Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot run IE from default location


  • Please log in to reply

#1
busdriver12

busdriver12

    Member

  • Member
  • PipPip
  • 23 posts
I recently had a spyware infection associated with Messeger Plus!. After subsequent spyware/virus scans which involved cleaning various spyware and a couple of trojans, I cannot run Internet Explorer from it's default location (c:\Program Files\Internet Explorer) any more. When I do, this dialog is displayed.

I have found another copy of iexplore.exe in the C:\WINDOWS\system32\dllcache which runs Internet Explorer fine. I have tried a number of suggstions, but it appears as though I have lost permission to use this file/directory even though I am an adminitrator on this machine.

Any suggestions how I can rectify this? Re-installing IE did not help :D

Thanks in advance

<_<
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi busdriver12. Welcome to Geeks to Go. <_<

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
busdriver12

busdriver12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi busdriver12. Welcome to Geeks to Go.  <_<

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.


Thanks for that. This is my most recent HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 19:50:09 , on 14/10/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\totalcmd\TOTALCMD.EXE
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
  • 0

#4
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - ~

Locate and delete the following in bold, (if found):
C:\Program Files\GetRight
C:\WINDOWS\web\related.htm

Reboot and post a new log here please.
<_<
  • 0

#5
busdriver12

busdriver12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


All done, but no change. I still cannot run IE from that location. I have also checked the ownership of the file, and it belongs to me.

Whilst composing this message I had a brainwave. I renamed the file to iexplor.exe and it runs! However, another copy of iexplore.exe appeared in the directory which cannot be run. I am starting to think there is indeed something running in the background causing this.

My GetRight is now broken so I have uninstalled that properly.
  • 0

#6
busdriver12

busdriver12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Oops! It helps if I posted the HijackThis log <_<

Logfile of HijackThis v1.98.2
Scan saved at 11:29:23 , on 15/10/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
  • 0

#7
Yarnouth

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts

My GetRight is now broken so I have uninstalled that properly.

Sorry about that .
  • 0

#8
busdriver12

busdriver12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Sorry about that .

View Post


No worries! <_< I must admit to being a little puzzled at the time, but I figured it was worth if only for elimination purposes.

Yesterday, I had a brainwave. I renamed the file to iexplora.exe and it runs! However, another copy of iexplore.exe appeared in the directory which cannot be run. I am starting to think there is indeed something running in the background causing this.
  • 0

#9
busdriver12

busdriver12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I recently had a spyware infection associated with Messeger Plus!. After subsequent spyware/virus scans which involved cleaning various spyware and a couple of trojans, I cannot run Internet Explorer from it's default location (c:\Program Files\Internet Explorer) any more. When I do, this dialog is displayed.


I have finally found the solution! :D

To be honest, I had put this one on the back burner to tackle later, as I use Firefox as my default browser and only needed IE for those few sites that were desgined specifically for it.

Last night my Kerio Personal Firewall asked if I wanted to update it to which I did. During the process it deleted all it's rules and settings and I am now starting afresh with it. I needed to burn a CD this morning, so as per usuual, I unloaded all my resident programs i.e. virus scanner, Sybot Tea Timer, Kerio Firewall. After this was done I needed to have a look at a HTML file on my HDD and thought I'd have another go at IE, and BINGO! It started up (something I haven't been able to do for a few weeks!)

After thinking about it, it is now obvious that Kerio was the culprit in not letting me access IE. When I discovered I could use IE initially, I restarted windows so I could use the process of elimination to find which of the resident programs I had disabled, was denying my access to IE. After Windows had restarted, I was still able to run IE which means that Kerio was the cuplrit. Why? Because all of Kerio's rules has been erased in the upgrade from the night before. I am currently re-learning all the rules for Kerio and IE was one of them when I first access the net with it.

Sorry for the long post, but I thought it worthwhile walking you through my thought processes so that you could see how I arrived at the solution. I hope this will help any others who find themselves in a similar postion in the future. Thanks to Yarnouth and Coachwife6 who tried to help out. It's appreciated <_<
  • 0

#10
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Thanks for the update! Firewalls are great for security, but as you've found they're not without their own set of problems.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP