L
Liz
Internet Explorer 6 running on Win XP Pro errors out and
shuts down (about half of the time while surfing the
net.) This machine is one month old. XP with IE came
loaded. (I did a system restore going back one week with
no noticable effects.) When this happens XP gives me the
option of sending a report including a temp file which I
can't access whether I send the report or not. It is
immediately deleted or overwritten with another temp
file.
I can't determine what scenario will replicate the error
consistantly, I have sent as many as four error reports
in a single day. After IE shuts down I can't do anything
for at least four minutes, (I guess it's busy writing the
error report) task manager doesn't come up, and no
programs will start. After the four minutes, everything I
attempted to do happens at once: i.e. 'Tell Microsoft
about this Problem' task manager windows open, IE opens,
Word opens, etc. all at once. The only action I can take
when it's locked up is to press and hold the power button
for 9 seconds until it shuts down the comp.
I have PC-cillin virus and firewall onboard and
activated. I scanned with Ad-Aware (it only found alexa
and one tracking cookie) and Hijack This. I am including
the first few lines of the two most recent error reports,
and the latest Hijack This scan log.
Most recent error: (atypical - I never saw 'sz' prefix
before)
Error signature
szAppName: iexplore.exe szAppVer: 6.0.2800.1106
szModName: hungapp szModVer: 0.0.0.0 offset: 00901be7
This error report only included two temp files, not the
modules details like all of the previous error reports.
C:\documentsandsettings\liz\locals~1\Temp\WERE.temp.dir01
\iexplore.exe.mdmp
C:\documentsandsettings\liz\locals~1\Temp\WERE.temp.dir01
\appcompat.txt
Most recent previous error report: (typical)
Error signature
AppName: iexplore.exe AppVer: 6.0.2800.1106 ModName:
unknown
ModVer: 0.0.0.0 Offset: 00901be7
Exception Information
Code: 0xc0000005 Flags: 0x00000000
Record 0x0000000000000000 Address: 0x000000000090lbe7
System Information
Windows NT 5.1 Build: 2600
Module 1
Iexplore.exe (and a lot of details which I can't decipher
about each module)
Module 2
Ntdll.dll
Module 3
Kernel32.dll
(Modules 1 through 106)
This file was also included in the sent report:
C:\Document~1\liz\locals~1\temp\WERF55.tmp.dir00
\appcompat.txt
Hijack This log:
Logfile of HijackThis v1.97.7
Scan saved at 1:25:14 PM, on 12/23/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\System32\CMMON32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\Downloaded
Installations\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.orangecom.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog
Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend
Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend
Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend
Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program
Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk =
C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orangecom.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
l.CAB?37957.4980208333
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466}
(HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}
(EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D}
(Hotmail Attachments Control) -
http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E43B18CF-3C39-
4A8F-97ED-C0C6F24FAF7C}: Domain = ocisp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{E43B18CF-3C39-
4A8F-97ED-C0C6F24FAF7C}: NameServer = 151.164.1.1
65.66.40.1 65.66.40.1 151.164.1.1
Any help would be appreciated!
shuts down (about half of the time while surfing the
net.) This machine is one month old. XP with IE came
loaded. (I did a system restore going back one week with
no noticable effects.) When this happens XP gives me the
option of sending a report including a temp file which I
can't access whether I send the report or not. It is
immediately deleted or overwritten with another temp
file.
I can't determine what scenario will replicate the error
consistantly, I have sent as many as four error reports
in a single day. After IE shuts down I can't do anything
for at least four minutes, (I guess it's busy writing the
error report) task manager doesn't come up, and no
programs will start. After the four minutes, everything I
attempted to do happens at once: i.e. 'Tell Microsoft
about this Problem' task manager windows open, IE opens,
Word opens, etc. all at once. The only action I can take
when it's locked up is to press and hold the power button
for 9 seconds until it shuts down the comp.
I have PC-cillin virus and firewall onboard and
activated. I scanned with Ad-Aware (it only found alexa
and one tracking cookie) and Hijack This. I am including
the first few lines of the two most recent error reports,
and the latest Hijack This scan log.
Most recent error: (atypical - I never saw 'sz' prefix
before)
Error signature
szAppName: iexplore.exe szAppVer: 6.0.2800.1106
szModName: hungapp szModVer: 0.0.0.0 offset: 00901be7
This error report only included two temp files, not the
modules details like all of the previous error reports.
C:\documentsandsettings\liz\locals~1\Temp\WERE.temp.dir01
\iexplore.exe.mdmp
C:\documentsandsettings\liz\locals~1\Temp\WERE.temp.dir01
\appcompat.txt
Most recent previous error report: (typical)
Error signature
AppName: iexplore.exe AppVer: 6.0.2800.1106 ModName:
unknown
ModVer: 0.0.0.0 Offset: 00901be7
Exception Information
Code: 0xc0000005 Flags: 0x00000000
Record 0x0000000000000000 Address: 0x000000000090lbe7
System Information
Windows NT 5.1 Build: 2600
Module 1
Iexplore.exe (and a lot of details which I can't decipher
about each module)
Module 2
Ntdll.dll
Module 3
Kernel32.dll
(Modules 1 through 106)
This file was also included in the sent report:
C:\Document~1\liz\locals~1\temp\WERF55.tmp.dir00
\appcompat.txt
Hijack This log:
Logfile of HijackThis v1.97.7
Scan saved at 1:25:14 PM, on 12/23/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\System32\CMMON32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\Downloaded
Installations\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.orangecom.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-
001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog
Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32
\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend
Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend
Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend
Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program
Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk =
C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk =
C:\Program Files\KODAK\Kodak EasyShare
software\bin\EasyShare.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.orangecom.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
l.CAB?37957.4980208333
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466}
(HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479}
(EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D}
(Hotmail Attachments Control) -
http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E43B18CF-3C39-
4A8F-97ED-C0C6F24FAF7C}: Domain = ocisp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{E43B18CF-3C39-
4A8F-97ED-C0C6F24FAF7C}: NameServer = 151.164.1.1
65.66.40.1 65.66.40.1 151.164.1.1
Any help would be appreciated!