# [Resolved] Explorer Illegal Operation when opening control panel



## Rafis69 (May 2, 2002)

I receive this message: Explorer, This program has perform an illegal operation.
and then this: EXPLORER caused an invalid page fault in
module KERNEL32.DLL at 0167:bff9db61. 
Any suggestion would be great. Thanks .


----------



## Ratboy (Feb 12, 1999)

Rafis69,

See if either of these help:

Invalid Page Fault Opening Control Panel (Win 95/98)

Error Message When You Open Control Panel (Win ME)


----------



## Rollin' Rog (Dec 9, 2000)

The most common cause of Control panel errors like that is a corrupt .cpl file (control panel extension).

The task is to do a File search for all *.cpl files and double click each to see if it opens or errs. When you find the one that causes an error, then you either need to delete that or reinstall the associated program if it is still required.

http://support.microsoft.com/defaul...port/kb/articles/Q299/9/23.ASP&NoWebContent=1

Some problems can also be caused by 'malware' installations. If you want to post a copy of the HijackThis scanlog, we can have a look for any issues there.

http://www.tomcoyote.org/hjt/

Sheeesh, MS actually has 3 different articles for troubleshooting this ... but basically they all say the same thing


----------



## Rafis69 (May 2, 2002)

i found a file that did not want to open: VIPERSTI.CPL i deleted but still i get the same error. anyways here is the log file:
Logfile of HijackThis v1.94.0
Scan saved at 11:03:35 PM, on 6/13/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://66.40.21.68/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.xupiter.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://66.40.21.68/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.nba.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.martfinder.com/crindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://66.40.21.68/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.martfinder.com/crindex.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.wflu.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.wflu.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.martfinder.com/crindex.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.xupiter.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.ezcybersearch.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\UPDATES\XTSEARCH.DLL (file missing)
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.nba.com"); (C:\Program Files\Netscape\Users\kdogg\prefs.js)
O1 - Hosts: 66.40.21.73 auto.search.msn.com
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRAM FILES\GOZILLA\GOIEHLP.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_50.dll
O2 - BHO: (no name) - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\WINDOWS\APPLICATION DATA\EEALYPRDCHBR.DLL
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\UPDATES\XTUPDATE.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\WINDOWS\APPLICATION DATA\EEALYPRDCHBR.DLL
O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\PROGRAM FILES\XUPITER\UPDATES\XUPITERTOOLBAR.DLL (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0a\aoltray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: xxx (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://download.yahoo.com/dl/toolbar/yiebio2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4B48560-123D-11d3-A73F-0060083E64FF} (Communities.com TPV Support) - http://www.thepalace.com/TPV/CC_SUPPORT.cab
O16 - DPF: {8869786C-8E72-45DC-911D-AB3416AC1DF1} - http://www6.buttonware.net/canary.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://64.157.10.150/diallerfiles/027916.exe
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.homepagez.com/hiimjanice/live_webcams.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.factoriasexual.com/criss.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.dldepot.com/FULL_XXX_MOVIES.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://ams-download.nocreditcard.com/download/newdial-erp/1498/dialer.exe
O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} - http://www.mtreexxx.net/cpd/cab/?wmid=403370&args=1+302993+the+cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/action/NSupd9x.cab
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/VLoading.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {BA4A5EB0-D55E-483D-95B1-E4FAB78AE5D1} (XEng031.XEng031Ctl) - http://www.cutygirls.net/pink/031/XEng031.CAB
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://usa-download.nocreditcard.com/download/Object/ieaccess2.cab
O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search2/install/XupiterToolbarLoader.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.exe
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.stardialer.de/install/StarInstall.ocx
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://directplugin.com/dialers/109399.exe
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: Yahoo! Chat (YInstStarter Class) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab


----------



## Rafis69 (May 2, 2002)

By the way, after i click the exit button on the error message i'm able to acces everything in the control panel but like if i'm on the internet using IE, the pages would close and i get a message on the desktop that says restore your active settings or something like that. the i hit the button and everything is back to normal.Anyways i thought that you might also want to take alook at the start up list:StartupList report, 6/13/03, 11:19:28 PM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\HIJACKTHIS.ZIP\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.50 SP1 (5.50.4522.1800)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\AMERICA ONLINE 6.0A\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.ZIP\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
America Online 6.0 Tray Icon.lnk = C:\America Online 6.0a\aoltray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 4/1/2003, 9:55:48)

[rename]
NUL=c:\PROGRA~1\DIVX\DIVXPR~1\GAIN_T~2.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\essolo.com

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\GOZILLA\GOIEHLP.DLL - {CD4C3CF0-4B15-11D1-ABED-709549C10000}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\NewDotNet\newdotnet4_50.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL - {13F537F0-AF09-11d6-9029-0002B31F9E59}
(no name) - C:\WINDOWS\APPLICATION DATA\EEALYPRDCHBR.DLL - {D44B5436-B3E4-4595-B0E9-106690E70A58}
(no name) - C:\PROGRAM FILES\XUPITER\UPDATES\XTUPDATE.DLL (file missing) - {2662BDD7-05D6-408F-B241-FF98FACE6054}

--------------------------------------------------

Enumerating Task Scheduler jobs:

ScanDisk.job
Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-Disk cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[&Yahoo! Companion]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
CODEBASE = http://download.yahoo.com/dl/toolbar/yiebio2.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{E4B48560-123D-11d3-A73F-0060083E64FF}]
CODEBASE = http://www.thepalace.com/TPV/CC_SUPPORT.cab
OSD = C:\WINDOWS\Downloaded Program Files\Communities.com TPV Support.OSD

[{8869786C-8E72-45DC-911D-AB3416AC1DF1}]
CODEBASE = http://www6.buttonware.net/canary.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 8\DOWNLOAD.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{A45F39DC-3608-4237-8F0E-139F1BC49464}]
CODEBASE = http://64.157.10.150/diallerfiles/027916.exe

[{2C38A62E-D257-40E8-8BB7-5624E38FEB0A}]
CODEBASE = http://www.homepagez.com/hiimjanice/live_webcams.exe

[{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]
CODEBASE = http://www.factoriasexual.com/criss.cab

[{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}]
CODEBASE = http://www.dldepot.com/FULL_XXX_MOVIES.exe

[{11111111-1111-1111-1111-111111111111}]
CODEBASE = http://ams-download.nocreditcard.com/download/newdial-erp/1498/dialer.exe

[{C3FDA8CE-9414-4E33-AC6B-4922922259A5}]
CODEBASE = http://www.mtreexxx.net/cpd/cab/?wmid=403370&args=1+302993+the+cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[NSUpdateLiteCtrl Class]
InProcServer32 = C:\WINDOWS\SYSTEM\NSUPDATE.DLL
CODEBASE = http://204.177.92.201/quickdl/action/NSupd9x.cab

[Download Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\VLOADING.DLL
CODEBASE = http://www.0190-dialer.com/VLoading.cab

[{A1DC3241-B122-195F-B21A-000000000000}]
CODEBASE = http://pluginaccess.com/Browser_Plugin.cab

[XEng031.XEng031Ctl]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\XENG031.OCX
CODEBASE = http://www.cutygirls.net/pink/031/XEng031.CAB

[IEDial Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IEACCESS2.DLL
CODEBASE = http://usa-download.nocreditcard.com/download/Object/ieaccess2.cab

[{A27CFCAE-9351-4D74-BFFC-21EB19693D8C}]
CODEBASE = http://www.xupiter.com/search2/install/XupiterToolbarLoader.cab

[loader Class]
InProcServer32 = C:\WINDOWS\SYSTEM\COMLOAD.DLL
CODEBASE = http://dload.ipbill.com/del/loader.exe

[StarInstall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\STARIN~1.OCX
CODEBASE = http://www.stardialer.de/install/StarInstall.ocx

[{50A28604-52F2-11D6-8F0F-5254AB11D5C2}]
CODEBASE = http://directplugin.com/dialers/109399.exe

[Video Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\VIDEOX.DLL
CODEBASE = http://streamp.babenet.com/cabs/videox.cab

[IBM Access Support]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IBMEGATH.DLL
CODEBASE = https://www-3.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #2: C:\Program Files\NewDotNet\newdotnet4_50.dll
Protocol #1: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL
Protocol #2: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL
Protocol #9: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL
Protocol #10: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,617 bytes
Report generated in 0.170 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## putasolution (Mar 20, 2003)

VIPERSTI.CPL was your scanner cpl applet 

You appear to have gathered quite a bit of spyware

Xupiter and New.net stand out

Download and run spybot
Click *Check for Problems*
When done click *Fix Selected problems*


----------



## Rollin' Rog (Dec 9, 2000)

Wow, no wonder you're having problems. You have quite a list of spy, ad and malware lurking there.

The first thing I'd do is install and update Spybot following the directions here:

http://tomcoyote.org/SPYBOT/

Hold off on running it until completing the following:

Close Internet Explorer and using the HijackThis ScanLog, check and "fix selected" the following items:

*R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://66.40.21.68/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.xupiter.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://66.40.21.68/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.martfinder.com/crindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://66.40.21.68/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.martfinder.com/crindex.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.wflu.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.wflu.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.martfinder.com/crindex.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.xupiter.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.ezcybersearch.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\UPDATES\XTSEARCH.DLL (file missing)

O1 - Hosts: 66.40.21.73 auto.search.msn.com
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRAM FILES\GOZILLA\GOIEHLP.DLL
O2 - BHO: (no name) - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\WINDOWS\APPLICATION DATA\EEALYPRDCHBR.DLL
O2 - BHO: (no name) - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\UPDATES\XTUPDATE.DLL (file missing)

O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://64.157.10.150/diallerfiles/027916.exe
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.homepagez.com/hiimjanice/live_webcams.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.factoriasexual.com/criss.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.dldepot.com/FULL_XXX_MOVIES.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://ams-download.nocreditcard.co...1498/dialer.exe
O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5} - http://www.mtreexxx.net/cpd/cab/?wm...+302993+the+cab
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/VLoading.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {BA4A5EB0-D55E-483D-95B1-E4FAB78AE5D1} (XEng031.XEng031Ctl) - http://www.cutygirls.net/pink/031/XEng031.CAB
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://usa-download.nocreditcard.co...t/ieaccess2.cab
O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search2/inst...olbarLoader.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - http://dload.ipbill.com/del/loader.exe
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.stardialer.de/install/StarInstall.ocx
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://directplugin.com/dialers/109399.exe
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab*
==========================

Be sure not to miss any. Then go to Add/Remove Programs and remove:

*New.net*

and reboot.

After that, run Spybot and have it fix/remove all entries it targets. Reboot afterwards and post another copy of the HijackThis ScanLog.


----------



## Rafis69 (May 2, 2002)

Thanks for helping. I did everything as you said but i'm still getting the error message. here is the new log file:Logfile of HijackThis v1.94.0
Scan saved at 8:31:34 AM, on 6/14/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.nba.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=139.91.254.18:8080
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=c:\windows\SYSTEM\blank.htm
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.nba.com"); (C:\Program Files\Netscape\Users\kdogg\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: (no name) - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0a\aoltray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: xxx (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://download.yahoo.com/dl/toolbar/yiebio2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4B48560-123D-11d3-A73F-0060083E64FF} (Communities.com TPV Support) - http://www.thepalace.com/TPV/CC_SUPPORT.cab
O16 - DPF: {8869786C-8E72-45DC-911D-AB3416AC1DF1} - http://www6.buttonware.net/canary.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: Yahoo! Chat (YInstStarter Class) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab


----------



## Rollin' Rog (Dec 9, 2000)

Try testing the issue in Safe Mode; if it still occurs there, we can rule out software conflicts. I'm surprised the clean-up did not fix this, as I've seen the problem before with xupiter installs, which you had.

If it still occurs in Safe Mode, try going through the .cpl files again, perhaps you missed one. Did you continue testing after you found the first one? Also try "Method 2" in this link (find and rename *control.ini*) http://support.microsoft.com/defaul...port/kb/articles/Q299/9/23.ASP&NoWebContent=1

To start in Safe Mode, press and hold the ctrl key as soon as the computer begins booting. You should get a numbered startup menu with Safe Mode as an option.

If the error does not occur in Safe Mode, then you need to run *msconfig* and do some 'clean-boot' troubleshooting.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q267288


----------



## Rafis69 (May 2, 2002)

Thanks Rollin' Rog for your help. i changed the file to Control.ini to .old and the error message doesnt pop up anymore unless i change it back to .ini so i suppose i leave it at .old right?


----------



## Rollin' Rog (Dec 9, 2000)

That should be fine, at least its consistent with the MS articles suggestion. I believe the file is like autoexec.bat and config.sys, not really required and just used for some backward compatibility cases.

You may find some icons in the Control Panel that weren't there previously, for which you have no devices (such as joystick), these are kept from loading by entries under the

[don't load]

header. The contents can be viewed by opening it in Notepad, it will usually do so automatically if you just "run" it

You could, if you want, rebuild the file by re- creating the entries in Notepad and saving the file as control.ini -- but if there are presently invalid entries in it, you would have to isolate and eliminate those.


----------

