Annoying Windows Explorer Message!

Hi blueyes, getting a quick base touch having been away myself helping a friend of mine move but will try to address some of your replies before returning full swing hopefully Sat/Sun.

I take the em's are all mscrt related, correct? Configuring your puter to show hidden files doesn't have anything to do with the error's themselves and isn't considered a bad idea offering you the ability to see what's on your system. Whether they show or not, they're still where they are.

************************

"How can I tell if I have DOS or 16-bit programs installed?"

That's a good question .... some answers I try to learn moving along trying to provide solutions, cause I haven't got'em all! M$ say's a simple check to determine if the Windows Virtual DOS Machine (NTVDM, the one mentioned by usergame) subsystem is working properly is by typing > command.com into your runbox, then executing. If a command prompt is returned, the subsystem's OK.

The same article references this key ....

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ VirtualDeviceDrivers

.... or VDD. If your system is utilizing such devices they'll be listed directly across from this value under data, specifying the program ....

xxxx://support.microsoft.com/default.aspx?scid=kb;en-us;Q314106

************************

Taskmanager? Control what you want listed ....
Open TM > View Tab > Select Column's ... OK to apply. Check that debug.exe isn't running in Taskmanager either!

Another useful utility you could download (works fine under sp2 Home) is Tasklist.exe, which could be output to file ....

xxxx://www.computerhope.com/download/winxp.htm
Same deal, copy to your Sysytem32 folder.

.... and help out here ... "After 160 error messages today, there was a lull from them for about 20 minutes, before they started again.

If such a lull reappears, load the command prompt ....

tasklist(space)>drive:\folderyoucreate\filenamehere.txt

.... reload when the em's return but append to the existing file by adding an additional > and naming the same text file. You'll be able to note differences in running apps encountered.

Be back on the weekend.


GF

 

Hi G-Force, sorry to be a pain, but I dont understand the above instruction at all. Having trouble keeping up with your expertise.

Although, after the error messages stopped today at 55, I completed the command prompt - listdlls, which came up with "No matching processes were found" in the command prompt.

Regarding the regedit address for virtual device drivers, there were no listings with this value.

I also visited the computerhope.com site, but wasn't exactly sure which program to download, as there are 3 separate one's there. I thought the 2nd one, but will wait for your confirmation on that.

Most of the error messages refer to msvcrt.dll, but ocassionally find a few that are user32.dll. Dont know what to make of that.

Thanks again.

 

No pain at all!


"I dont understand the above instruction at all." ....

Example : On my main drive for such purposes (which happens to be c:) I've created a folder simply titled dump (c:\dump). Since a copy of a command's output > needs to be presented from some sort of text program for the purpose of retrieval or later reference, I find it easier to do so right from the cmd-line. But before finishing the output we must name the file that will be generated by the command including a file type extension, in our case it may be called explorerdll.txt (txt output's to notepad) since this is the information we seek. Entering the complete example at the command prompt employing ListDLLs and my current session's explorer PID (1344) would look like this (note spacing keeping the file name continuous) ....

listdlls -r 1344 >c:\dump\explorerdll.txt
Enter

If I were to append another round of ListDLLs, the prompt entry would include >> ....

listdlls(space)-r(space)1344(space)>>c:\dump\explorerdll.txt

You could of course rt clk inside the command window > select all, then press enter to copy where it could be pasted directly into your reply. Either way you'll want to edit the output as we're only after the msvcrt listing. Try reloading the prompt if what you said .... "No matching processes were found" was the result. Command spacing is critical for proper execution, that's why I've included these (space) in the append example.

************************

"Regarding the regedit address for virtual device drivers, there were no listings with this value."
Understood, but did entering command.com into your runbox open a prompt?

************************

Correct! Tasklist.exe is the second file mentioned from ComputerHope. For peace of mind blueyes, I have confirmed this file run's fine on my friends sp2 Home system. To avoid any possible tampering after download and before executing, you may upload it for scan at Jotti's (enable Java with only Jotti's site opened to eliminate the chance of cross-site scripting) ....

xxxx://virusscan.jotti.org/

.... just browse to the folder you saved it to, highlight, select submit and allow the process to finish, should be a clean bill of health. Perhaps you could c/p an example Tasklist (which also display's PID) in you next reply to accompany the ListDLLs submission (just edit out the documents and settings line)?

************************

".... but ocassionally find a few that are user32.dll."

Interesting, I drew an initial reaction here but will wait until doing further investigation to see if or where this fit's in.
ITF ... GF would be fine.



Pssst, blueyes .... my mention of "hobby time" a few posts back was referring to what I enjoy doing while online,
helping peep's find solutions .... or the attemp there~of! BTW, I have no expertise, only calculating tenacity!



Soon,
GF

 

Hi G-Force, I tried the command prompt and typed in everything letter perfect as per your instructions. I also created a Dump file in C:\, and the following log was created;


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

No matching processes were found.

*****************
I did use the current session explorer pid. Yes, entering command.com in the run box does open a prompt I haven't done the tasklist.exe yet, but will post back with some results on that soon.

Thanks heaps.

 

You're stating listdlls -r (pid#) returns nothing?
Is there only one instance of explorer.exe in Taskmanager (clk Image Name to display alphabetical)?

GF

 

Hi G-Force, yep - there is only one explorer.exe in taskmanager.

I have downloaded tasklist.exe to my system32 folder, ran a virus scan (all clear), and then ran the program. The command prompt flashes onto the screen, runs heaps of numbers then goes off the screen in probably less than 2 seconds. So how do I retrieve that info? Where has it gone?

Thanks again.

 

Tasklist you run at the command line .... tasklist >c:\yourfolder\filenamehere.txt

You may also c/p as described in my previous post (fifty-three) typing tasklist by itself.


GF

 

I am typing in;.... tasklist >C:\Dump\tasklist.txt - and not getting any response from the CP. What am I doing wrong?

 

That way it output's to your c:\dump folder, find the text file there.

GF

 

Tasklist entered alone will produce immediate results within the prompt.

GF

 

*lobster red* - thats me!


Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 0 16 K
System 4 0 28 K
smss.exe 580 0 52 K
csrss.exe 652 0 2,016 K
winlogon.exe 676 0 1,912 K
services.exe 720 0 1,692 K
lsass.exe 732 0 1,320 K
svchost.exe 892 0 1,272 K
svchost.exe 972 0 1,552 K
svchost.exe 1024 0 10,520 K
svchost.exe 1092 0 964 K
spoolsv.exe 1196 0 436 K
vsmon.exe 1396 0 6,632 K
zlclient.exe 1292 0 2,244 K
gcasServ.exe 1404 0 2,796 K
avgemc.exe 804 0 476 K
TeaTimer.exe 1824 0 1,684 K
msnmsgr.exe 1812 0 6,196 K
gcasDtServ.exe 1492 0 5,392 K
WinMX.exe 1836 0 13,952 K
dwwin.exe 1872 0 596 K
MXMoniE.exe 456 0 1,056 K
dwwin.exe 1020 0 576 K
dwwin.exe 144 0 584 K
dwwin.exe 1680 0 592 K
dwwin.exe 552 0 576 K
dwwin.exe 956 0 572 K
dwwin.exe 1436 0 568 K
dwwin.exe 1728 0 596 K
dwwin.exe 120 0 588 K
dwwin.exe 2100 0 576 K
dwwin.exe 2276 0 592 K
dwwin.exe 2464 0 576 K
dwwin.exe 2644 0 600 K
dwwin.exe 2828 0 596 K
dwwin.exe 3032 0 616 K
dwwin.exe 3312 0 580 K
dwwin.exe 3540 0 576 K
dwwin.exe 3732 0 588 K
dwwin.exe 3984 0 588 K
dwwin.exe 1752 0 576 K
dwwin.exe 2212 0 580 K
dwwin.exe 2380 0 572 K
dwwin.exe 2572 0 588 K
dwwin.exe 1244 0 628 K
dwwin.exe 3012 0 596 K
dwwin.exe 3184 0 592 K
dwwin.exe 3636 0 600 K
dwwin.exe 3936 0 612 K
dwwin.exe 1148 0 572 K
dwwin.exe 156 0 584 K
dwwin.exe 492 0 588 K
dwwin.exe 2588 0 588 K
dwwin.exe 3116 0 576 K
dwwin.exe 1036 0 596 K
dwwin.exe 3228 0 612 K
dwwin.exe 3536 0 588 K
dwwin.exe 3948 0 580 K
dwwin.exe 3236 0 588 K
dwwin.exe 2052 0 580 K
dwwin.exe 2236 0 580 K
dwwin.exe 2628 0 584 K
dwwin.exe 3128 0 580 K
dwwin.exe 3476 0 572 K
dwwin.exe 532 0 588 K
dwwin.exe 1432 0 572 K
dwwin.exe 1344 0 592 K
dwwin.exe 2552 0 580 K
dwwin.exe 1016 0 584 K
dwwin.exe 3620 0 572 K
dwwin.exe 3856 0 580 K
dwwin.exe 1764 0 572 K
dwwin.exe 1296 0 576 K
dwwin.exe 3300 0 592 K
dwwin.exe 3952 0 584 K
dwwin.exe 2448 0 572 K
dwwin.exe 3488 0 572 K
dwwin.exe 2684 0 580 K
dwwin.exe 2012 0 580 K
dwwin.exe 2596 0 600 K
dwwin.exe 3436 0 580 K
dwwin.exe 4652 0 580 K
dwwin.exe 5240 0 596 K
DivX Player.exe 504 0 764 K
dwwin.exe 4700 0 588 K
dwwin.exe 5112 0 592 K
dwwin.exe 5552 0 584 K
dwwin.exe 6052 0 584 K
dwwin.exe 4192 0 588 K
dwwin.exe 4152 0 588 K
dwwin.exe 4892 0 588 K
GIANTAntiSpywareMain.exe 4560 0 1,360 K
dwwin.exe 5852 0 656 K
dwwin.exe 3396 0 696 K
iexplore.exe 2956 0 15,300 K
wordpad.exe 5360 0 1,780 K
dwwin.exe 3472 0 908 K
dwwin.exe 5916 0 1,528 K
dwwin.exe 5824 0 1,976 K
dwwin.exe 3224 0 2,072 K
dwwin.exe 4188 0 4,208 K
dwwin.exe 5520 0 6,136 K
explorer.exe 5152 0 19,800 K
ntvdm.exe 5168 0 2,324 K
wmiprvse.exe 5636 0 5,880 K
cmd.exe 5304 0 2,352 K
tasklist.exe 5840 0 4,020 K

 

Relax .... you did notice a slight hesitation at the prompt after pressing enter, right?
That's the cmd processor generating the file list, good!

Before you leave could you please tell me if the em's are active right now,
I'll need some time to size these up.

GF

 

Is there any listing if you enter listdlls -r 5152?

GF

 

Hi G-Force, no problems - take your time.

Started out in the usual way this morning with 55 error messages straight off. After that happens, they then stop coming at such frequency. Get the ocassional one, say about 3-4/hour. It is after midnight here, and had the comp on for about 16 hours. There are 78 error reports in total in my tray.

 

Still the same response - "No matching processes were found"

 

Okie Dokie!

Call it a night although I do note one item running that draws suspicion (ntvdm.exe),
not sure why yet but will get back soon as I've made some discoveries.

For tommorrow then, I'll try'n digest your last post as well.

GF

 

Blueyes,


I have a few request's and more questions, if you would ....

Open your runbox > type in > msconfig > select the Startup tab. Let me know which if any of these files are listed ....

• gcasDtServ.exe - Under M$/Giant Anti-Spyware a legit file depending on location. Not having direct knowledge of the program maybe you could tell me if you have it configured for startup, if not trust there will be more request's!

• dwwin.exe - Related to Dr.Watson. You have the Error Reporting service running and possibly enabled in system properties. My feeling here which is totally acceptable is to disable, thus exercising a "process of elimination" approach. There are some area's to address, but will await your approval. FYI, these are ALL disabled on my system.

• ntvdm.exe - Here's our Virtual Dos Machine again. That it showed up in your tasklist paste means a DOS or 16-bit program is running, held open by another application on your system. The way to tell which is by closing each app one at a time, and checking in taskmanager for it's presence (ntvdm.exe will disappear as soon as you close the correct program .... start with your DivX Player and WinMX. My hunch ... it's dwwin.exe). Please forward the info as time permit's, dwwin I'll address with your go-ahead.

Finally blueyes, do you happen to have the latest version (1.99.1) of HJT (HiJackThis)?
Easy mods, only a question.


GF

 

As long as one is not posted your fine Guest

 

Who? Moi? Oh no no no .... not lil'ol me Bubba.

GF

 

Hi G-Force, wasn't online yesterday because of thunderstorms. Yes, I do have gcasServ in the system startup, twice actually. One unchecked and one checked. Note different spelling to your version. There were no items of dwwin.exe or ntvdm.exe in the start up list.

Yes, I do have a version of HJT, 1.99 I think. I cant get into my program files to check, for these darn error messages. I dont think it has .1 on the end.

About 6 months ago, I had some problems using nero for burning, and consulted a tech forum. Was advised that I probably had too many startup programs running (to free up some system resources), and to uncheck what wasn't absolutely necessary. So went through that proceedure (twice actually) with no success whatsoever. On re-boot, windows bought up heaps of error messages, and reverted back to the original config. There was nothing I could do about it. I took notes at the time, which may give you an idea what happened;

"System Configuration Utility.
You have used the system configuration utility to make changes to the way windows starts. The SCU is currently in diagnostic or selective start up mode, causing this message to be displayed, and the utility tov run every time windows starts. Choose the normal start up mode on the general tab to start windows normally, and undo the changes you made using the SCU."

and then shortly after...

"System Configuration - An access denied error was returned while attempting to change a service. You may need to log on using an admin account to make the specified changes."

I am logged on as administrator! I cant be sure whether I did this in safe mode, or if that would make any difference.

Sorry, I cant make any changes at the moment, as the error messages haven't stopped today at 57, like they usually do. Thanks for your continuing patience. I hope Ive answered all your questions.

 

Hi G-Force. Well, the strangest thing happened today. I started in safe mode, just to see what would happen, but the error messages were continuing there too.

So re-booted back to normal mode, and with the error messages still going (as usual), dialed up my internet connection. Once connected, I received an update prompt from WinMX (never had one before), so went ahead and updated. From that moment the error messages stopped. Have had winmx running for the last 8 hours with no error messages. With one exception.

When I click on "my computer", as soon as that page loads, an error message will sometimes appear there. As soon as it is clicked off the "my computer" page goes off too. So I have been having some problems getting onto that page today, but it doesn't happen everytime. A ran avg anti virus, which came up with 4 viruses in the guest user account, which it couldn't heal/delete. So I went in there to delete them manually.

As it stands, I've had about 10 error messages today, but not ongoing, only one ocassionally. So I've done nothing further re; your instructions. Can only hope this continues, but have no idea why its happened.

 

hi all,

did some research on another computer winxp sp2 having lots of error messages and discovered that most of the issues were winsock releated. the fix i found was pretty simple to use.

1. if you have xp sp2 installed.
2. go to start then run
3. type "netsh winsock reset catalog" without the quotes and hit enter.
4. restart the computer.

hope this helps.

here is the lonk to the page I found.
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx

 

Thanks for that info ravin. I'll be logging off in about 2 hours, so will post back tomorrow on the result. I just love simple solutions! Fingers crossed.

 

I'm still here blueyes, will be replying again shortly ....

GF

 

Well. I've been online for more than 8 hours today, and only 2 error messages on start up and none since. I feel I can confidently say that this issue is solved!

So I want to say a huge thank you to everyone for their expert input with this thread, and a special mention to G-Force for your continued and often exhaustive research efforts. Your expertise is mind-boggling for this 'newbie'

My shout for a beer

Many thanks - blueyes.