microsoft visual c++ runtime library run time error program: c:\windows\explorer.exe

[exujing]

Hi there,
I've run Spybot and Hijack This, and below is the log.
The problem I experience is a pop box with the following message:
microsoft visual c++ runtime library
run time error
program: c:\windows\explorer.exe
abnormal program termination
It only happens to certain websites.

Logfile of HijackThis v1.97.7
Scan saved at 11:31:56, on 01/06/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\IBM\Application Developer Integration Edition\IBM Agent Controller\bin\RAServer.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINNT\System32\WMRUNDLL.EXE
C:\WINNT\System32\WMRUNDLL.EXE
C:\NOVELL\ZENRC\WUOLService.exe
C:\WINNT\System32\drivers\ldlcserv.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\NALDESK.EXE
C:\WINNT\System32\dpmw32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\NWTRAY.EXE
C:\WINNT\loadqm.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\internet explorer\IEXPLORE.EXE
\EDIT01_FS\sys\public\zenworks\ntscan32.exe
C:\My Documents\downloaded software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.directline.com/itnet...netframes?open
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Direct Line Group Services
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.directline.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = datatrain*;*.directline.com;*.directline.co.uk;*.privilege.com;*.u-k-i.com;*.tesco-insurance.co.uk;*.greenflag-breakdown.com;*.jamjar.com;*.jamjarcars.com;192.168*;10.128*;190.100*;191.254*;172.16*;*.rbsgrp.net;*.dlfs.com;*.companies-house.gov.uk;<local>
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://cpqjump.av.com/cpq/cid/1Q00/kb3/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINNT\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://11.134.100.251/trackdoc/trkpm660ie.cab
O16 - DPF: {CDBD9968-7BF1-11D4-9D36-0001029DEBEB} (Loader Class) - http://10.128.202.11/tdbin/Spider.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = directline.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = directline.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = directline.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =

[Pieter_Arntz]

Hi exujing,

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://11.134.100.251/trackdoc/trkpm660ie.cab
O16 - DPF: {CDBD9968-7BF1-11D4-9D36-0001029DEBEB} (Loader Class) - http://10.128.202.11/tdbin/Spider.ocx

Are you using Sun Java or MicroSoft Virtual Machine?

Regards,

Pieter

[exujing]

Hi Pieter, thanks for your prompt reply. I have tried HijackThis fix and rebooted, but it didn't help. I am using Sun JVM but in internet options, advanced tab, all three checkboxes under Microsoft VM are checked.
Thanks
Jing

[Pieter_Arntz]

Hi Jing,

Uncheck all but the first one of those three and download the correct language version of Windows Script 5.6
http://www.microsoft.com/downloads/d...displaylang=en
You can select the language on the right hand side.

Download and install.

Regards,

Pieter

[exujing]

Dear Pieter,

I have installed Windows Script5.6 and rebooted, but the error still comes up. The difference I noticed is that I used to get two pop boxes with the same error msgs for one website, now I am only getting one before the window is closed.

Thanks
Jing

[Pieter_Arntz]

Hi exujing,

The only other thing I can think of is a corrupt MacroMedia Player.

Fix these:
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

You will be prompted to install the latest as soon as you visit a site where you need it.

Regards,

Pieter

[exujing]

Hi Pieter,

The link didnt work, but I have tried to reinstall Macromedia player.. no luck either..

Jing

[Pieter_Arntz]

Clutching at straws:

http://www.mcse.ms/message639960.html

If that does not help click Start > Run type or copy&paste sfc /scannow >OK (If you type, there is a space between sfc and /scannow)
Windows will look for outdated, corrupted or missing system files and prompt you when it finds one.

Regards,

Pieter

[exujing]

Hi Pieter,

I couldn't do that because i dont have win2k CD at hand. Instead I reimaged the harddisk. It works fine now. but I still wonder what the problem is about. Could you share some info with me?

Thanks!
Jing

[Pieter_Arntz]

Hi Jing,

No idea really. I was hoping that a Windows file would turn out to be damaged or replaced.
Some programs replace Windows files when they get installed, which is almost never a problem untill the program gets uninstalled, taking the replacement for the Windows with it lor putting back an outdated copy of the original.

Regards,

Pieter