shutting down ie 5.5 , running win 2000 . what can be causing this . it is agravating as hell . it all started after i visited a page that brought up 1000's of popup windows . i just shut down
now i get error after shutting ie ??
any ideas .

Hi Jerry666,

Best thing to do first is to clear your temporary internet files and the normal temp file.
Then the next time you get that error click on details and post the info that gives you.
If you keep having problems with popups, please download Hijackthis (http://www.spywareinfoforum.com/files/hijackthis.zip) (Direct download link) and post the log it generates.
If you are uncomfortable with posting it, feel free to IM or mail it to me.

Regards,

Pieter

here are a few of the errors

just 3 from hundreds !


Event Type:***Error
Event Source:***Microsoft Internet Explorer
Event Category:***None
Event ID:***1000
Date:******1/4/2003
Time:******1:07:34 AM
User:******N/A
Computer:***RALF
Description:
The description for Event ID ( 1000 ) in Source ( Microsoft Internet Explorer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: iexplore.exe, 5.51.4807.2300, unknown, 0.0.0.0, 0107c200.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 35 2e 35 31 2e 34 e 5.51.4
0028: 38 30 37 2e 32 33 30 30 807.2300
0030: 20 69 6e 20 75 6e 6b 6e in unkn
0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 30 31 ffset 01
0050: 30 37 63 32 30 30 0d 0a 07c200..

vent Type:***Error
Event Source:***Microsoft Internet Explorer
Event Category:***None
Event ID:***1000
Date:******9/25/2002
Time:******12:23:03 AM
User:******N/A
Computer:***RALF
Description:
The description for Event ID ( 1000 ) in Source ( Microsoft Internet Explorer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: iexplore.exe, 5.51.4807.2300, wininet.dll, 5.50.4918.600, 000066cb.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 35 2e 35 31 2e 34 e 5.51.4
0028: 38 30 37 2e 32 33 30 30 807.2300
0030: 20 69 6e 20 77 69 6e 69 in wini
0038: 6e 65 74 2e 64 6c 6c 20 net.dll
0040: 35 2e 35 30 2e 34 39 31 5.50.491
0048: 38 2e 36 30 30 20 61 74 8.600 at
0050: 20 6f 66 66 73 65 74 20 offset
0058: 30 30 30 30 36 36 63 62 000066cb
0060: 0d 0a ..


Event Type:***Error
Event Source:***Microsoft Internet Explorer
Event Category:***None
Event ID:***1000
Date:******10/1/2002
Time:******9:05:30 PM
User:******N/A
Computer:***RALF
Description:
The description for Event ID ( 1000 ) in Source ( Microsoft Internet Explorer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: iexplore.exe, 5.51.4807.2300, vsapi32.dll, 6.150.0.1001, 0004d99a.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 35 2e 35 31 2e 34 e 5.51.4
0028: 38 30 37 2e 32 33 30 30 807.2300
0030: 20 69 6e 20 76 73 61 70 in vsap
0038: 69 33 32 2e 64 6c 6c 20 i32.dll
0040: 36 2e 31 35 30 2e 30 2e 6.150.0.
0048: 31 30 30 31 20 61 74 20 1001 at
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 34 64 39 39 61 0d 004d99a.
0060: 0a .

Jerry,

I'm wondering if you've tried to do a Repair on Internet Explorer? In Control Panel > Add/Remove Programs > select "Microsoft Internet Explorer 5.5 and Internet Tools" and do "Add/Remove" (might be "Change/Remove" on W2K). There's is an option on the next screen that comes up to "Repair" IE, rather than actually removing it.

It's possible if you just shutdown your system to stop all those pop-ups that it was damaged somehow.

Just a thought,
LowWaterMark

can't , no ie5 shows up in add remove . tried going through explorer and reinstalling , did no good . still happens .

Hi Jerry666,

This is a quote from: AT&T Help (http://help.att.net/docs/howto/other/win/how_ie5_w95-3x_repair-tool.htm?customercontent=customer_browser)

Alternate fix to repair Microsoft Internet Explorer 5.x for Windows 2000:

From the Start menu, choose Run.
In the Run window, type rundll32 setupwbv.dll,IE5Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINNT\IE Uninstall Log.Txt" Note: The command is case-sensitive.
Choose the OK button.
Select the Repair Internet Explorer option and choose the OK button.
Choose the Yes button to continue with the repair.
Restart the computer when you are prompted and allow the computer to configure Microsoft Internet Explorer.

Instead of typing the command, I would recommend copy & paste ;)

Please try and see if that helps.

Regards,

Pieter

Iexplore/Unknown page faults are often due to conflicts with internet related applications, and this routinely means spyware.

Would you please follow up on Pieter's advice and post a Hijack This log?

That will help us to either rule out that possibility, or hopefully to pinpoint the cause of the problem.

here is thelog from highjack this . noithing looks out of place . i keep a clean comp , no scripting active-x or java running , jusy ay win updates . maybe you can find the culprit .

and i tried the above att+t alternate fix , no luck , but thanks good trick !

You're right. That looks pretty clean to me.

You could try unchecking "enable third party browser extensions" in Internet Options > Advanced, to see whether one of your BHOs could possibly be causing this.

As for repairing IE, do I understand correctly that you did re-install Internet Explorer?

Also, please go to IE > Help > About IE, and tell us the Version info you see there.

yes i went through explorer and clicked instal to reinstall

version 5.50/4807.2300

-{ Quote: " quoting: Jerry666 link=board=9;threadid=5956;start=0#39530 date=1041713841]
yes i went through explorer and clicked instal to reinstall
" }-

I'm sorrty, but I fail to understand what you mean by that.

If you want to re-install Internet Explorer, either go to the Windows Update site, find the version of IE you need, and install it,'or, in case you have the Internet Explorer cabs on your hard drive, find your "Windows Update Setup Files" folder, locate Ie5setup.exe, and doubleclick that in order to redo the install.

Did you do one of those things, and if so, which one exactly?

And We still don't know the exact version info either.

went to explorer>programs > ie > w2k >double clicked on
expinst that or ie uninstall double clicked w2kexcp , not sure which i did , but it did reinstall ie with an older version of 5.5 , had to run update to get service packs

version is 5.50.4807.2300 , are there other #'s you would need ?

thanks again .

I´m wondering about one more thing:

-{ Quote: "Event ID: 1000
Date: 1/4/2003
Time: 1:07:34 AM
User: N/A
Computer: RALF
Description:
The description for Event ID ( 1000 ) in Source ( Microsoft Internet Explorer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer." }-

Event ID 1000 seems related to roaming user profiles and behind user it reads N/A
Did the error report state that originally or did you change that for privacy reasons?

Regards,

Pieter

no i changed nothing . i'm not that paranoid . what you see is what i got .

thanks guys , this is driving me insane !

In that case I´ve got a lead but not the foggiest what to do with that yet.

This is what I mean: The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. That is from your error reports.
Do you have a passworded Administrator account that is not used by default. If so: try rebooting and log in under that account. I´d like to know if IE works for you then.

Regards,

Pieter

good idea ! tried alkl accounts , no luck ! maybe if i keep sending error reports to MS they will fix it , that or send a hit team to my house .

Hi, Jerry. I could be way off on this one, but since it sounds like you've tried everything else, I figured it wouldn't hurt to ask: Did you by any chance happen to install the MS Update #329170? I have read on other threads where installing this update wreaks havoc with shutdowns, and uninstalling it provides the fix. There are several threads on other forums that discuss it in more detail. I'll post some here just in case:

http://www.broadbandreports.com/forum/remark,5312830~root=winme~mode=flat

http://www.broadbandreports.com/forum/remark,5394543~root=winme~mode=flat

Hope it helps.

(NOTE: I've found sometimes with these links that in order to actually get to the site you might need to highlight the entire link, then copy/cut/paste into your address bar.)

sk

Hi SK. Try using URL tags likes these before and afetr the link. Some links are broken because of ; and ~ signs in them. There may be more, but these two ruin links to MS Knowledgebase and DSLR. Pieter

yes i got rid of that , did not like the 60sec shutdown delay . oh well looks like reinstall os time !!

You might have an application that is causing this and could try shutting them down one by one.

I for one have tried using the repair feature for IE and found if you have a fast internet connection, downloading IE completly new id the only way to sometimes fix it.
I don't mean download the small IE file you usualy get and then after clicking on that file it starts the main download. I mean download the entire 12 meg file. If this don't work you may have damaged a Windows System file. Those dang porn sites AND Warez are good for
smashing you with popups >:(

well i shut down ie 2 times , no error report ???????? go figure i threaten to install os it fixes itself ??

Maybe you shut off the feature to show the report screen in the mean time ? ???

-{ Quote: " quoting: Jerry666 link=board=9;threadid=5956;start=15#39581 date=1041722705]
well i shut down ie 2 times , no error report ???????? go figure i threaten to install os it fixes itself ??
" }-Well, like you say: Yabbba Dabba Doo!! Hope it keeps up!

sk

but look at what was just found !!!!! whats this !!!! could it be a false positive ?

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
Port 1784/TCP is open (matches Snid.120)
Port 1784/TCP is open (matches Snid.212)
Memory scan
No trojans found in memory
File scan (autostarted files, running executables)
While scanning C:\WINNT\system32\NeroCheck.exe: File C:\Program Files\Winamp\Winampa.exe not found
No trojan files found

-{ Quote: " quoting: Jerry666 link=board=9;threadid=5956;start=15#39585 date=1041723245]
but look at what was just found !!!!! whats this !!!! could it be a false positive ?
" }-Woah, there, Freddy - looks like your 1784 is wide open. I don't know about that one. Wouldn't want Dino to be running out any open port. I remember when something like that that happened to Wilma's pet stegasoris. Sure wouldn't want that to happen to good ol Dino!

sik

;)

(And what's up with that Snid, anyway?) ISS shows it as High Risk
http://www.iss.net/security_center/static/5356.php

just dis a port scan from 1733 to 1799 , reports all stealthed ? on my logs i only see outlook using ports in that range . not often just 3 times

i'm runnung 2000 says only effects 95 and 98 , does this mean i'm safe ?????

-{ Quote: " quoting: Jerry666 link=board=9;threadid=5956;start=15#39592 date=1041724859]
i'm runnung 2000 says only effects 95 and 98 , does this mean i'm safe ?????
" }-That's what I was wondering. But I'm not that up on the different viruses, though I am positive someone here is. At least on the surface it sounds ok and was probably only a false positive.

sk

Hmm, I'm more interested as to what program was listening on port 1784. The scan summary pasted above doesn't say. It's simply pointing out during its Port Scan phase that something is listen on 1784/TCP. But, that could be anything that uses a random or sequentially assigned port above 1024, not just that possible piece of malware.

On Windows 2000, I think you can run a "netstat -ano" in a CMD window, at least you can do this on Windows XP. The little "o" causes netstat to list the process id (PID) that is related to the open/listening ports. You can cross reference that to the process list in the task manager to identify the program using a port.

Or, a tool like Fport from Foundstone will show you the program name directly. Fport is a free tool available from the link below. One great thing about it (and most tools from Foundstone) is that you don't even need to install it. You just unzip it, and run Fport.exe from a CMD/DOS prompt, and it displays the information.

http://www.foundstone.com/knowledge/proddesc/fport.html

Knowing the program holding a port open is key to tracking down whether or not you have a Trojan or if that port being used is just a coincidence.

well the new ad-aware found the problem . i think . have not had it happen since it rmoved bho that spybot and old adaware missed . something to do with time and watch top 50 ? i deleted it by mistake , but NO MORE ERRORS ~!!