1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I keep getting runtimes errors linking to exporer.exe

Discussion in 'Earlier Versions of Windows' started by :) win98/xp, Jan 27, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. :) win98/xp

    :) win98/xp Thread Starter

    Joined:
    Oct 13, 2002
    Messages:
    31
    I keep getting runtimes errors linking to exporer.exe. I have re-installed IE to the latest version and applied all patches from wiindowsupdate.com. - I've also re-installed DirectX, (Latest version)... Not sure what to do next re-install Win98.... ;(.....

    Thanks,
    db

    -- My system --
    Operating System System Model
    Windows 98 SE (build 4.10.2222) Asset Tag: 01----BC
    Processor a Main Circuit Board b
    900 megahertz AMD Duron
    128 kilobyte primary memory cache
    64 kilobyte secondary memory cache Bus Clock: 66 megahertz
    BIOS: American Megatrends Inc. 062710 07/15/97
    Drives Memory Modules
    40.81 Gigabytes Usable Hard Drive Capacity
    17.08 Gigabytes Hard Drive Free Space

    Compaq CD-ROM SC-140E
    Generic floppy disk drive (3.5")

    Maxtor 52049U4 (20.42 GB) [Hard drive] -- drive 0 240 Megabytes Installed Memory

    Slot '0' has 128 MB
    Slot '1' has 128 MB
    Slot '2' is Empty
    Slot '3' is Empty
    Media Toronto
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Can you give us an example of the exact wording of one of those runtime errors?

    Also do these two things: post a copy of your startuplist using the Startuplist application from the site below.

    http://www.lurkhere.com/~nicefiles/

    And... download, install and update Spybot following the directions here:

    http://tomcoyote.com/SPYBOT/

    You will need all updates except for PGP and Language tools.
     
  3. Del

    Del

    Joined:
    Aug 31, 2001
    Messages:
    3,452
    Did you change any hardware or add any new software just before this started?
     
  4. :) win98/xp

    :) win98/xp Thread Starter

    Joined:
    Oct 13, 2002
    Messages:
    31
    I'm hoping the error pop windows will occur, I will record it and post it.

    db

    Start-up List

    StartupList report, 1/27/03, 1:45:29 PM
    StartupList version: 1.51
    Started from : C:\WINDOWS\TEMP\~~PDTEMP\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MMKEYBD.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MEDIACTR.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\KHOOKER.EXE
    C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\PROGRAM FILES\TWEAKNOW POWERPACK\RAM_98.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\SYNC-IT\SYNCIT.EXE
    C:\PROGRAM FILES\SYSMETRIX\SYSMETRIX.EXE
    C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
    C:\PROGRAM FILES\ANALOGX\NETSTAT LIVE\NSL.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\ICQ\ICQ.EXE
    C:\PROGRAM FILES\ONTRACK\POWERDESK\PDEXPLO.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\ONTRACK\POWERDESK\PDEXPLO.EXE
    C:\WINDOWS\TEMP\~~PDTEMP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\StartUp]
    SysMetrix (2).lnk = C:\Program Files\SysMetrix\SysMetrix.exe
    BlackICE Utility (2).lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
    nsl.exe.lnk = C:\Program Files\AnalogX\NetStat Live\nsl.exe

    User shell folders Startup:
    [C:\WINDOWS\StartUp]
    SysMetrix (2).lnk = C:\Program Files\SysMetrix\SysMetrix.exe
    BlackICE Utility (2).lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
    nsl.exe.lnk = C:\Program Files\AnalogX\NetStat Live\nsl.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    SystemTray = SysTray.Exe
    SiS KHooker = C:\WINDOWS\SYSTEM\khooker.exe
    EASY ACCESS KEYBOARD = C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
    Pop-Up Stopper = "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    Virtual Drive = C:\Program Files\TweakNow PowerPack\VDRIVE.exe
    RAM Idle Professional = C:\Program Files\TweakNow PowerPack\RAM_98.exe
    LoadQM = loadqm.exe
    SiS Tray =
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    SDaemon = C:\WINDOWS\sdaemon.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    Hidserv = Hidserv.exe run
    LoadBlackD = C:\Program Files\Network ICE\BlackICE\blackd.exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    SchedulingAgent = mstask.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    RHSI SHS = "C:\Program Files\Rogers Hi-Speed Internet\RHSI SHS Framework\SHS.exe" /background
    Sync-It = C:\PROGRAM FILES\SYNC-IT\SYNCIT.EXE -hide

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    ICQ = C:\PROGRAM FILES\ICQ\ICQ.EXE -trayboot

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    washindex = C:\Program Files\Washer\washidx.exe

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 27/1/2003, 11:6:58)

    [Rename]
    NUL=C:\WINDOWS\SYSTEM\URLMON.DLL
    C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET6393.TMP
    NUL=C:\WINDOWS\SYSTEM\MSHTML.DLL
    C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET6394.TMP
    NUL=C:\WINDOWS\SYSTEM\SHDOCVW.DLL
    C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SET63A1.TMP

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET PATH=C:\PROGRA~1\COMMON~1\OPSESS~1\SHARED;C:\PROGRA~1\COMMON~1\OPSESS~1\VIEWER~1;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\PROGRA~1\SYMANTEC\PCANYW~1;C:\Program Files\Executive Software\DiskeeperWorkstation\
    SET PATH=C:\PROGRA~1\SYMANTEC\PCANYW~1\;%PATH%

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\WINDOWS\APPLICATION DATA\JSHSYLPRW.DLL (file missing) - {D44B5436-B3E4-4595-B0E9-106690E70A58}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    Webster Toolbar - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL - {9E1128F1-53FA-11d5-8490-0048548030CA}
    (no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
    (no name) - C:\Program Files\Microsoft Money\System\mnyside.dll - {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
    (no name) - C:\WINDOWS\SYSTEM\IEBRW.DLL - {1A98BCA2-0BD1-47DE-9710-C7665F7F1FCB}
    (no name) - C:\WINDOWS\SYSTEM\HOMEPAGE.DLL - {A116A5C1-AD77-446C-992A-F56200B112DB}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Symantec NetDetect.job
    {D3CEBC45-1A86-11D7-900A-0007952B6E85}_Advisor.job
    {BEC9BB24-312D-11D7-9008-0007952B6E85}_Advisor.job
    2 Copernic Daily ~Default User.job
    3 Copernic Weekly ~Default User.job
    4 Copernic Monthly ~Default User.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37596.4006018518

    [{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]
    CODEBASE = http://216.65.38.226/Download_Plugin.exe

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MS Investor Ticker]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\TICKER9.OCX
    CODEBASE = http://fdl.msn.com/public/investor/v9/ticker.cab

    [iCC Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPCONNCHECK.DLL
    CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [Symantec RuFSI Registry Information Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
    CODEBASE = http://security1.norton.com/SSC/SharedContent/common/bin/cabsa.cab

    [Microsoft Search Settings Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SEARCHSETTINGS.OCX
    CODEBASE = http://lg.home.microsoft.com/search/lobby/searchsettings.cab

    [CTAdjust Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CLEARADJUST.DLL
    CODEBASE = http://microsoft.com/typography/clearadj.cab

    [NSUpdateLiteCtrl Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\NSUPDATE.DLL
    CODEBASE = http://204.177.92.201/quickdl/proclaim/NSupd9x.cab

    [CamImage Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXISCAMCONTROL.OCX
    CODEBASE = http://216.223.107.144/activex/AxisCamControl.ocx

    [ActiveDataObj Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
    CODEBASE = http://www.symantec.com/techsupp/activedata/ActiveData.cab

    [symsupportutil]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
    CODEBASE = http://www.symantec.com/techsupp/activedata/symsupportutil.CAB
    OSD = C:\WINDOWS\Downloaded Program Files\OSD34.OSD

    [{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [{731918D2-517A-47E2-886A-3BC1380C591D}]
    CODEBASE = http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab

    [IWSystemchecks Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\IWSYST~1.OCX
    CODEBASE = http://msfm.interwise.com/msfm/English/ActiveX/IWsystemchecks.cab

    [{F798683C-FE05-436C-B0FF-35B9122E9787}]
    CODEBASE = http://www.m-w.com/tools/toolbar/cabs/m-w.cab

    [MSN Money Ticker]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TICKER12.OCX
    CODEBASE = http://fdl.msn.com/public/investor/v12/ticker.cab

    [Microsoft Office Tools on the Web Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
    CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

    [SDKInstall Class]
    InProcServer32 = C:\WINDOWS\SDKINST.DLL
    CODEBASE = http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab

    [ChartFX Internet Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CFXIEAX.OCX
    CODEBASE = http://www.2ontario.com/download/CfxIEAx.cab

    [Brix6ie Control]
    InProcServer32 = C:\WINDOWS\BRIX6IE.OCX
    CODEBASE = http://ftp.coupons.com/v6/brix6ie.cab

    [FormFlow Form Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\FORMCTL.DLL
    CODEBASE = https://www.cbs.gov.on.ca/obra/forms/Codebase/FormCtl.cab

    --------------------------------------------------
    End of report, 10,681 bytes
    Report generated in 1.066 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  5. :) win98/xp

    :) win98/xp Thread Starter

    Joined:
    Oct 13, 2002
    Messages:
    31
    No software or hardware changes have happen.
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You have two browser plugins I've never seen before, and I'd really like to have a look at them for analysis.

    Sometimes these can be harmless, but quite often they're not.

    Would you mind terribly sending me a copy of the following files zipped up as an attachment, please?

    c:\Windows\system\iebrw.dll
    c:\Windows\system\homepage.dll

    I'll PM you with my e-mail addie, and will keep you informed on whether they're required or not.
     
  7. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Additionally, one BHO (Browser plugin) is a remnant of a Lop infection and needs to be removed anyway.

    Plus, there are a number of dubious ActiveX objects. PLease do this:

    Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.

    Hijack This will moreover allow us to easily delete the offending items.
     
  8. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    I found this regarding the two dll's.

    From:
    http://boards.cexx.org/spyware/messages/3023.html?board=spyware

     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Thanks Mo, great research! :)

    I've just PM'd SpyBot's Patrick, and detection ought to be added before soon.
     
  10. :) win98/xp

    :) win98/xp Thread Starter

    Joined:
    Oct 13, 2002
    Messages:
    31
    'You have two browser plugins I've never seen before, and I'd really like to have a look at them for analysis.

    Sometimes these can be harmless, but quite often they're not.

    Would you mind terribly sending me a copy of the following files zipped up as an attachment, please?'

    c:\Windows\system\iebrw.dll
    c:\Windows\system\homepage.dll

    I no longer have these files on my system, since I preformed 'Highjack This!' software.

    The errors seems to have calmed down. Will update on any changes that may occur.

    db
     
  11. :) win98/xp

    :) win98/xp Thread Starter

    Joined:
    Oct 13, 2002
    Messages:
    31
    Any suggestions of software that prevents services like LOP and other from being installed on a system, before they cause all the changes and damages to Windows?

    Thanks
    db
     
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    No, that's not correct.

    Hijack This will remove the registry entries, but not the files themselves.

    You still ought to have them.

    Please find them, and send them to me. Copies will go to the folks at Lavasoft, SpyBot, and others.

    Thanks heaps! :)
     
  13. :) win98/xp

    :) win98/xp Thread Starter

    Joined:
    Oct 13, 2002
    Messages:
    31
    Tony: What address should I send the file to?

    Doing a search using the find. These 2 files are gone from my system. homepage.dll cannot be found on my system. The other file: IEBrw.dll I have a copy since I made a duplicates copy yesterday.

    I've enclosed the one file for investigation.

    db
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/115554

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice