# Iexplore Not Responding



## GOOF (Feb 4, 2007)

I have been having several issues with my computer lately. System performs was running low so I added memory. This did not seem to change the system performance. When the memory was first installed IE ran fine. 
Now when I launch internet explorer it takes forever to load. If I check it in task manager it shows as not responding. It will eventually load and works ok once it is up. If I try to open a link that opens a new window the same thing happens.
Email is also slow to load (outlook express). The program will open quickly without messages & then finally loads them. On occasion my tab key will change function and when pressed opens & closes windows rather than performing a tab function. 
This is probably more than you need to know, but wanted to give as much info as possible. I am running windows ME.
Any help would be greatly appreciated.

After I posted this I ran ad-aware, Spybot & ActiveScan.

IE seems to be a bit better but I figured I would post the ActiveScan & hijack this for input.
Thanks for your help.

ActiveScan Results:

Incident Status Location

Adware:adware/windowenhancer Not disinfected c:\windows\system\SBUtils  
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\hp authorized [email protected][1].txt 
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Cookies\hp authorized [email protected][1].txt 
Spyware:Cookie/Searchportal Not disinfected C:\WINDOWS\Cookies\hp authorized [email protected][1].txt 
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\hp authorized [email protected][2].txt 
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\hp authorized [email protected][1].txt 
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\hp authorized [email protected][1].txt 
Adware:Adware/WindowEnhancer Not disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll 
Virus:Trj/Clicker.WX Disinfected C:\WINDOWS\115252174116.exe 
Virus:Trj/Clicker.WX Disinfected C:\WINDOWS\winsys.exe 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\HP\bin\KillIt.exe 
Hacktool:HackTool/ProcLog.A Not disinfected C:\HP\bin\ProcessLogger.exe 
Virus:Trj/Reboot.F  Disinfected C:\HP\bin\Rebooter.exe 
HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:43:42 PM, on 2/4/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\MCAFEE.COM\MPS\MSCIFAPP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
C:\PROGRAM FILES\CANON\MULTIPASS\MONITR32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\UPS\UOWS\MESSAGES\WSDMESSAGING.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us2.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us2.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us2.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us2.hpwis.com
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - C:\PROGRAM FILES\MCAFEE.COM\MPS\MCBRHLPR.DLL
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - C:\PROGRAM FILES\MCAFEE.COM\MPS\POPUPKILLER.DLL
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPSExe] C:\PROGRA~1\MCAFEE.COM\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKLM\..\Run: [MSKServerExe] C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKDETCT.EXE /startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - Startup: Canon MultiPASS Server.lnk = C:\Program Files\Canon\MultiPASS\monitr32.exe
O4 - Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\UOWS\Messages\WSDMessaging.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab


----------



## Cheeseball81 (Mar 3, 2004)

Please *download* the *Killbox by Option^Explicit*.

*Note*:* In the event you already have Killbox, this is a new version that I need you to download*.

 *Save* it to your *desktop*.
 Please double-click *Killbox.exe* to run it.
 Select:
*Delete on Reboot*
 then *Click* on the *All Files* button.

Please *copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\WINDOWS\115252174116.exe 
C:\WINDOWS\winsys.exe *

 Return to Killbox, go to the *File* menu, and choose *Paste from Clipboard*.

Click the red-and-white *Delete File* button. Click *Yes* at the Delete on Reboot prompt. Click *OK* at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

_*If your computer does not restart automatically, please restart it manually*_.

_If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again._


----------



## cwolfe98 (Jul 12, 2001)

I am having the 100% exact same issues with IE & OE. I have not noticed the TAB key changing functions or anything like that. 

I am running Win XP sp2 & IE 7 ...... just wanted to be sure KillBox is ok with XP before I download & run it.

Thanks


----------



## GOOF (Feb 4, 2007)

Cheesball,
Thank you for your response. I downloaded killbox & tried to cut and paste the copied files. When I copy the files & use "paste from clipboard" nothing pastes. I tried control c as well as right click & copy.
If I right click to paste it only places one of the files in the box. Also, in the lower right corner of killbox (under single file/all file button) there are several files listed. Is this right? Why did you suggest deleating these files? I thought active scan took care of them.
Since running the other programs (spybot, ad-aware & active scan) IE is comming up a little better. I see that the files you spoke about were listed as viruses in active scan & disinfected, is this why the performace is better? 
System resourses continues to be a problem. As an example-On clean boot today system was at 77%. I now have email (outlook express) as well as IE open. System resource is now at 33%. I added 256mb of RAM to correct this with no change. Any ideas on this?
I appologise for the long post-Just tring to give you whatever info you might need & trying to understand what is going on. I really appreciate your help.


----------



## cwolfe98 (Jul 12, 2001)

Cheeseball,
I just wanted to be sure I can run KillBox with XP and if the same cut/paste file names apply?? C:\WINDOWS\115252174116.exe C:\WINDOWS\winsys.exe ?? I looked in C:\WINDOWS dir and did not see those in there, or is it something KillBox will create/need??
Thanks
CW


----------



## Cheeseball81 (Mar 3, 2004)

*GOOF*, please do this...

1. Please *download* *The Avenger* by Swandog46 to your *Desktop*.
Click on Avenger.zip to open the file
Extract *avenger.exe* to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (*Ctrl+C*):



> Files to delete:
> C:\WINDOWS\115252174116.exe
> C:\WINDOWS\winsys.exe


_*
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.*_

3. Now, *start The Avenger program* by clicking on its icon on your desktop.
 Under "*Script file to execute*" choose "*Input Script Manually*".
Now click on the *Magnifying Glass icon* which will open a new window titled "*View/edit script*" 
 Paste the text copied to clipboard into this window by pressing (*Ctrl+V*).
 Click *Done* 
 Now click on the *Green Light* to begin execution of the script 
 Answer "*Yes*" twice when prompted.
4. *The Avenger will automatically do the following*:
It will *Restart your computer*. ( In cases where the code to execute contains "*Drivers to Unload*", The Avenger will actually *restart your system twice.*) 
On reboot, it will briefly *open a black command window* on your desktop, this is normal.
After the restart, it *creates a log file* that should open with the results of Avengers actions. This log file will be located at *C:\avenger.txt*
 The Avenger will also have *backed up all the files, etc., that you asked it to delete*, and will have zipped them and moved the zip archives to *C:\avenger\backup.zip*.
5. Please *copy/paste* the content of *c:\avenger.txt* into your reply.

*cwolfe98*, if the same files are present on your system then yes.
But you may very well have a different infection.
You should make a new thread of your own in our Security forum.


----------



## GOOF (Feb 4, 2007)

Cheeseball,
I followed you steps & downloaded Avenger. When I tried to start avenger I recieved a fatal error: "unsupported version of windows! This progrom will run only on windows 2000 or XP". I clicked ok & then recieved "Error code: 0 could not log error aboprting now!". The computer is acting up today, slow in general and got a "blue screen" when running Spybot. I rebooted and then Spybot ran fine. System is still running slow. Any other ideas ideas?
Thanks again for your help.
Goof


----------



## Cheeseball81 (Mar 3, 2004)

Ack I forgot you were running ME.

How much memory does this system have?


----------



## GOOF (Feb 4, 2007)

Cheesball,
Good to catch you online. This system came with 128mb of Ram. I recently added 256mb which did not seem to help at all. As an example, It had 67% of resourses at startup before memory & system resouses at startup went to 69%. Not much improvement...


----------



## GOOF (Feb 4, 2007)

Cheeseball,
Oops, guess I should have used spellchecker on my last post...I forgot to mention to you. The % I gave you are with nothing open. Right now I have e-mail & Ie open & system resources are at 36%.
Also, MCaffee has been comming up with "PUP" errors the last couple of days. The files are as follows:

HP\internet\surfboard\killwind.exe
HP\bin\fondle\window.exe
HP\bin\killwind.exe
HP\bin\terminator.exe

It also has picked up things like prockill-t, hidewindow, prockill-term. I have not taken action on these files because I was not sure what they were especially with HP being in the filename. Some of them may have been removed with the scans with Adaware, Spybot & Activescan. I must confess that Mcaffe is currently expired and has not been updated.


----------



## GOOF (Feb 4, 2007)

Cheeseball,
A couple more questions for you. I am not the brightest bulb when it comes to computer issues. Can you tell me why, if active scan removed these viruses why do we still need to delete those files (C:\WINDOWS\115252174116.exe C:\WINDOWS\winsys.exe)? Are theey still lurking somewhere?
Also, what is the best way to delte the avenger program that you had me download?
Thanks again,
Goof


----------



## Cheeseball81 (Mar 3, 2004)

It disinfected them but I wanted to be sure they actually got removed too.

All of those HP tools get detected by AV programs mainly because they are applications that can terminate other applications. They are not viruses or anything. Just 'risk tools' but nothing to be concerned about. They were bundled with HP.


----------



## GOOF (Feb 4, 2007)

Cheesball,
Thanks for the info on the HP files. How do I remove Killbox & Avenger?

Next, Computer running slow again. I removed mcaffe & downloaded AVG. It found the following problems:

C:\Restore\Temp\A0130497.CPY
C:\Restore\Temp\a0130500.CPY

Both are listed as trojan horse clicker.EBL
AVG listed them as "infected"

AVG also found:
C\windows\svhost.dll 
AVG lists this as deleted

I am now lost. Where do I go from here?

Thanks for your help.
Goof


----------



## Cheeseball81 (Mar 3, 2004)

You can manually delete KillBox and Avenger.

Now turn off System Restore:

Click Start, Settings, and then click Control Panel.
Double-click the System icon. The System Properties dialog box appears.

NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.

Click the Performance tab, and then click File System.
Click the Troubleshooting tab, and then check Disable System Restore.
Click Apply then OK.
Click Yes, when you are prompted to restart Windows.

Once you have cleaned the virus or other problem from the computer, reenable System Restore by following these directions

To enable Windows Me System Restore: 

Click Start, point to Settings, and then click Control Panel.
Double-click System, and then click the Performance tab.
Click File System, and then click the Troubleshooting tab.
Uncheck Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.


----------



## GOOF (Feb 4, 2007)

Cheeseball,
Virus scan ran before I saw your post today. It found the same Trojan horse clicker, now there were 5 instead of the 2 it found yesterday. Windows\svhost.dll was also found. These are now in the "virus vault" of AVG.

I went ahead and turned off system restore & ran adaware, spybot, & AVG virus scan-these files did not show up this time. Maybe because they had been removed earlier? 

Anyway, system resourses is still a problem. 80-85% at startup. Drops to 48% with email & explorer open. Explorer slow but opens and is slow to run. Not sure what I should do now...

Thanks again,
Goof


----------



## Cheeseball81 (Mar 3, 2004)

Empty the AVG Virus Vault if you haven't already.

Did I ask how much memory this system has?


----------



## GOOF (Feb 4, 2007)

Cheeseball,
Ok. I will empty the vault. I did not want to do this until I was sure it was ok to do. As far as memory this system came with 128 mb. I recently added another 256mb thinking that this was why it was slow. I have not seen any change with the additional memory. The memory is recognized on the system performance tab.
Goof


----------



## Cheeseball81 (Mar 3, 2004)

There's definitely gotta be a program running that's eating the majority of your resources.


----------



## GOOF (Feb 4, 2007)

Cheeseball,

Keep in mind that I am not the brightest bulb with computer problems. How do I figure out what is running?

Goof


----------



## Cheeseball81 (Mar 3, 2004)

Bring up the Task Manager by pressing Ctrl+Alt+Del all at the same time. Just once, twice will make the computer restart.

This will show you all the items running on your computer.


----------



## GOOF (Feb 4, 2007)

Cheesball,
Thanks. Current preformance is at 45%. Here is what is running after a few hours running:
Internet explorer
backweb agent
inbox-outlook express
explorer
monitr32
Avgemc


----------



## GOOF (Feb 4, 2007)

oops hit the wrong button-I'll start over
Cheesball,
Thanks. Here is what I found. 

At Startup:-80%
explorer
monitr32
Avgemc 
avgcc
wsdmessaging
findfast
OSA
ststray
OSD

Connect to online-77%
Open outlook express-69%
Open Internet explorer-62%

This is what is running after a few hrs use-45%
Internet explorer
backweb agent
inbox-outlook express
explorer
monitr32
Avgemc 
msmsgs
avgcc
wsdmessaging
findfast
OSA
ststray
OSD

Is this enough to take it down that far? Any suggestions? Thanks again.
Goof


----------



## Cheeseball81 (Mar 3, 2004)

Have you ever used msconfig to disable programs at Startup?


----------



## GOOF (Feb 4, 2007)

Yes I have.


----------



## Cheeseball81 (Mar 3, 2004)

So you are familiar with how to disable some unnecessary ones from starting up when your computer turns on?


----------



## GOOF (Feb 4, 2007)

yes. I am just unsure what some of them are.


----------



## Cheeseball81 (Mar 3, 2004)

These are some excellent and informative sites.
They will tell you what the process is and if it needs to be running at Startup:

http://www.bleepingcomputer.com/startups/
http://www.processlibrary.com/directory/a/
http://www.3feetunder.com/krick/startup/list.html
http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM
http://www.sysinfo.org/startuplist.php?filter=&count=50&offset=0
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
http://www.windowsstartup.com/wso/search.php


----------



## GOOF (Feb 4, 2007)

Thanks I will check them out. Do you think that is what is causing the low system resources?


----------



## Cheeseball81 (Mar 3, 2004)

It's possible. This is quite common in operating systems 98 and ME.
A good explanation here: http://www.annoyances.org/exec/show/article07-104


----------



## GOOF (Feb 4, 2007)

Thanks again. I just ran a startup list from hijack this. The 1st entry on it is C:\WINDOWS\SYSTEM\KERNEL32.DLL I looked this up on one of the sites you gave me. This appears to be a virus of some sort. Is this correct?


----------



## GOOF (Feb 4, 2007)

Ok, now I'm real confused. In looking some of these up I may have other problems as well. I have something called systray in my task manager, I thought this was ok. When looking this up on Bleeping computer it appears that this could have been added by the flood.av trojan and is is not the legitimate SysTray.exe?

In looking at msconfig, I am familiar with the start up tab only. It appears that there are things running from the other tabs as well?

There are 3 pages of things listed on the basic startup list from Hijackthis and I can't find most of them in the msconfig. Should I maybe start a new thread looking for help with startup? 

I am sorry to be such a pain in the rear. I am just not sure what I am doing with this.


----------



## Cheeseball81 (Mar 3, 2004)

You have the legit Systray running.
Post a new log and I'll have a look at what can be trimmed down.


----------



## GOOF (Feb 4, 2007)

Cheeseball,
Today I received an error I have not seen before. Full Black Screen w/white box.

In the box: "Kernel32 caused s general protection fault in module USER.EXE at 0001:000004d2" Had to Alt/Ctl/Del to restart. Big Problem? Does this have to do with the file I questioned in my previous post?

Here is Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:49:26 PM, on 2/15/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CANON\MULTIPASS\MONITR32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\UPS\UOWS\MESSAGES\WSDMESSAGING.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\READER\ACRORD32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us2.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us2.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us2.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us2.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us2.hpwis.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - Startup: Canon MultiPASS Server.lnk = C:\Program Files\Canon\MultiPASS\monitr32.exe
O4 - Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\UOWS\Messages\WSDMessaging.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab


----------



## Cheeseball81 (Mar 3, 2004)

When does it occur? when you surf the web?


----------



## GOOF (Feb 4, 2007)

Cheeseball,
Yes. Internet explorer was running slow & then poof-black screen w/error. I also had outlook express open. Did you see anything in HijackThis log that is suspicious or that could be trimmed from startup?
Goof


----------



## Cheeseball81 (Mar 3, 2004)

Suspicious, no.

But these can be trimmed down:

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE


----------

