1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Iexplorer errors..HELP!

Discussion in 'Earlier Versions of Windows' started by sighlentex, Apr 4, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. sighlentex

    sighlentex Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    21
    I use my friends computer often, and just recently he's been having an error message when he first boots the computer. The latest error he's been getting is "Iexplorer caused an error in 0.DLL" or something like that. Please help, he thinks I did something to his machine, and I really didn't. Here's the HJT log:

    Logfile of HijackThis v1.97.7
    Scan saved at 9:54:55 PM, on 4/4/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\MSREG32.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\HPHMON04.EXE
    C:\WINDOWS\SYSTEM\HPZTSB05.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PALTALK\PNETAWARE.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\HPHIPM11.EXE
    C:\PALTALK\PALTALK.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msnmember.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MSN
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM\MSREG32.EXE
    F1 - win.ini: run=C:\WINDOWS\SYSTEM\MSREG32.EXE
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\pmremind.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra 'Tools' menuitem: AV Live (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37587.4177199074
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
     
  2. john1

    john1

    Joined:
    Nov 25, 2000
    Messages:
    8,994
    look up that error message on google and see what it says ...
     
  3. sighlentex

    sighlentex Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    21
    funny you suggested that, John, as that's what brought me to these forums.

    any other suggestions? i've run a windows update, and run Spybot S&D, and the IE is still messing up.

    i get two popups to start program: "Click the program you want to use to open 'System\'.

    i'm thinking about pulling all my hair out...a strand at a time ;)
     
  4. john1

    john1

    Joined:
    Nov 25, 2000
    Messages:
    8,994
    Whats the exact wording of the error message ?
    You could try an I.E.repair, you never know that might do it ...
     
  5. VirtualMe

    VirtualMe

    Joined:
    Sep 27, 2002
    Messages:
    867
    I think you have an infection or reminats of one left behind. (Troj/Sdbot-FN)

    First put Hijack This in its on folder. Don't leave it in the temp folder.

    Then close all browser windows and run Hijack This.

    Put a check by the two below in bold and click Fix Checked

    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM\MSREG32.EXE

    F1 - win.ini: run=C:\WINDOWS\SYSTEM\MSREG32.EXE




    Then reboot and search for MSREG32.EXE and 0.DLL and delete them if found.


    Then run a online virus scan at one of these.

    http://www3.ca.com/virusinfo/virusscan.aspx

    http://housecall.trendmicro.com/

    http://www.pandasoftware.com/activescan/

    http://www.ravantivirus.com/scan/

    Then your friend needs to get a virus program and spyware removal programs, Grisoft AVG Free Download , Ad-aware 6, and Spybot Download, to help protect against viruses and other baddies.

    Grisoft AVG Free Download ,
    AVG Update Download Options tip

    Ad-aware 6
    Ad-Aware 6: Reference Guide by Winchester73

    Spybot Instructions and Download
     
  6. sighlentex

    sighlentex Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    21
    Thanks VirtualMe...i think You might be right. I ran HJT and deleted the two that You said. I also deleted 0.dll (and could not find msreg32.exe). I rebooted the pc and had the same problem. 0.dll replicated and is still there. I deleted it twice, and even attempted to rename it, but it is self-preserving. Also of interest, is the fact that when i reboot the pc and run HJT the line :
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM\MSREG32.EXE
    keeps reappearing.
    (i'm also finding a file called 1.mzp that is unfamiliar to me)

    Please help! This is a bad booger, and it really needs to go away!! Thanks in advance.
     
  7. sighlentex

    sighlentex Thread Starter

    Joined:
    Apr 4, 2004
    Messages:
    21
    Ok...just a bit more REALLY IMPORTANT information..

    it's Backdoor Assassin or Backdoor Beast that this computer is infected with. I found that out with Housecalls...but it says that it's uncleanable. Now what?
     
  8. VirtualMe

    VirtualMe

    Joined:
    Sep 27, 2002
    Messages:
    867
    Was the uncleanable files in System Restore?

    For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.

    If so Disabling Windows Me System Restore will purge the restore points and get rid of the uncleanable files, if that is where it is.

    If not, can you post the Anti-virus scan log, so we can see where it is located?

    Post a new Hijack This log also.

    You may need to hit Ctrl+Alt+Del and End Task on MSREG32.EXE from running if it shows there.

    Then have Hijack This remove F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM\MSREG32.EXE

    and 1.mzp

    Also PalTalk is considered as adware by Pest Patrol, so you may want to see about uninstalling it.


    I'm going to be away from the computer for several hours, so you may want to ask flrman1, Rollin' Rog, or one of the others over in the Security forum to look at the post you have started here.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217154

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice