1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

error messages

Discussion in 'Earlier Versions of Windows' started by shirbungy, Jan 21, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. shirbungy

    shirbungy Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    12
    I have been receiving error messages when I am in Microsoft Outlook - Inbox, that I haven't been able to correct by searching for a solution. I hope someone can help me.

    1. Crash proof has intercepted a crash in your InBox or DDE Server Window. To be on the safe side you should save your data now.

    2. Cannot process read memory - and then my computer shuts down.


    Thanks
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    The first thing to do is to shut down and disable your "crash proofing" prgram.

    These usually cause more crashes than they prevent, and moreover frequently make it very hard to examine the original Windows error message, which is the one we're really interested in.

    Do you have the error message for us?

    Example: "Msimn caused an invalid page fault in module msoe.dll"

    Also please do this:

    Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist' (in the "Startup Program Management" section).

    Unpack, doubleclick it, and it will generate a text file that will list all running processes, Browser Helper Objects, ActiveX objects, all applications that are loaded automatically when you start Windows, and more.

    Go to Edit > select all, copy it and please post the contents here.
     
  3. Del

    Del

    Joined:
    Aug 31, 2001
    Messages:
    3,452
    You're right there Tony. Had one of those one time and everytime I turned around it was causing trouble. Got rid of it and no problems since.
     
  4. shirbungy

    shirbungy Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    12
    Tony - I downloaded the Startuplist but I don't know where it is to unpack it. More help please.

    Thanks, Shirley
     
  5. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Shirley,

    Just download it again.

    Click the link. Choose "save to disk" and NOT "open from current location"

    You'll get the "Save as" dialogue box.

    It has a "Save in:" box. Look closely what it says there.

    That's where the download goes to.

    Remember that or write it down, and press 'cancel'.

    Now you know where the file is.
     
  6. shirbungy

    shirbungy Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    12
    Hi Tony:

    I don't know what I'm doing wrong. I saved it in My Documents and couldn't open it, tried Desktop, still can't open it.

    What next? Thank you!
     
  7. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Why can't you open it?

    The download comes in the shape of a *.zip (compressed) file and it has to be unpacked with an application such as WinZip in order to be able to access the Startuplist.exe file inside.

    Does this sound at all familiar to you?
     
  8. shirbungy

    shirbungy Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    12
    As you probably guessed, I am a novice computer user!
    I right clicked on the download on my desktop and under Properties it shows that it is a ZIP file. It is called STARTU~1.ZIP and it contains 50.9 kb. When I double click on it, things shake around a bit but it just won't open.
    I then went to FIND files or folders and typed in Winzip and came up Zero. Is this possible? Do I have to download Winzip?

    Thanks for your patience Tony,

    Shirley (in the frozen north)
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    No prob Shirley.


    Many downloads come in the shape of a compressed file, so WinZip is an indispensible tool, really.

    It has an evaluation version which you can use for a month or so

    Here are a couple of tutorials:

    WinZip Tutorial

    Using Winzip Tutorial

    And QuickZip is an excellent alternative to WinZip that's freeware: http://www.tucows.com/system/preview/194312.html


    However, if you don't feel like bothering with that right now, send me a private message with your e-mail addie (if you don't mind, of course), and I'll send you the decompressed version via e-mail.

    Then you'll only need to doubleclick it to let it generate the log.
     
  10. shirbungy

    shirbungy Thread Starter

    Joined:
    Nov 25, 2002
    Messages:
    12
    I decided to go ahead and download Quickzip and I was able to get the files. I hope.

    StartupList report, 1/22/03, 6:05:57 AM
    StartupList version: 1.51
    Started from : C:\WINDOWS\TEMP\QZTEMP\3365450\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\INTERNET CALL MANAGER\ICM.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\QUICKZIP\QUICKZIP.EXE
    C:\WINDOWS\TEMP\QZTEMP\3365450\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE
    Billminder.lnk = C:\QUICKENW\billmind.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    AtiCwd32 = Aticwd32.exe
    AtiKey = Atitask.exe
    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    MSOOBD = C:\WINDOWS\SYSTEM\OOBE\MSOOBD.EXE
    LoadQM = loadqm.exe
    webHancer Agent = "C:\Program Files\webHancer\Programs\whAgent.exe"
    ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE
    ccEvtMgr = C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 11/1/2003, 3:57:6)

    [Rename]
    NUL=C:\WINDOWS\AVShlExt.dll
    NUL=C:\WINDOWS\UnVet32.exe

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    if exist C:\WININST0.400\SuWarn.Bat call C:\WININST0.400\SuWarn.Bat
    if exist C:\WININST0.400\SuWarn.Bat del C:\WININST0.400\SuWarn.Bat
    SET BLASTER=A220 I5 D1 H5 P330 T6
    SET CTCM=C:\WINDOWS
    PATH

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL (file missing) - {c900b400-cdfe-11d3-976a-00e02913a9e0}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job
    Microsoft Outlook.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir703.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R534/V31Controls/x86/w98/en/actsetup.cab

    [InstallFromTheWeb ActiveX Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IFTW.DLL
    CODEBASE = http://www.installfromtheweb.com/install/iftwclix.cab

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
    CODEBASE = http://office.microsoft.com/ProductUpdates/content/opuc.cab

    [SDKInstall Class]
    InProcServer32 = C:\WINDOWS\SDKINST.DLL
    CODEBASE = http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab

    [ActiveDataObj Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
    CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

    [{69FD62B1-0216-4C31-8D55-840ED86B7C8F}]
    CODEBASE = http://installs.hotbar.com/installs/hotbar/programs/4.2.3.0/hotbar.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    Protocol #1: C:\WINDOWS\webhdll.dll
    Protocol #2: C:\WINDOWS\webhdll.dll
    Protocol #9: C:\WINDOWS\webhdll.dll

    --------------------------------------------------
    End of report, 5,918 bytes
    Report generated in 2.414 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  11. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    I'm pretty much convinced you either are or previously were infected with the Magistr-A Virus:

    http://www.sophos.com/virusinfo/analyses/w32mag.html

    In any case the startup entry still exists on your computer.

    And you have some spyware.

    Do this.

    Go to Start > Run, type Msconfig, and uncheck the following on the Startup tab:

    MSOOBD = C:\WINDOWS\SYSTEM\OOBE\MSOOBD.EXE
    LoadQM = loadqm.exe
    webHancer Agent = "C:\Program Files\webHancer\Programs\whAgent.exe"


    Click OK, close Msconfig, and reboot.

    Now uninstall Webhancer in Add/Remove programs, and run an online scan at Trend Micro HouseCall or Panda Active Scan

    When you're done, download Spybot - Search & Destroy

    After installing, press Online, and search for, put a check mark at, and install all updates.

    Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

    Good luck,
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114491

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice