1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't Shutdown correctly due to Windows Explorer "Illegal Operation"

Discussion in 'Earlier Versions of Windows' started by aljohnson, Apr 15, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. aljohnson

    aljohnson Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    10
    I recently downloaded Spybot and Adware 6 to clean up a internet hijack I had. However, just when I thought I had my system cleaned up, I tried to restart my computer when I recieved an error saying Explorer would be shut down due to an illegal operation. The same error appears again when you hit close and after hitting close once again, it sits at the Windows is shutting down screen. Please, if anyone has any advice on what this problem could be, I would appreciate it. Any ideas would be helpfull. Thank you much.
     
  2. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    Please, state your operating system on the target computer.
     
  3. aljohnson

    aljohnson Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    10
    Sorry about that........I am on a Windows 98 OS. When I click the details portion of the error it mentions a page fault with Kernel32 (I think).

    In case it helps......this is my Hijack this file

    Logfile of HijackThis v1.97.7
    Scan saved at 12:00:37 PM, on 4/16/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\WINDOWS\SYSTEM\3CMLNKW.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
    C:\WINDOWS\SYSTEM\HPZIPM12.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\AUPDATE.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE
    C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [Installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O12 - Plugin for .wav: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
    O12 - Plugin for .mid: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFS.cab
    O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
     
  4. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    Can you boot to Safe Mode?

    (tap F8 five times per second during a restart; Choose option number three (3) in the Windows Startup dialog box using the arrow keys below the Delete key, and strike the Enter key; Click Ok when prompted).

    Your log clearly shows that AOL never told you 90% of all computing problems come from not having a firewall installed and you can't install one in Safe Mode that I know of. More to follow. What brand of computer are you using?

    AOL sux! :mad:
     
  5. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    Close your internet browser, all other programs, doing the below, restart your computer and then generate your Hijack This log.

    Clear your browser's Cache and key folders before you generate a HJT log:

    Click the Start button; Point to Control Panel, select Internet Options; In the box that opens, click the Clear History; Delete Cookies And Delete Files buttons (tick the box next to, 'Delete all off-line content', each in turn; In the box that opens after activating each button, click the OK button. Click OK to close the Internet Options window.

    Clear the contents of the c:\Windows\Cookies; Temporary Internet Files and Temp folders.


    ***

    You've got way too much running at Windows startup.

    Check your available resources by right-clicking My Computer; clicking Properties; Click the Performance tab. Resources available are displayed as percent there at top. Check it when you get done running the System Configuration Utility mentioned below.

    Click the Start button; Run; type 'msconfig', without the quotation marks, in the Run box and click OK; Then click the Startup tab; Uncheck anything you don't need running in the background. For reference on what's not needed running in the background in the System Configuration Utility, view this website first and print out the list:

    http://www2.whidbey.net/djdenham/Running_items.htm

    It's important that you print out the above mentioned list. The site provides a printer friendly link.

    In the System Configuration Utility (SCU), you can uncheck programs you suspect one at a time and restart your computer. If something doesn't work right, you can always go back into the SCU and re-check it and restart your computer via the Start button. The changes are completely reversible by re-checking an item in SCU or by selecting Normal Startup under the General tab in the SCU and all the programs listed run when Windows starts as it was before you started.

    ***

    You need to be running a firewall like free Sygate from http://download.com - type, sygate, in the Search box, you must be on-line to register Sygate, that is if you're not using a firewalled Router on a Network or, have another third-party firewall like Sygate installed, to protect you and the Internet community from hackers, spammers and terrorist from using your computer for their own illicit needs while you're on-line?


    ***

    Get, install, update and run free Ad-aware (and its HexDump plug-in) from http://www.lavasoftusa.com/software/adaware/

    First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

    Make sure the following settings are made and on -------ON=GREEN

    From main window :Click Start then Activate in-depth scan (recommended)

    Click Use Custom Scanning Options' then click Customize' and have these options selected: Under Drives and Folders put a check by Scan Within Archives and below that under Memory and Registry put a check by all the options there.

    Now click on the Tweak button in that same window. Under Scanning engine select: Unload recognized processes during scanning and under Cleaning Engine select: Let windows remove files in use at next reboot

    Click proceed to save your settings.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.


    ***

    You might post exactly what programs you have in the Add/Remove Programs Control Panel list box.

    ***

    Go to http://housecall.trendmicro.com or http://www.pandasoftware.com/activescan/com/activescan_principal.htm and click the Scan Now link to run a free on-line virus scan.

    ***

    What anti-virus are you using? If you're running Mcaffee or Norton anti-virus and have not recently paid for a one year subscription to download weekly new virus definitions, you might consider getting free AntiVir 6 from http://free-av.com - Uninstalling Mcaffee; Restarting your computer and installing free AntiVir Anti-virus 6.0. :)
     
  6. aljohnson

    aljohnson Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    10
    First to answer your questions:
    1) Yes I can boot in safe mode and have done so, same problem still occurs
    2) I am using a Dell PC
    3) I am currently running Norton Anti-virus 2004 which I constantly update and check my system every Friday.
    4) I performed the steps you suggested, with the exception of installing the firewall (I will do that as soon as I figure all this out :) I am sorry to say that I still have the same problem. The virus scan came up clean, the Adware program got rid of a few more problem files, and I am now running with 85% of my resources.
    5) I looked at all the programs in my Add/Remove Programs and nothing looked like it didn't belong. I have quite a few in there and it would take me awhile to type them all out, but I will if you think it would help
    6) Here is my latest Hijack This file:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:31:22 PM, on 4/16/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\MOUSE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
    C:\WINDOWS\SYSTEM\3CMLNKW.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O12 - Plugin for .wav: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
    O12 - Plugin for .mid: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
    O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

    My questions for you:

    1) I am thinking I should delete the following from the Hijack file, what do you think?

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - Default URLSearchHook is missing

    2) When I press control+alt+del to see what programs are running, explorer is not one of them and it is not present in the list in the SCU. I am pretty worried by this, is it a major problem?

    3) The exact error I get at shutdown/restart is an "illegal operation" and when I hit the details button I get that Explorer caused an invalid page fault in module Kernel32.DLL at 017f:bff87f00. (Not really a question just more details in case it helps.

    4) Every time while booting up now, I get the message "Wait while Setup updates your configuration files". Could the same problem be causing this?

    5) While clearing my cookies there was one file the system would not let me delete: index.txt. Should I go into safe mode and delete it?

    Once again, thank you for your help. I really appreciate it. Sorry for so many questions, this whole this just has me a little paniced :) Thanks again!!!!
     
  7. aljohnson

    aljohnson Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    10
    Sorry, one more quick thing. When in my SCU, I happened upon an entry Installer.exe. I am not sure what this is or what it does. Is it a virus? (I did uncheck it from the SCU)
     
  8. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    I see from your HJT log you might have two (2) anti-virus programs installed. If nothing else, this is causing or greatly contributing to your computing difficulties. Please, uninstall Mcafee immediately for no other reason than it's the worst and weakest AV program in the world, then restart your computer and get that firewall ASAP.

    Delete the stuff you mention that you see in your HJT log, from your computer. Plus this if Mcafee is not installed.

    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe



    Don't re-type your whole Add/Remove list.

    Leave Index.dat alone its normal and supposed to be there.

    you not seeing Explorer is not a problem.

    Booted to Safe Mode and run ScanDisk and Defrag lately?

    here's how to configure ScanDisk

    Data fragments, bad sectors and other disk anomalies accumulate with surprising speed. Run ScanDisk’s Standard Inspection once a week to correct these deficiencies before they become major problems. You’ll find it in Start/Programs/Accessories/System Tools. Occasionally run the Thorough Inspection to look for physical defects on the surface of the drive. ScanDisk will be able to repair many problems.

    Start ScanDisk (Start button; Programs; Acccessories; System Tools; ScanDisk); Check the Standard box; Check Automatically fix errors; click the Advanced button, the settings should be as follows - Display Summary - Always, Log File - Replace Log, Cross-Linked Files - Delete, Lost File Fragments - Free, Check Files For - check (Invalid File Names) should be checked.

    disable your screen saver before running either scandisk or defrag. (choose None)
     
  9. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    at worst, if you have a AOL install disk you might try uninstalling all AOHell stuff in Add/Remove Programs; restart your computer after each item, then re-install AOL.
     
  10. aljohnson

    aljohnson Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    10
    I tried running the defrag in safe mode and after running all night, it was still at 0% completed. I guess this means that it is not working? I haven't tried anything with AOL yet. Could I have deleted a file with Adware or Spybot that could be causing the shutdown problem? According to everything I run on my system, it says I am clean and I never had this shutdown problem before all this popup fix stuff.
     
  11. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    Are you using Mcafee Anti-virus? Get a free one, uninstall Mcaffee then install the free one, something is interfering with the defrag, it takes 1-2 hours tops. Disable your screen saver before running either scandisk or defrag. (choose None) You right-click Desktop; Point to Properties; Click the Screen saver tab; use the drop-down arrow and scroll bar under the Screen Saver Section to choose(click the word) None and click Apply; Click OK.
     
  12. aljohnson

    aljohnson Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    10
    I don't have McAffee, i have Norton Anit-virus 2004 (which I keep contantly updated). I did disable the screen saver the first time I did it and that is when it read 0%.

    Also, I encountered something else today. I got a message box saying that DPCPROXY "operation timed out" and when I hit OK, I get another box with the heading "version" with two option buttons: 1) TODO: Place 2)Cancel. I have no idea what this thing is? Could it be part of my problem?
     
  13. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
  14. aljohnson

    aljohnson Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    10
    I just thought of something else. When I was going through my system the other day, I removed iexplore from the Windows/System file because I thought it was a virus. I found out that it is a virus only in the System32 file. I did replace it from the recyle bin and it is back in the file, but do you think removing this could have caused any problem?
     
  15. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    I doubt removing then replacing that file caused the error.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/220759

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice