Explorer Error

raynertj · February 22, 2006

Here's the hijack log

Logfile of HijackThis v1.99.1

Scan saved at 5:34:04 PM, on 2/22/06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI ADAPTER\WMP54GV4.EXE

C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE

C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE

C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\HPFBKG13.EXE

C:\WINDOWS\HPFTBX13.EXE

C:\WINDOWS\SYSTEM\HPFVLS13.EXE

C:\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

F1 - win.ini: run=hpfsched

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe

O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe

O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: Event Reminder.lnk = c:\PMG4\PMREMIND.EXE

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://workfromhome.mmm.com/msrdp.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

Steamhead · February 22, 2006

Hello trojan,

Your log is clean. Perhaps if you can give me more details as to exactly what the error says I may be able to help you out a little more. When did this start happening? Are you experiencing any other problems that may be related?

Thanks a lot

Steamhead

raynertj · February 23, 2006

It started doing it 2 nights ago. Here's what came up.

When the computer rebooted I would get an error while the desktop is loading.

"this program (explorer) has preformed an illegal operation and will be shut down" None of the desktop icon will load. If I close the warning I lose access to the start bar. When I click on details I get" Explorer caused an invalid page fault in module SHELL32.dll at 0187:66869ad4.

Registers:

KAX=00439a24 CS=0187 KIP=66869ad4 EFLGS=00010246

KBX=00015e3 SS=018f ESP=0059dea8 KBP=0059dec0

ECX=00439b6d DS=018f ESI=00439b65 FS=227f

KDX=00003535 KS=018f EDI=0043d0a2 GS=24e6

It would not let me into Safe Mode without the same problem occuring.

Now here's the curious part I shut it down for a day planning on working on it the next night. When I booted it up everything came up normal. The virus scans aren't picking anything abnormal so I'm not sure what to think at this point.

Steamhead · February 24, 2006

Hello trojan,

I don't believe your problem is malware-related. I'm going to move this topic to the PC Support forum, where you'll be able to receive further assistance.

TheTerrorist_75 · February 24, 2006

How long had the computer ran before being rebooted? Win98SE needs to be rebooted now and then or it will run low on resources. How much memory does the PC have? When is the last time you booted into Safe Mode and ran Disk Cleanup, ScanDisk and Defragged? Do you keep your cache cleaned? Win9X/ME don't like to be continually on like NT based Windows or 'nix.

JDoors · February 24, 2006

I think we can overlook Windows resources as the problem as it only occurs during bootup.

If it occurs frequently a fresh install may be your best option. With the age of the '98 OS there's bound to be some errors in the files and registry that may cause the boot process to fail. Due to various factors every item loaded during bootup isn't processed in exactly the same order every time. Windows may be able to load before the bad files or entries load, or Windows may not get the chance to load before those errors load and the boot process would fail. A fresh install would resolve that.

TheTerrorist_75 · February 24, 2006

I think we can overlook Windows resources as the problem as it only occurs during bootup.
If it occurs frequently a fresh install may be your best option. With the age of the '98 OS there's bound to be some errors in the files and registry that may cause the boot process to fail. Due to various factors every item loaded during bootup isn't processed in exactly the same order every time. Windows may be able to load before the bad files or entries load, or Windows may not get the chance to load before those errors load and the boot process would fail. A fresh install would resolve that.

Actually if he keeps using his programs installed on Win98 and never rebooting his resources would stay low. He also has a crap load of *&%%#$ at startup so his initial resources may be low to begin with. Win98 needs to be rebooted especially after using some memory intensive programs that were poorly written.

Language removed. PMs appreciated!

Edited February 26, 2006 by TheTerrorist_75

raynertj · February 25, 2006

When the problem started I did try to go into Safe Mode to run the scans but the issue prevented the start bar from showing .

I do clear the Cache on a regular basis and run Window washer daily. Re the Scan Disk and defrag I also do that periodically and did do that when the problem occured.

You mention about having a lot of stuff on startup. What are you suggesting that I go into msconfig and remove from the startup.

Thanks

JDoors · February 25, 2006

It wouldn't hurt, for troubleshooting purposes, to start clean (without any additional utilities or programs loading), but it would be unlikely that Windows can't start due to low resources immediately following a reboot. If one of those startup programs is the source of the problem that'd be the way to check.

BTW: Windows can "function" with very low resources (I've been down to 10% with slow performance being the only effect -- however I did reboot for safety's sake). I often, probably usually, run at close to 30% with no trouble at all.

jcl · February 26, 2006

When I click on details I get" Explorer caused an invalid page fault in module SHELL32.dll at 0187:66869ad4.

Win9x error messages are pretty useless. SHELL32.DLL could be borken. Lots of other possibilities. Low resources seems improbable but not impossible.

Edited February 26, 2006 by jcl

February 26, 2006

Hi trojan,

I hope this help, but click Here to have a read of what I have found on the problem:

Explorer caused an invalid page fault in module SHELL32.dll at 0187:66869ad4.

Registers:

KAX=00439a24 CS=0187 KIP=66869ad4 EFLGS=00010246

KBX=00015e3 SS=018f ESP=0059dea8 KBP=0059dec0

ECX=00439b6d DS=018f ESI=00439b65 FS=227f

KDX=00003535 KS=018f EDI=0043d0a2 GS=24e6

As I said before I hope this helps.

one person on there suggested:

ECA
try the TREND micro, one...It kills them..

raynertj · February 26, 2006

Thanks, I did find that correspondence in the link after I'd sent the initial message that was subsequently moved to this forum.

Still not sure what caused it. What about removing some items from the start-up menu and which ones would you suggest. This is an older Compaq computer with 2 hard drives. Each has about 7 GB. The "C" drive has about 2.4 GB free.

Thanks

TheTerrorist_75 · February 26, 2006

Your biggest resource problems are all of the security programs you have running especially Norton. No wonder your system slows down.

These are required at startup and can safely be disabled.

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

*O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup

* Disable this within the program's options or it will reenable itself it startup.

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Event Reminder.lnk = c:\PMG4\PMREMIND.EXE

raynertj · February 26, 2006

How's this look

Logfile of HijackThis v1.99.1

Scan saved at 3:20:04 PM, on 2/26/06