WINDOWS
PATH

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL (file missing) - {c900b400-cdfe-11d3-976a-00e02913a9e0}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Microsoft Outlook.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir703.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R534/V31Controls/x86/w98/en/actsetup.cab

[InstallFromTheWeb ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IFTW.DLL
CODEBASE = http://www.installfromtheweb.com/install/iftwclix.cab

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
CODEBASE = http://office.microsoft.com/ProductUpdates/content/opuc.cab

[SDKInstall Class]
InProcServer32 = C:\WINDOWS\SDKINST.DLL
CODEBASE = http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

[{69FD62B1-0216-4C31-8D55-840ED86B7C8F}]
CODEBASE = http://installs.hotbar.com/installs/hotbar/programs/4.2.3.0/hotbar.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\webhdll.dll
Protocol #2: C:\WINDOWS\webhdll.dll
Protocol #9: C:\WINDOWS\webhdll.dll

--------------------------------------------------
End of report, 5,918 bytes
Report generated in 2.414 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
I'm pretty much convinced you either are or previously were infected with the Magistr-A Virus:

http://www.sophos.com/virusinfo/analyses/w32mag.html

In any case the startup entry still exists on your computer.

And you have some spyware.

Do this.

Go to Start > Run, type Msconfig, and uncheck the following on the Startup tab:

MSOOBD = C:\WINDOWS\SYSTEM\OOBE\MSOOBD.EXE
LoadQM = loadqm.exe
webHancer Agent = "C:\Program Files\webHancer\Programs\whAgent.exe"


Click OK, close Msconfig, and reboot.

Now uninstall Webhancer in Add/Remove programs, and run an online scan at Trend Micro HouseCall or Panda Active Scan

When you're done, download Spybot - Search & Destroy

After installing, press Online, and search for, put a check mark at, and install all updates.

Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

Good luck,
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top