Solved

Explorer Keeps Crashing

Posted on 2004-08-24
19
13,368 Views
Last Modified: 2008-01-09
I keep crashing explorer.  My brother downloaded imesh and the problem started then.  Since, I have downloaded AdAware, Spybot, and XoftSpy.  I have also run a Registry Cleaner.  I continue to have problems with all of these.  With Tracking Cookies especially.  

Anyway, when Explorer ends, here is the Error Report I get.

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="iexplore.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="HMMAPI.DLL" SIZE="36352" CHECKSUM="0x7B985C78" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Microsoft HTTP Mail Simple MAPI" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="HMMAPI.DLL" INTERNAL_NAME="HMMAPI" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA64E" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:34:34" UPTO_LINK_DATE="08/18/2001 05:34:34" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="IEXPLORE.EXE" SIZE="91136" CHECKSUM="0xD2EA9B5F" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Explorer" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="IEXPLORE.EXE" INTERNAL_NAME="iexplore" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x25456" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:49:16" UPTO_LINK_DATE="08/17/2001 20:49:16" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWCONN.DLL" SIZE="57344" CHECKSUM="0x20CCE0F1" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwconn.dll" INTERNAL_NAME="icwconn" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1C571" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:35:00" UPTO_LINK_DATE="08/18/2001 05:35:00" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWCONN1.EXE" SIZE="209408" CHECKSUM="0x31976E08" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwconn1.exe" INTERNAL_NAME="icwconn1" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3FF40" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:48:57" UPTO_LINK_DATE="08/17/2001 20:48:57" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWCONN2.EXE" SIZE="77824" CHECKSUM="0x4BF0261D" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="ICWCONN2.EXE" INTERNAL_NAME="ICWCONN2" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1A815" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:49:06" UPTO_LINK_DATE="08/17/2001 20:49:06" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWDL.DLL" SIZE="24576" CHECKSUM="0x30C34852" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Service MIME Mutlipart Download" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="ICWDL.DLL" INTERNAL_NAME="ICWDL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x140B3" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:35:02" UPTO_LINK_DATE="08/18/2001 05:35:02" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWHELP.DLL" SIZE="155648" CHECKSUM="0xD9B3825A" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard Helper functions" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwhelp.dll" INTERNAL_NAME="icwhelp" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x26C09" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:35:03" UPTO_LINK_DATE="08/18/2001 05:35:03" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWRES.DLL" SIZE="61440" CHECKSUM="0xA488AA92" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwres.dll" INTERNAL_NAME="icwres" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1AA60" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:35:05" UPTO_LINK_DATE="08/18/2001 05:35:05" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWRMIND.EXE" SIZE="24576" CHECKSUM="0xC9FC9939" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard Reminder" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="ICWRMIND.EXE" INTERNAL_NAME="ICWRMIND" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xEF6D" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:48:19" UPTO_LINK_DATE="08/17/2001 20:48:19" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWTUTOR.EXE" SIZE="73728" CHECKSUM="0xF945F7EB" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwtutor.exe" INTERNAL_NAME="icwtutor" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x16B27" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:49:08" UPTO_LINK_DATE="08/17/2001 20:49:08" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ICWUTIL.DLL" SIZE="45056" CHECKSUM="0xE48F22C8" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwutil.dll" INTERNAL_NAME="icwutil" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x12C82" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:35:06" UPTO_LINK_DATE="08/18/2001 05:35:06" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\INETWIZ.EXE" SIZE="20480" CHECKSUM="0x8E84A1F3" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="INETWIZ.EXE" INTERNAL_NAME="INETWIZ" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xED78" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:49:10" UPTO_LINK_DATE="08/17/2001 20:49:10" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\ISIGNUP.EXE" SIZE="16384" CHECKSUM="0xF8AB8D6E" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Signup" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="ISIGNUP.EXE" INTERNAL_NAME="ISIGNUP" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x443C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:48:46" UPTO_LINK_DATE="08/17/2001 20:48:46" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Connection Wizard\TRIALOC.DLL" SIZE="40960" CHECKSUM="0x68F70073" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard Trial Reminder Helper" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="trialoc.dll" INTERNAL_NAME="trialoc" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x198FE" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:36:03" UPTO_LINK_DATE="08/18/2001 05:36:03" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="MUI\0409\mscorier.dll" SIZE="16896" CHECKSUM="0x49114489" BIN_FILE_VERSION="1.1.4322.510" BIN_PRODUCT_VERSION="1.1.4322.510" PRODUCT_VERSION="1.1.4322.510" FILE_DESCRIPTION="Microsoft .NET Runtime IE resources" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft .NET Framework" FILE_VERSION="1.1.4322.510" ORIGINAL_FILENAME="mscorier.dll" INTERNAL_NAME="MSCORIER.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corporation 1998-2002. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x81E1" LINKER_VERSION="0x50000" UPTO_BIN_FILE_VERSION="1.1.4322.510" UPTO_BIN_PRODUCT_VERSION="1.1.4322.510" LINK_DATE="10/19/2002 04:17:38" UPTO_LINK_DATE="10/19/2002 04:17:38" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\NPDocBox.dll" SIZE="270336" CHECKSUM="0x1DE234E9" BIN_FILE_VERSION="1.0.0.32" BIN_PRODUCT_VERSION="1.0.0.32" PRODUCT_VERSION="1.0.0.32" FILE_DESCRIPTION="InterTrust Redemption Wizard" COMPANY_NAME="Intertrust Technologies, Inc." PRODUCT_NAME="InterTrust Redemption Wizard" FILE_VERSION="1.0.0.32" ORIGINAL_FILENAME="NPDocBox.dll" INTERNAL_NAME="WIZPLUGIN" LEGAL_COPYRIGHT="Copyright © 2000 InterTrust Technogies, Inc." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.32" UPTO_BIN_PRODUCT_VERSION="1.0.0.32" LINK_DATE="04/03/2001 21:20:25" UPTO_LINK_DATE="04/03/2001 21:20:25" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\nppdf32.dll" SIZE="103344" CHECKSUM="0x5276FB66" BIN_FILE_VERSION="5.0.5.452" BIN_PRODUCT_VERSION="5.0.0.0" PRODUCT_VERSION="5.0.5.0" FILE_DESCRIPTION="Adobe Acrobat Plug-In Version 5.00 for Netscape" COMPANY_NAME="Adobe Systems Inc." PRODUCT_NAME="Adobe Acrobat" FILE_VERSION="5.0.5.2001091000" ORIGINAL_FILENAME="NPPDF32.DLL" LEGAL_COPYRIGHT="Copyright 1984-2001 Adobe Systems Incorporated and its licensors. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x278AD" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="5.0.5.452" UPTO_BIN_PRODUCT_VERSION="5.0.0.0" LINK_DATE="09/10/2001 10:47:37" UPTO_LINK_DATE="09/10/2001 10:47:37" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin.dll" SIZE="106496" CHECKSUM="0xAD03DAC2" BIN_FILE_VERSION="6.5.0.48" BIN_PRODUCT_VERSION="6.5.0.48" PRODUCT_VERSION="QuickTime 6.5" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 6.5" FILE_VERSION="6.5" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="© Apple Computer, Inc. 1992-2004" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="6.5.0.48" UPTO_BIN_PRODUCT_VERSION="6.5.0.48" LINK_DATE="12/14/2003 07:15:39" UPTO_LINK_DATE="12/14/2003 07:15:39" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PLUGINS\npqtplugin2.dll" SIZE="106496" CHECKSUM="0xAD03DAC2" BIN_FILE_VERSION="6.5.0.48" BIN_PRODUCT_VERSION="6.5.0.48" PRODUCT_VERSION="QuickTime 6.5" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the &lt;A HREF=http://www.apple.com/quicktime/&gt;QuickTime&lt;/A&gt; Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 6.5" FILE_VERSION="6.5" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="© Apple Computer, Inc. 1992-2004" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="6.5.0.48" UPTO_BIN_PRODUCT_VERSION="6.5.0.48" LINK_DATE="12/14/2003 07:15:39" UPTO_LINK_DATE="12/14/2003 07:15:39" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="ntdll.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="ntdll.dll" SIZE="651264" CHECKSUM="0xEA9C095" BIN_FILE_VERSION="5.1.2600.114" BIN_PRODUCT_VERSION="5.1.2600.114" PRODUCT_VERSION="5.1.2600.114" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.114 (xpclnt_qfe.021108-2107)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA2397" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.114" UPTO_BIN_PRODUCT_VERSION="5.1.2600.114" LINK_DATE="05/02/2003 18:03:00" UPTO_LINK_DATE="05/02/2003 18:03:00" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="KERNEL32.DLL" SIZE="926720" CHECKSUM="0x6262EEA5" BIN_FILE_VERSION="5.1.2600.0" BIN_PRODUCT_VERSION="5.1.2600.0" PRODUCT_VERSION="5.1.2600.0" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.0 (xpclient.010817-1148)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE8792" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.0" UPTO_BIN_PRODUCT_VERSION="5.1.2600.0" LINK_DATE="08/18/2001 05:33:02" UPTO_LINK_DATE="08/18/2001 05:33:02" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>



Can anybody help me?
0
Comment
Question by:tgilbride
  • 10
  • 5
  • 4
19 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11880935
Hello tgilbride =)

First Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 

Author Comment

by:tgilbride
ID: 11880973
Logfile of HijackThis v1.98.2
Scan saved at 9:13:09 AM, on 8/24/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\hotsync.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Microsoft Office\Office\MSACCESS.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tom\Local Settings\Temporary Internet Files\Content.IE5\DNXYEP7D\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: C:\WINDOWS\lbbho.dll - {05C6A4A8-4E8B-4586-940B-3A8636A77653} - C:\WINDOWS\lbbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Program Files\Larson Software Technology\Larson WebView CGM\cgmopenbho.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize &Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &^ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &^ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://progate.dscp.dla.mil/CFIDE/classes/CFJava.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4C2AB26C-3B26-4C26-9F1E-D0F92F6490C8} (SForceExcel Class) - https://na1.salesforce.com/setup/sforce/office/SForceOffice.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AB883AA5-F28E-462B-B2D7-8E3717FE933C} (SFCom Control) - https://na1.salesforce.com/setup/sforce/vm/SFCom.CAB
O16 - DPF: {ABB0C082-D895-4927-940F-5FF6C2AA145A} - https://na1.salesforce.com/setup/outlook/setups/outlook.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_3_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CuttingDynamics.com
O17 - HKLM\Software\..\Telephony: DomainName = CuttingDynamics.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CuttingDynamics.com
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11881001
Well
first download started and findout what is starting with ur pc when it does start

started 4.1
http://www.download.com/StartEd/3000-2094-10211870.html?tag=lst-0-1

then download toolbarcop which will give u a full image on what is running on IE so u can delete it through it

Toolbarcop
http://www.mvps.org/sramesh2k/toolbarcop.htm

that should make ur system clean after u use them
if you need more help i can guide u on a step by step basis on msn
0
 

Author Comment

by:tgilbride
ID: 11881379
I am not sure what to do with this things once I run them?
0
 
LVL 5

Assisted Solution

by:webtrans
webtrans earned 150 total points
ID: 11881418
ok
run them after install
started use it to delte any irrelevate files from startup
the other will help u disable and delete any BHO that might be loading the spyware

urs
0
 

Author Comment

by:tgilbride
ID: 11881442
Should I delete everything or do I have to pick and choose?  I am not that confident in my ability to pick the right files to delete.  
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11881477
ok
send me the list and i can guide you on what to del and what to keep
0
 

Author Comment

by:tgilbride
ID: 11881760
Name                   Command line                                                               Start method              File exists
---------------------------------------------------------------------------------------------------------------------------------------
IgfxTray               C:\WINDOWS\System32\igfxtray.exe                                           Local Machine Run         Yes
HotKeysCmds            C:\WINDOWS\System32\hkcmd.exe                                              Local Machine Run         Yes
freesurfer             C:\Program Files\Free Surfer\fs20.exe                                      Local Machine Run         Yes
NeroCheck              C:\WINDOWS\System32\NeroCheck.exe                                          Local Machine Run         Yes
OfficeScanNT Monitor   "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow  Local Machine Run         Yes
kdx                    C:\WINDOWS\kdx\KHost.exe                                                   Local Machine Run         Yes
HotSync Manager.lnk    C:\Program Files\Palm\hotsync.exe                                          Startup Folder            Yes
Microsoft Office.lnk   "C:\Program Files\Microsoft Office\Office10\OSA.EXE" -b -l                 All Users Startup Folder  Yes
WinZip Quick Pick.lnk  C:\Program Files\WinZip\WZQKPICK.EXE                                       All Users Startup Folder  Yes


