Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't Open IE 6.0 in a limited user account with Windows XP pro 2

Status
Not open for further replies.
DoctorEd

DoctorEd

IS-IT--Management
May 22, 2002
23
0
0
US
I am having some problems that cropped up recently. I am running a Dell Computer with XP pro. On my User accounts whenever I try to open IE I get an error message that says: "Internet Explorer has experienced a problem and needs to close. We are sorry for the inconvience" If I make the account an Administrator account all works good. Also any application running on these user accounts will get an error: "sysFader: Explorer.EXE - Application error. and a RunTime error 217 at 00013d2e". This problem also goes away if I make the account an Administrator account. This account and the guest accounts and probably any limited user account I create will act like this. The problem is it used to work fine until I started setting up a network in the house with my laptop running Win 2000 pro. The user account is my 17 yr old son's account and I don't want him changing settings etc etc...any suggestions would be helpful.
Thanks, Doc.
 
Sort by date Sort by votes
I seem to be having a very similar problem and even posted an almost identical question in this same forum just a few minutes ago.

Can you still use IE if you ignore the error message?

S.P.
 
Upvote 0 Downvote
I'm Guessing either a problem with a recent IE update, Have either of you ran Windows Update in the last couple of days?

Or a trojan of some sort, download Hijack This from Open the software and click on the Config Button. Then click on the Misc Tools button and then click on the Generate Startup List.

Post the contents here. This log will show you what IE tries to start when it opens among other things.

Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Upvote 0 Downvote
Yes, I downloaded loads of Windows update files, just a couple of days ago.

I'll download Hijack and follow your instructions and let you know.

Thanks for now.

S.P.
 
Upvote 0 Downvote
Dear Greg,

This is what I got.

S.P. __________________________ :


StartupList report, 09/11/2003, 21:40:07
StartupList version: 1.52
Started from : C:\Documents and Settings\Sandr\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\ggviewer67-48.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\createcd50.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\Sandr\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
CreateCD50 = "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
AdaptecDirectCD = C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
WheelMouse = C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
%%DELETE_VALUE%% = CreateCD50
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINNT\System32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\System32\ssbezier.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\WINNT\System32\amcis.dll - {EBBFE27C-BDF0-11D2-BBE5-00609419F467}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (PYRAMID-Sandro).job
McAfee.com Update Check (PYRAMID-Moira).job
McAfee.com Update Check (PYRAMID-Julia).job
Scan for Viruses.job
Disk Defragmenter.job
McAfee.com Update Check (PYRAMID-Sandr).job
McAfee.com Update Check (PYRAMID-Vanessa).job
McAfee.com Update Check (PYRAMID-Guest).job
McAfee.com Update Check (PYRAMID-test).job
McAfee.com Update Check (PYRAMID-Was Sandro).job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\IEAWSDC.DLL
CODEBASE =
[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll
CODEBASE =
[Office Update Installation Engine]
InProcServer32 = C:\WINNT\opuc.dll
CODEBASE =
[McAfee.com Operating System Class]
InProcServer32 = C:\WINNT\System32\mcinsctl.dll
CODEBASE =
[OPUCatalog Class]
InProcServer32 = C:\WINNT\System32\opuc.dll
CODEBASE =
[Update Class]
InProcServer32 = C:\WINNT\System32\iuctl.dll
CODEBASE =
[DwnldGroupMgr Class]
InProcServer32 = C:\WINNT\System32\McGDMgr.dll
CODEBASE =
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE =
--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll
PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll

--------------------------------------------------
End of report, 6,618 bytes
Report generated in 0.180 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Upvote 0 Downvote
The following Starts everytime you open internet explorer and is adware

(no name) - C:\WINNT\System32\amcis.dll - {EBBFE27C-BDF0-11D2-BBE5-00609419F467}

You can find info on this file here


Download Spybot from and adaware from both are free. Run the scans on both of them to remove any spy/adware.

After doing this see if you still have the problem. If not great, if you do then try removing the google tool bar from your system. I have know this to cause different problems before.

If all this fails try using the system restore feature to revert back to a date before running the updates.

Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Upvote 0 Downvote
Great feedback Greg. Sure enough, SpyBot and AdAware did the trick.

Thanks and cheers.

sp.
 
Upvote 0 Downvote
Would some sort of hijack problem be only associated with a limited user account and not an administrator account. When I get the error message in the limited user account IE will not open no matter what I do. If I convert the limited user account to an Administrator account the IE will open up as if no problem exists. If I convert the account back to a limited user it will not allow IE to oopen up at all. Is it possible spyware and virus's would be that selective? I will do what was suggested with the tomcoyote thing and post the results but I just don't think that is the problem.
Thanks...Doc
 
Upvote 0 Downvote
Doctored2, The Hijact This suggestion will likely not solve the problem you are having with the limited users. However it more than likely down to incorrect permissions. It is worth ruling out any nasties though, if you do have something installed that runs when IE is started it is possible that that nastie needs admin rights to work properly. The Hijack This software among other things shows you what starts along with IE.

Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Upvote 0 Downvote
OK, here is my startup list...hope you see something that will help!!!

