# [Resolved] Illegal operation shutdown



## stesta (Feb 8, 2003)

I hope someone can help. I have a message that keep popping up that says , This program has performed an illegal operation and will be shutdown. Then I have to start all over again. I have cleared my history, cookies and temp internet files. I also have removed all games and useless programs, but I still get the message If anyone has any ideas I would really appreciate it. Someone told me I had a program that wasn't reacting well with something else, but I am really computer illeterate.
Thanx,
Stesta ( Novice )


----------



## Del (Aug 31, 2001)

What program is it? Do you see a details button to get more information??


----------



## stesta (Feb 8, 2003)

It does have details when it pops up again I will let you know what it says. 
Thanx!!!!!


----------



## stesta (Feb 8, 2003)

It did it again, I clicked on details and it said, Explorer caused invalid page fault in module <unknown>. Does that help any.
thanks again


----------



## steamwiz (Oct 4, 2002)

Hi stesta

We really need the * Full* and *Exact* error message (what module does it refer to)

If you post your startup list we may be able to spot something

Please post your startup list by doing the following :-

Please go here and download startuplist 1.51 :-

http://www.lurkhere.com/~nicefiles/

Download to any folder or your desktop 
Unzip the zipfile 
Double click the exe file 
go to Edit - select all - copy - and paste the results in a new post here

steam


----------



## stesta (Feb 8, 2003)

See if this is what you need.


----------



## stesta (Feb 8, 2003)

I can't seem to get the start up list to you. Sorry. I will try to get all of the error message the next time it pops up.


----------



## steamwiz (Oct 4, 2002)

Hi stesta

At what point are you stuck with the startup list

Have you Downloaded the file to any folder or your desktop ?

Have you unzipped the zipfile ?

Have you double clicked the .exe file ?

Do you you then have a text file ?

steam


----------



## stesta (Feb 8, 2003)

I have the zip file icon on my desktop, but i don't know how to transfer it to this forum. I can view the text in the file. Sorry to be so difficult, but like i said i'm truly a newbe.


----------



## Del (Aug 31, 2001)

Click edit and select all, then edit again and copy.
Then put the mouse cursor into the text box here and right click and select paste.


----------



## stesta (Feb 8, 2003)

StartupList report, 2/8/03, 3:39:04 PM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\HPHMON03.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCREDIMAIL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPHIPM09.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\POWERARCHIVER\POWERARC.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb04.exe
HPHmon03 = C:\WINDOWS\SYSTEM\HPHMON03.EXE
CXMon = "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncrediMail.exe /c
wcmdmgr = C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
LoadQM = loadqm.exe
WhenUSave = C:\PROGRA~1\SAVE\Save.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Desktop Weather = C:\PROGRAM FILES\THE WEATHER CHANNEL\THE WEATHER CHANNEL.exe
Lost Beachs screen saver = "C:\Program Files\Lost Beachs\screen saver\TaskTray.exe"
eZmmod = C:\PROGRA~1\ezula\mmod.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 7/2/2003, 15:39:20)

[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\SYSTEM\SHOWBARBHO.DLL - {80841D20-757E-4A6B-9934-2B3CB9AE83CB}

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[WTHoster Class]
InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WTHOSTCTL.DLL
CODEBASE = http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MetaStreamCtl Class]
InProcServer32 = C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\AXMETASTREAM.DLL
CODEBASE = https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37599.7190625

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab

--------------------------------------------------
End of report, 5,273 bytes
Report generated in 0.122 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

See if this is it.


----------



## steamwiz (Oct 4, 2002)

Hi stesta

Go to start\settings\control panel - click add\remove programs and uninstall *Save (also known as WhenuSave and SaveNow)*

Then Please Download and install SpyBot,

http://www.lurkhere.com/~nicefiles/

click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' . 
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

you may have to run spybot more than once to clear everything

Remove everything pre-ticked in Red

Then please post another startup list

steam


----------



## stesta (Feb 8, 2003)

StartupList report, 2/8/03, 4:23:03 PM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\HPHMON03.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCREDIMAIL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\POWERARCHIVER\POWERARC.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb04.exe
HPHmon03 = C:\WINDOWS\SYSTEM\HPHMON03.EXE
CXMon = "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncrediMail.exe /c
LoadQM = loadqm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Desktop Weather = C:\PROGRAM FILES\THE WEATHER CHANNEL\THE WEATHER CHANNEL.exe
Lost Beachs screen saver = "C:\Program Files\Lost Beachs\screen saver\TaskTray.exe"

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 7/2/2003, 15:39:20)

[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\SYSTEM\SHOWBARBHO.DLL - {80841D20-757E-4A6B-9934-2B3CB9AE83CB}

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[WTHoster Class]
InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WTHOSTCTL.DLL
CODEBASE = http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MetaStreamCtl Class]
InProcServer32 = C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\AXMETASTREAM.DLL
CODEBASE = https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37599.7190625

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab

--------------------------------------------------
End of report, 4,957 bytes
Report generated in 0.906 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Ok, here it is. thanks


----------



## steamwiz (Oct 4, 2002)

Your startup looks a lot cleaner now

Do you know what this is *SHOWBARBHO.DLL * it is shown as a BHO (Browser Helper Object) but I can find no information on it.

You do not appear to have any anti-virus software or a firewall - you should have both

A very good *free* anti virus is AVG

and a good *free* firewall is Zonealarm

steam


----------



## stesta (Feb 8, 2003)

I have no idea what that is. If you will tell me how to get rid of it. I will load the firewall and the anti virus. Thanks ALOT for your help.
Stesta


----------



## steamwiz (Oct 4, 2002)

Hi stesta

Download hijackthis

http://www.spywareinfo.com/downloads.php#det

Unzip, doubleclick HijackThis.exe, and hit "Scan".

After the scan has finished the "scan" button will turn into a "save log" button

save the log file and paste it here

steam


----------



## TonyKlein (Aug 26, 2001)

Also, this Showbarbho.dll is an all new one, and I'd like to have a look at it for analysis.

Would you mind going to your C:\Windows\System directory, find the file, and send it to me as an attachment, please?
I'll PM you with my e-mail addie.

If the file turns out to belong to an all new baddie, copies will go to the folks at Lavasoft, SpyBot, and others.
We're always on the lookout for possible new spyware.

Thanks heaps!


----------



## stesta (Feb 8, 2003)

I found the file in the system folder. How do I send it to you? You have to remember I'm new at this stuff.


----------



## TonyKlein (Aug 26, 2001)

Just create a new e-mail message to the email addie I sent you in the Private Message.

Press the Paperclip Icon on the menu bar to open the "Attach item" dialog box.

Navigate to the file in C:\Windows\System in that dialog box, hightlight it, and press "attach".

Send the e-mail message.

Usual practice is to "zip up" such a file with WinZip first, instead of sending it as it is, but it may well work just like I explained as well.


----------



## stesta (Feb 8, 2003)

I am still getting the same message. I have loaded the firewall,but the avg program is giving me a little trouble it keeps telling me incorrect password, but i will keep trying. 
Thanks again for your help.
Stesta


----------



## steamwiz (Oct 4, 2002)

Hi stesta

Still waiting for the * Full* and *Exact* error message (what module does it refer to)

Also what *exactly * are you doing when the error message pops up ?

Did you send the BHO to Tony ?

steam


----------



## TonyKlein (Aug 26, 2001)

Stesta,

Thanks for the file! 

About your startups, you'd benefit by disabling some more stuff there, thus also limiting the number of running applications that could be causing the error.

Go to Start > Run > Msconfig, and uncheck ALL of the following on the Startup tab:

Office Startup
Microsoft Find Fast
HPDJ Taskbar Utility
HPHmon03
CXMon 
Share-to-Web Namespace Daemon
LoadQM 
Lost Beachs screen saver


Click OK, close Msconfig, and reboot.

None of them are actually required for the software to run.


----------



## TonyKlein (Aug 26, 2001)

And, I'd almost forget, please do this:

Download BHODemon, launch the program, and locate Showbarbho.dll

Highlight it, click 'details', and in "Select Status" click *disabled*

Click OK, and close the program


----------



## stesta (Feb 8, 2003)

OK,
I have disabled the other items, and also have also disabled the showbarb. Steam it does it all the time while surfing the internet, it has also done it while I was creating E-Mail. When it comes up again I will try to see what module.
Thanks again for all of the help.


----------



## TonyKlein (Aug 26, 2001)

Could it be your Incredimail program?

If the error message comes up once again, that would be the next item to shut down and test.


----------



## stesta (Feb 8, 2003)

I have had incredimail for a long time. The error message just started last week. Could something in the incredi mail have changed to start causing the error.


----------



## TonyKlein (Aug 26, 2001)

Hard to say.

That's why we're using a process of elimination in order to try and pinpoint the culprit.


----------



## stesta (Feb 8, 2003)

I just wanted to thank you,
I have been online all morning, and no error message. I hope we've fixed the problem. I couldn't have done it without your help.
Thanks Again,
Stesta


----------



## steamwiz (Oct 4, 2002)

stesta








you're welcome from *Steam*


----------



## TonyKlein (Aug 26, 2001)

Glad to hear that appears to have dome the trick!


----------

