Alright, I'm pretty frustrated trying to snip at the edges of this problem; I'm obviously not having success, and I need to again pick the brains of the wonderful folks here at PCMech.

First, I should also note that I'm unsure if these are related problems or not, but I'll try to cover everything so there's no "oh, by the way...." posts. :P :)

This is my 450 MHz system--ancient, granted, but can't afford any upgrades right now. The other night at a LAN party, I installed a GeForce2 880 (I believe this is the model number) a friend gave me in place of my previous Voodoo3 3000. Although my problems started the same night I got the new video card, these problems started before I got the card---still, I wanted to mention it, on the off-chance it's affecting something.

This system runs Win98SE, and I use IE6.

I believe I was browsing the web at the time the problems started; I started getting redirected (via new IE windows) to multiple sites; I tried to quickly close them, but I guess I wasn't fast enough... since then, although fairly rarely, IE will suddenly open and load a website I'm not familiar with. It seems to be an ad, usually, but sometimes there's no site name (DNS address, if I have my terms correct?), just an IP address. Again, I try to close these as quickly as possible, but I honestly don't know if I've been fast enough, or if it even makes a difference anyway.

The two things that happen more often are these:

At startup, in addition to the normal stuff I've got running in the background (which I keep a watchful eye on thanks to MSCONFIG), there's RUNDLL32. I should note that RUNDLL is also there, but since I have what MSCONFIG calls "Taskbar Display Controls" (that is, I want to be able to adjust my moniter resolution from an icon in the taskbar), and because closing it in the "Close Programs" dialogue box doesn't seem to do anything, I don't think there's anything wrong with this. When IE suddenly comes up and loads a random site, it will have either RUNDLL32, WINHOST, or both. Shutting either down will immediately say the application has crashed, but for the time, removes them from the listed applications running in the background.

I've run Spybot S&D many times, and it finds stuff each time, but after telling it to remove the stuff, the problem still has not been alleviated. I've also run AVG, my anti-virus software, and while it did find a couple viruses, and I cleaned the infected files, the problem still exists. Both Spybot S&D and AVG have the most up-to-date spyware and virus definitions, respectively. MSCONFIG shows nothing (in the Startup tab, anyway) that would seem to cause this--it's listed for two instances of LoadPowerProfile and TweakUI, but since I have ACPI activated, and have installed TweakUI, I don't figure either is a problem...?

Anyway, the second strange symptom is that, when I shut down or restart, I get a message saying, "EXPLORER has caused an invalid page fault in module KERNEL32.DLL at 0167:bff87f00.", and then another saying the same thing, expect "at 0167:bff886e0." After closing both, Windows will then behave as though it has just finished loading; my atomic clock program, a shortcut to which is located in my Windows Startup Folder, suddenly comes up, and then Windows proceeds with the shutdown.

...I once tried hitting Ctrl+Alt+Del after getting these two IPF errors, and in the Close Programs dialogue box, in addition to just systray I think, there was an instance of RUNDLL32 and something called MMTASK. I honestly don't know enough about the shutdown sequence of Windows to know if RUNDLL32 or MMTASK should be present, but that's what I saw.

I've run numerous searches on the Microsoft and Symantec websites, and even PCMech's forums, for "RUNDLL32", "WINHOST", and I think Microsoft and Symantec's sites for "MMTASK" and not really come up with anything. Honestly, I don't know what else to do. Can anyone suggest anything? Have I missed something? Can anyone recommend any software---ideally free---that can solve my problem? I'd hate to have to reformat, but honestly, it's an easier option than having to pay for additional software at this point, unfortunately. Any ideas?

As an update, the "0167:...." alphanumeric sequences don't seem to be the same each time..... however, this time around, I also caught "WMIEXE" running in the background at startup, and am now catching two instances of RUNDLL32. It should be noted I'm getting into the Close Programs dialogue box sooner, so I dunno if that makes a difference? Anyway, yeah, any ideas?

For a complete tutorial on the whole startup/background jobs situation in Win9x, visit HERE (http://www.pacs-portal.co.uk/startup_index.htm)

HERE (http://http://www.answersthatwork.com/Task...es/tasklist.htm) is the link to another, similar site, over at AnswersThatWork. Their list concentrates on what you might find in the Task List at any time (not just at startup).

Between those two sites you have a good chance of identifying most processes.

Also, pac’s has THIS (http://www.sysinfo.org/startupinfo.php)

Do a "find" for each item and determine if you want it running. If undesired, from desktop hit start, run and type msconfig then select startup tab and uncheck the item if it appears. The program itself may also contain a box that says something like, "load at startup".

You'll want to keep Explorer and Systray. RNAAPP will load as part of the Net connection.