&GOOGLE SEARCH
BACKWARD LINKS
CACHED SNAPSHOT OF PAGE
CUSTOMIZE &MENU
FILL FORMS &]
SAVE FORMS &^
SIMILAR PAGES
TRANSLATE INTO ENGLISH

{320AF880-6646-11D3-ABEE-C5DBF3571F46}
{320AF880-6646-11D3-ABEE-C5DBF3571F49}
{724D43AA-0D85-11D4-9908-00400523E39A}
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}
{AFC3FA82-AD07-45CD-8B57-983435B9899E}
{FB5F1910-F110-11D2-BB9E-00C04F795683}

{05C6A4A8-4E8B-4586-940B-3A8636A77653}

0
 

Author Comment

by:tgilbride
ID: 11881773
C:\WINDOWS\lbbho.dll
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Expert Comment

by:webtrans
ID: 11881826
for started please delete the following
freesurfer
KHost.exe

then restart and please send me a link to a snapshot of the programs found using
Toolbarcop
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11881830
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: C:\WINDOWS\lbbho.dll - {05C6A4A8-4E8B-4586-940B-3A8636A77653} - C:\WINDOWS\lbbho.dll
===============================

put a check mark against these lines, and click on Fix Chekced !!!!!
reboot and check now for the problem ??
0
 

Author Comment

by:tgilbride
ID: 11882714
It is still happening.  Also, I don't know how to send a snapshot for Toolbarcop.  But it honestly looks like everything can be there.
0
 

Author Comment

by:tgilbride
ID: 11882772
The Error signature is as follows.

0
 

Author Comment

by:tgilbride
ID: 11882777
AppName: iexplore.exe       AppVer: 6.0.2600.0       ModName: ntdll.dll
ModVer: 5.1.2600.114       Offset: 00007d0c
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11882844
try this,,,,, right click on Internet Explorer icon on desktop>Properties>Advanced
and untick Enable Third Party Browser Extensions(requires Restart)

restart and open IE to check for the problem now??
0
 

Author Comment

by:tgilbride
ID: 11882983
I did that, but then I can't use some other things I downloaded that are very useful to me.  i.e. Roboform.  Are there any other solutions?
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 350 total points
ID: 11883088
means u are having corrupted extensions related to IE....
and if u have already Fixed the enteries i told u,,, then now download this tool, LSPFix >> http://www.cexx.org/lspfix.htm

and run it to remove this file >> osmim.dll
which is related to NetSetter adware >> http://www.pestpatrol.com/PestInfo/M/MarketScore.asp#Detection%20and%20Removal

Also make sure that u have run the following tools in Safemode to delete everything they detect !!!!!
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
========================================================
0
 

Author Comment

by:tgilbride
ID: 11883469
Ok, so far it seems to be working, but I am still concerned.  Is there anyway to confirm that it is working or do I just have to use trial and error?  I will award points if it does not crash the rest of the day.  I will also let you know if it does crash.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11883494
well the issue was a clear case of Junk entensions sticked to IE...... and after removing or disabling them the issue had to resolve :)

But u can take ur time to satisfy urself, and then can close this question,,,, no hurry =)

!! Good Luck !!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Best Online Bookmark Organiser 6 64
Images 20 94
Real VNC setup on Windows 2008 5 42
IT Asset Management 5 49
This article shows how to convert a multi-page PDF file into multiple image files, with one image file created for each page of the PDF. It does this by utilizing an excellent, free software package called GraphicsMagick. The solution is amazingly s…
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
This video shows how use content aware, what it’s used for, and when to use it over other tools.
Viewers will learn how to use the Hootsuite Dashboard.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now