StartupList report, 11/12/2003, 6:23:23 PM
StartupList version: 1.52
Started from : C:\unzipped\hijackthis\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Norton Internet Security Professional\ATRACK.EXE
C:\unzipped\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
iamapp = C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
DellTouch = C:\WINDOWS\DELLMMKB.EXE
MsmqIntCert = regsvr32 /s mqrt.dll
WinampAgent = "C:\Program Files\Winamp\Winampa.exe"
Start = C:\PROGRA~1\COMMON~1\jcsetcom.exe
ComcastSUPPORT = C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
AIM = C:\Program Files\AIM95\aim.exe -cnetwait.odl
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\LOGON.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

MyWay Search Assistant BHO - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing) - {04079851-5845-4dea-848C-3ECD647AA554}
myBar BHO - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\System32\btiein.dll - {63B78BC1-A711-4D46-AD2F-C581AC420D41}
(no name) - C:\WINDOWS\SYSTEM32\moz030715s.dll - {87D5D689-88A9-47AE-9087-56CECF11EA5C}
(no name) - C:\PROGRA~1\Toolbar\toolbar.dll - {8952A998-1E7E-4716-B23D-3DBE03910972}
CSBrBHO - C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\WINDOWS\SYSTEM32\poslqyjk.dll - {CDEF54C1-2CAB-447D-BCF5-ADB93776078E}
(no name) - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B}
(no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Disk Cleanup.job
Norton AntiVirus - Scan my computer.job
Norton AntiVirus 2002.job
Norton Internet Security Professional.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE =
[QCV6C020.Install]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\QCV6C020.ocx
CODEBASE =
[VisionRx.com Visual Acuity Test Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\xctestctrlsrv.dll
CODEBASE =
[{26E8361F-BCE7-4F75-A347-98C88B418322}]
InProcServer32 = C:\WINDOWS\DOWNLO~1\btiein.dll
CODEBASE =
[Register Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HWUtils.dll
CODEBASE =
[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE =
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE =
[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE =
[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE =
[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE =
[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE =
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE =
[DASWebDownload Class]
InProcServer32 = C:\WINDOWS\DASAct.dll
CODEBASE =
[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx
CODEBASE =
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE =
[ContentAuditX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONTEN~1.OCX
CODEBASE =
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\swflash.ocx
CODEBASE =
[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\OUTC.DLL
CODEBASE =
[{EE2589EB-7FC8-44DB-A892-573F2C4B41E0}]
CODEBASE =
[{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
CODEBASE =
--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\System32\upnpui.dll

--------------------------------------------------
End of report, 9,129 bytes
Report generated in 0.234 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

This is from my stepson's limited user account. Thanks
 
Upvote 0 Downvote
ComcastSUPPORT = C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
is spyware, take a look at for details.

Start = C:\PROGRA~1\COMMON~1\jcsetcom.exe is an entry I am unfamiliar with, I could not find any information on this file.

The following are items that start with IE and are likely the cause of your problem.

MyWay Search Assistant BHO - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing) - {04079851-5845-4dea-848C-3ECD647AA554}
myBar BHO - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
(no name) - C:\WINDOWS\System32\btiein.dll - {63B78BC1-A711-4D46-AD2F-C581AC420D41}
(no name) - C:\WINDOWS\SYSTEM32\moz030715s.dll - {87D5D689-88A9-47AE-9087-56CECF11EA5C}
(no name) - C:\PROGRA~1\Toolbar\toolbar.dll - {8952A998-1E7E-4716-B23D-3DBE03910972}
CSBrBHO - C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing) - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293}
(no name) - C:\WINDOWS\SYSTEM32\poslqyjk.dll - {CDEF54C1-2CAB-447D-BCF5-ADB93776078E}

I would recommend Doing a scan on Hijack this and removing the following items. Hijack This will make a backup of the items. However they are a sellection of Ad/Spyware that are not needed.


Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Upvote 0 Downvote
Hey Greg,
You were right...I did the Ad/Spyware scan, removed a BUNCH of stuff...now all is good...wife and stepson happy again!! Thanks for your help...
I can't tell how you know that those items you mentioned started up with IE...is it just experience or is there something in the name of the files that tell you that bit of information. I am a new IT guy working in a field that really doesn't expose me to the things that I saw on my machine. Any insights would be good. Thanks a lot,
Ed Pierce
doctored2@comcast.net
 
Upvote 0 Downvote
I would recommend killing the following two as well. Not positive they are evil, but they look that way.
Remove and keep the backups.

[ContentAuditX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONTEN~1.OCX
CODEBASE =
[{26E8361F-BCE7-4F75-A347-98C88B418322}]
InProcServer32 = C:\WINDOWS\DOWNLO~1\btiein.dll
CODEBASE =
 
Upvote 0 Downvote
will give you some idea of what the Scan contains and a rough idea on what each section is for.

However the way I identified the items to remove was a combination of Knowledge and google. If you are not sure of an entry in the scan take the file name, for example tgkill.exe, and search for it in google.

If you haven't already got them then download the following two piece of free software. They are great at detecting Ad/Spyware.


Download Spybot and Adaware Run the scans on both pieces of software.

Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
193
guitarzan
guitarzan
VicM
  • Locked
  • Question
Problem updating Windows Explorer
Replies
1
Views
162
Nancycaf
Nancycaf
pjw001
  • Question
Latest Windows Update - End of Service
Replies
2
Views
199
pjw001
pjw001
pjw001
  • Question
Windows 11 Screen Colours have changed (slightly) 3
Replies
14
Views
774
pjw001
pjw001
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
94
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top