something displayed as "Iexplorer.exe" or "lexplorer.exe", in the CTRL-ALT-DEL Close Programs dialog a few mins after I had already closed Internet Explorer 6 by hitting the [X] button. Not sure if it was I or L because of the display font at the time. It only showed for a few seconds then as I was looking at it poof it disappeared. Nothing showed in the Processes either but this was after it disappeared.

DOES the authentic application IE6 use the terms "Iexplorer.exe" or "lexplorer.exe" to display its name under CLOSE PROGRAMS ?

Because right now as I am on the net with IE6 when I look it only says "Explorer" with nothing starting with an L or I and with no EXE extention...

what is this ? I only saw that once but never since?

I don't think there's a Windows file by that name.

However a number of backdoor Trojans (subseven among others) are called IexploreR.exe

There are a lot of Google hits if you look for Iexplorer.exe, but I'd venture a guess that most of them are typos.

If you're running Win95/98, or ME you could download StartLog.com from this site: Panda Active Scan (http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html>http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html</a>

Doubleclick)

Are you running an anti-trojan? If not, maybe download an evaluation copy of <a target="_blank" href=http://www.moosoft.com/intro.php>The Cleaner</a>, update with MooLive after D/L, and deep-scan your drives.

All this may sound like overkill, but you can't be careful enough with these things.

I found nothing unusual in Startup log.

but this part I don't understand

-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"OldRealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldRealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"StubPath"=""
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"=""
"StubPath"=""
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=================-
WINSTART.BAT File - (c:\windows\winstart.bat)
-=================-

@C:\WINDOWS\tmpcpyis.bat

this file tmpcpyis.bat does not exist on my HD

I think this may be the reason why I am getting the "Bad command or file name" after autoexec.bat finishes loading.

what is it any way?

the rest of Startup.log is what I expected.

But I don't understand what is the purpose of the [Rename] section.
Could you elaborate a little on this perhaps, and may be on a real world example of "Stubpath". I already read through that file and it seems to me this is what they use to register apps in Windows? Is this assumption wrong?

Say if I remove/add a stubpath line ; what is going to happen ?

This is about the Stubpath:

"The application referenced by a StubPath entry is only run once when Windows is started.
At that time a corresponding entry is automatically placed in the HKCU\...Active Setup\Installed Components section of the registry.
This added entry tells Windows to ignore that particular StubPath in all future start-ups.
Removing the added HKCU entry will make the StubPath active again. A New User logging into Windows can also activate it. "

If I understand right, if included here, an application starts even BEFORE programs started from the Reg's Run/RunServices keys.

The Winstart.bat file is used to load terminate-and-stay-resident (TSR) applications that are required for Windows-based programs and are not needed in MS-DOS sessions.

And here's a MS article which sheds some light on tmpcpyis.bat:

<a target="_blank" href=http://support.microsoft.com/default.aspx?scid=kb;EN-US;q245560>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q245560</a>

It does not have anything to do with your Autoexec.bat.

I don't really see anything there that deserves further attention, and about the remainder of your startup log I'm in the dark, as you didn't post it.

Why not do it anyway. You never know.

Cheers, Tony

OK I understand the definition given by startup log, I am just not clear about the meaning *in practice* of this part: " tells Windows to ignore that particular StubPath in all future start-ups"

what does this mean exactly ... I really want to be clear about this part ; why would the author of any particular app want it ignored after doing a StubPath entry for the first time then no more, what is the point (the wisdom, the song, the reason etc..) behind that?

I hope you see what I mean.

in reference to the second part of your reply:
Why not "do" what? I am not sure what are you referring to?
If you mean my StubPath entries, here we go... StubPath in full :

-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"OldRealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldRealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"StubPath"=""
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"=""
"StubPath"=""
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=====================-
Stub Paths - Registry
-=====================-

[1] HKLM\Software\Microsoft\Active Setup\Installed Components
[2] These are "all" of the StubPath start-ups in your registry:

[3]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\\windows\\INF\\setupc.inf"
[4]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\\windows\\INF\\applets.inf"
[5]"StubPath"="c:\\windows\\SYSTEM\\rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection nls.hkcu.reg 0 c:\\windows\\INF\\fonts.inf"
[6]"StubPath"="rundll32.exe advpack.dll,LaunchINFSectionEx C:\\WINDOWS\\INF\\icw.inf,PerUserStub,,36"
[7]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\\windows\\INF\\icw97.inf"
[8]"StubPath"="rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}"
[9]"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
[10]"OldStubPath"="rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}"
[11]"OldRealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
[12]"StubPath"="rundll32.exe advpack.dll,LaunchINFSectionEx c:\\windows\\SYSTEM\\ie4uinit.inf,Shell.UserStub,, 36"
[13]"StubPath"="RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf"
[14]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\\windows\\INF\\msinfo.inf"
[15]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\\windows\\INF\\msinfo.inf"
[16]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\\windows\\INF\\motown.inf"
[17]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\\windows\\INF\\motown.inf"
[18]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Base 64 c:\\windows\\INF\\msmail.inf"
[19]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection ShellPerUser 64 c:\\windows\\INF\\shell.inf"
[20]"StubPath"="c:\\windows\\SYSTEM\\rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection schemes.reg 0 c:\\windows\\INF\\shell2.inf"
[21]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\\windows\\INF\\subase.inf"
[22]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\\windows\\INF\\subase.inf"
[23]"StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
[24]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection TapiPerUser 64 c:\\windows\\INF\\tapi.inf"
[25]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\\windows\\INF\\appletpp.inf"
[26]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\\windows\\INF\\mmopt.inf"
[27]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection OlsPerUser 64 c:\\windows\\INF\\ols.inf"
[28]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\\windows\\INF\\applets.inf"
[29]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\\windows\\INF\\applets.inf"
[30]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\\windows\\INF\\applets1.inf"
[31]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\\windows\\INF\\applets1.inf"
[32]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\\windows\\INF\\applets1.inf"
[33]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\\windows\\INF\\enable.inf"
[34]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\\windows\\INF\\motown.inf"
[35]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\\windows\\INF\\motown.inf"
[36]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\\windows\\INF\\motown.inf"
[37]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\\windows\\INF\\wordpad.inf"
[38]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\\windows\\INF\\rna.inf"
[39]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\\windows\\INF\\appletpp.inf"
[40]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\\windows\\INF\\appletpp.inf"
[41]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\\windows\\INF\\appletpp.inf"
[42]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\\windows\\INF\\appletpp.inf"
[43]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\\windows\\INF\\appletpp.inf"
[44]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 c:\\windows\\INF\\appletpp.inf"
[45]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\\windows\\INF\\appletpp.inf"
[46]"StubPath"="rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}"
[47]"OldStubPath"="rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}"
[48]"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
[49]"OldRealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
[50]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\windows\\INF\\CChat25.inf,PerUserAdd"
[51]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\\windows\\INF\\clip.inf"
[52]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\windows\\INF\\fpxpress.inf,PerUserstub"
[53]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\\windows\\INF\\mmopt.inf"
[54]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\\windows\\INF\\mmopt.inf"
[55]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\\windows\\INF\\mmopt.inf"
[56]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\\windows\\INF\\mmopt.inf"
[57]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\\windows\\INF\\mmopt.inf"
[58]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\windows\\INF\\msnetmtg.inf,NetMtg.Install.PerU ser.W95"
[59]"StubPath"=""
[60]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 c:\\windows\\INF\\ols.inf"
[61]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection OlsAttPerUserRemove 64 c:\\windows\\INF\\ols.inf"
[62]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection OlsCompuservePerUserRemove 64 c:\\windows\\INF\\ols.inf"
[63]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 c:\\windows\\INF\\ols.inf"
[64]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection OlsMsnPerUserRemove 64 c:\\windows\\INF\\ols.inf"
[65]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\\windows\\INF\\shell3.inf"
[66]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\\windows\\INF\\themes.inf"
[67]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\\windows\\INF\\themes.inf"
[68]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\windows\\INF\\wpie4x86.inf,PerUserStub"
[69]"StubPath"="RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP"
[70]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\chlen-me.inf,InstallUser"
[71]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\mplayer2.inf,PerUserStub"
[72]"StubPath"="rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}"
[73]"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
[74]"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
[75]"StubPath"=""
[76]"StubPath"=""
[77]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\windows\\INF\\msmsgs.inf,BLC.Install.PerUser"
[78]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\webfldrs.inf,PerUserStub.Install ,1"
[79]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_DCC_Inis_remove 64 c:\\windows\\INF\\rna.inf"
[80]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection NetservrPerUser 64 c:\\windows\\INF\\netservr.inf"
[81]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\wmp.inf,PerUserStub"
[82]"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[83]"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"
[84]"StubPath"="rundll.exe c:\\windows\\SYSTEM\\setupx.dll,InstallHinfSection IrXferPerUser 64 c:\\windows\\INF\\irxfer.inf"

----------------------------------------------------------------

(End)

after a few days of watching what is running in the background I now think it was Iexplorer (not L).
There seem to be some kind of delay after closing Internet explorer which normally shows the page title in the close prog box but that one time it showed Iexplorer..
the version under that process is 6.00

The strange thing is Windows explorer is also running although I am not using it. This shows ver 4.72 (W98)

Windows explorer is always running. It is the Shell. Without it, you would not be in Windows. You would be nowhere.

that is not what i mean, I meant it now displays the name all the time. Until the crash I had about a month a go it wouldn't show as any thing under [close program] unless I checked the processes.

Is there an option that controls this behaviour for win explorer
now it displays as "Explorer" under [close prog], which is fine, but before this was not the case, I am just curious as to why it did that...