1. You have viruses and spyware. Go to http://housecall.trendmicro.com and get a free online scan. In addition to updating and running Spybot, install, update, and run Ad-Aware.

2. IE6 and Windows 98 is a 50-50 crapshoot. I recommend you revert back to IE 5.x, if you do an add/remove on IE6, choose the "restore previous configuration" option.

Thanks Kov-Ice, but, I am already familiar with MSCONFIG, and as I stated, doggedly watch what goes on in the background. Only the software I want is running, and I know what each is---except for the stuff that's been loading lately. And I can't really delete RUNDLL32, since it's a legitate (or, at least, is usually a legitimate) program that's part of windows. Anyway, that just seems like it's taking care of the symptoms, and not the problem---whatever software is calling RUNDLL32 to run.

Tried Housecall, GLC, but suddenly, my moniter flickered, and then acted as if video signal had died.... like, my moniter blinked, but faster then if the computer were just off. Restarted (this was just a moment ago), and am trying again---I do know it found 3 viruses, however. Will give Ad-Aware a try, but again, to restate what I said in the first post, Spybot S&D is up to date.

Thanks thus far, more as I progress!

Housecall found 0 viruses this time around (the 3 that were there before were just located in my browser cache, which I went ahead and cleared---sorry, forgot to mention that)... Currently running Spybot S&D---note that, each time, Spybot S&D finds stuff, but it doesn't seem to correlate to anything I've thus far found running in the background. Will run Ad-Aware next.

I should also note that I found programs installed that I didn't put there---Virtual Bouncer, AdDestroyer, Sqwire... at one point, an add-on browser bar appeared in Explorer (like something you might download from Yahoo or something)... So whatever the heck is going on in the background, I can't seem to track it, nor stop it.... and it seems pretty active in perpetuating itself. Any other suggestions? ....Unless Ad-Aware catches anything, or in removing the stuff Spybot S&D finds, I correct the problem, this may end up being a format, just so I can be SURE I've taken care of the problem... Further updates as I progress.

After running both Ad-Aware and Spybot S&D **several** times (note that I also made sure Ad-Aware was up to date before running), I think, if nothing else, I've slowed this problem down. I can't officially say, yet, that I've eliminated it, though. The last few times Windows has shut down, it's done so normally, although I still find one, or often two, copies of Rundll32 running in the background after starting up. As having multiple copies of an API, DLL, or EXE is a virus phenomenon I have previously experienced, I can only imagine this is what GLC meant by saying I have both a virus and spyware. Hopefully, I have eliminated the spyware; however, I've run both the Trend Micro House Call and my AVG, and neither sees a virus. So, I guess I'm again asking for some advice.... What could be going on here? Am I just being paranoid? ...or is there still maybe something going on here?

Chromwolf
you sound like a pretty diligent computer user, do you have a firewall installed? I believe it would help alleviate these problems for you in the future , sorry i can`t be of more help than that , you can go here for a free firewall that`s recomended by the folks here and me also , I have used it for several years and really like the way it keeps out the evildoers and "Spammites"
Dick


http://www.zonelabs.com/store/content/home.jsp

you're on the right track now by using BOTH spyware scanners, the antivirus, and go ahead with the Zonealarm firewall. Run both spyware and antivirus at least once a week.
Not too sure about this part, but i'm going to suggest it anyhow: Since you're doing LAN parties, that may be the source of some of your intrusions. Maybe let the rest of your group in on these free products. At the very least, run scans before and then after a party. If something pops up, then you know for sure

I actually don't really like ZoneAlarm... I ended up always having to allow the stuff I normally do anyway, and it always just seemed like I was prety much unprotected then. Course, I do have a router, which uses NAT technology for a sort of firewall, and that does cut down on stuff, but it just seems to me that to really be protected, I've got to disallow access to stuff I use a lot---IRC, FTP, as well as browsing, e-mail, and chat clients. I know that leaves me vulnerable, so i guess I'll just rely a bit more heavily on the dual-Spyware-detector setup and an AV program. ...I've pretty much heard that by running Ad-Aware and Spybot S&D, you catch "everything", for all intents and purposes.

As for compusport's suggestion, I guess the ironic thing about it is, even though I was at a LAN party, I think I was just browsing the web---meaning, I could have just as easily picked it up through normal browsing. I honestly don't remember what sites I went to, since I never thought I'd run into problems (naturally); not sure I wanna go digging through my history to find out which site this came from, though. :P :)

Things seem to have quieted down, thanks greatly to Ad-Aware (Spybot was handy, but didn't seem to alleviate the problem much). Thanks to all who have posted in this thread, it's all been very helpful!