Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 19 of 19 Posts

·
Registered
Joined
·
9 Posts
Discussion Starter · #1 ·
If the problem persists, contact the program vendor.

I've tried fixing explorer through the tools section of System Information with no success. It began when I got a virus and some spyware. I've since removed those, but sadly, this problem still remains. If I close it, it reappears and has now worsened that it doesn't allow me to open certain programs and often freezes the computer.

EXPLORER caused an invalid page fault in
module <unknown> at 0000:3478476a.
Registers:
EAX=3478476a CS=0167 EIP=3478476a EFLGS=00010206
EBX=10000000 SS=016f ESP=008dfc64 EBP=008dfc80
ECX=00000000 DS=016f ESI=00000003 FS=1b77
EDX=c00309cc ES=016f EDI=00000000 GS=0000
Bytes at CS:EIP:

Stack dump:
100042f8 10000000 00000003 00000000 00000000 10000000 81598388 008dfe48 bff7ddd6 10000000 00000001 00000000 00000000 10000000 81598388 8159795a

Thanks for having this forum and any assistance would be greatly appreciated. :)
 

·
Retired Moderator
Joined
·
14,171 Posts
What programs are affected?
Control Panel?
Browser?
Windows Explorer?
My Computer?

Is everything ok at bootup? No error messages at that time?

Have you tried accessing these programs in Safe Mode to see if you can duplicate the error?
_______________________________________________________________

Follow the steps in this article to see if a specific program is causing the problem
How to Perform Clean-Boot Troubleshooting for Windows 98

(Make a note of the programs listed in the System Configuration Utility)
Start > Run
key in:
msconfig
Select the Startup tab
Note all programs and whether they are checked to run at startup or not.
You can post them here as an aid for us.

You have scanned for new viruses since?
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #6 ·
The majority of programs won't open in normal mode. The DSL is able to connect and IE functions well enough once its up. Things like Paint, Corel, My Computer, Control Panel and the like won't open in normal. No error messages until Windows comes up. The message doesn't come up in safe mode. I did an AVG virus scan which says everything's ok. Here's what I have checked for startup:

Taskbar Display Controls - RunLDD deskcp16...
Scan Registry - C:/WINDOWS/scanregw.exe /autorun
TaskMonitor - C:/WINDOWS/taskmon.exe
SystemTray - SysTray.Exe
LoadPowerProfile - Rundll32.exe powrprof.dll
Alogserv - C:programFiles/McAfee/McAfee VirusScan
QuickTime Task - C:/WINDOWS/SYSTEM/SERVICES/{4A478...
LoadPowerProfile - Rundll32.exe powrprof.dll, LoadCUrrentPwrScheme
SchedulingAgent - mstask.exe
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #8 ·
I did a scan with each today and nothing came up. AVG is just a free version I downloaded a couple weeks ago and Mcaffee may be horribly outdated however.
 

·
Retired Moderator
Joined
·
14,171 Posts
Uninstall McAfee, having two anti-virus programs running simultaneously can lead to conflicts.

To rule out any remnants of viruses, go back into the System Configuration Utility and place a checkmark in all the entries
or click on Normal Startup on the General tab to: Load all device drivers and services.
Apply, OK, to save and close.
Reboot for the changes to take effect.

If you do not already have it, download HijackThis (ver 1.99)

Install HijackThis to a FOLDER on your C or main harddrive, do NOT install HijackThis to a temporary directory.
This will allow HijackThis to properly create backup files.

Start HijackThis
click on Do a system scan and save a logfile.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Close HijackThis and post your complete logfile here and one of our security experts will take a look at it.
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #10 ·
I sent the log as an attachment because I can't open simple programs such as notepad to copy and paste it, but I can still use the internet sometimes. Hopefully what I uploaded there is useful to you.
 

Attachments

·
Retired Moderator
Joined
·
14,171 Posts
Posting your log to make it easier to read.
Is this with all the processes checked in the System Configuration Utility?

Logfile of HijackThis v1.99.0
Scan saved at 11:44:37 PM, on 2/8/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.59.13.98:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\SERVICES\{4A4781A0-6B56-11D9-8303-0080C6FD2BC7}\SVCHOST.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.1\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Shaw Help - {E9777C40-6743-11D6-8302-8473B20EC563} - http://support.shaw.home.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: (HKLM)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
O21 - SSODL: OLE Module - {0211C4D9-BC71-8916-38AD-9DEA5D213614} - C:\WINDOWS\SYSTEM\chupv.dll
 

·
Retired Moderator
Joined
·
14,171 Posts
Get rid of KAZAA it allows files that could be infected into your system.
Uninstall it.

Have you disabled McAfee? It is still showing in your HijackThis log.
It would be better if you also uninstalled McAfee.

Run an online Anti-Virus scan from at least one and preferably 2 of the following sites
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://security.symantec.com/default.asp?
http://www.ravantivirus.com/scan/
Allow them to clean/delete any spyware/malware or viruses/trojans they may find.
Make a note of any files flagged that were unable to be cleaned or deleted.

Then rescan with HijackThis and post a new log.
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #14 ·
I tried removing McAfee in Add/Remove Programs since I couldn't find an actual uninstall file, but I guess I'll keep trying ways to remove it if that didn't do it. The Kazaa program has been gone for probably years, but I guess there's still files of these programs floating around which I'll have to find some way to get rid of. I'll try those anti-virus sites in a moment, although I remember the panda one stalls while scanning.

Still, thanks a lot for the help and I'll get back to you.
 

·
Retired Moderator
Joined
·
14,171 Posts
For McAfee, look in your Programs menu to see if Uninstall is an option.

For Kazaa, look in Windows Explorer using this path:
C:\PROGRAM FILES\KAZAA
and delete the Kazaa folder.

Also, delete your Temporary Internet Files.
Start > Settings > Control Panel > Internet Options > General tab.
 

·
Registered
Joined
·
9 Posts
Discussion Starter · #16 ·
I'm not sure why Kazaa is an option in startup, as I don't have any Kazaa files or folders when I search, the same with Mcafee. When I rebooted recently AVG found some more trojans which I deleted. I ran the ravantivirus scan which autocleaned 3 infected items, and the symantec scan came up with the following as either being adware or trojans if you're interested.

C:/msload.exe
C:/ProgramFiles/TopConverting/arkanoid/arkanoid.exe
C:/WINDOWS/loadnew.exe
C:/WINDOWS/mstasks1.exe
C:/WINDOWS/IEMenu Extension.exe
C:/WINDOWS/TEMP/HBINST.EXE
C:/WINDOWS/TEMP/diaE3B5.exe
C:/WINDOWS/TEMP/saveisntwm.exe
C:/WINDOWS/TEMP/iD2233.TMP
C:/WINDOWS/SYSTEM/FOFTW.dll
C:/WINDOWS/SYSTEM/chup.dll

My computer froze as per usual before I could do anything about them. Would just deleting these files help? I'll see if I can post a HijacklogThis log in a moment.

Logfile of HijackThis v1.99.0
Scan saved at 2:13:27 AM, on 2/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MTS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.59.13.98:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Shaw Help - {E9777C40-6743-11D6-8302-8473B20EC563} - http://support.shaw.home.com (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: (HKLM)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
O21 - SSODL: OLE Module - {0211C4D9-BC71-8916-38AD-9DEA5D213614} - C:\WINDOWS\SYSTEM\chupv.dll
 

·
Retired Moderator
Joined
·
14,171 Posts
Hi Dziga

I recommend you finish your HijackThis log diagnosis and Fix at your original thread.
This will keep your history and information in one place for you.
This will help those who are helping you.
http://forums.net-integration.net/index.php?showtopic=27297&hl=

Let them know about the files the symantec scan pointed out.

Stick with it, and bump your thread if a day or two elapses.

Do let us know what happens.

Be sure to read this at their forum.
So how did I get infected in the first place?
http://forums.net-integration.net/index.php?showtopic=3051
 

·
Retired Moderator
Joined
·
14,171 Posts
You are most welcome and Thank You for the feedback.

Remember to post a new HijackThis Log for them at your other thread, and let them know how well your computer is running.;)
 
1 - 19 of 19 Posts
Status
Not open for further replies.
Top