I did a clean install of S&D 1.5 on an XP Home SP2 system that still uses Internet Explorer 6 (it has to be 6 in order to make some older software work).

But whenever I activate the SDHelper and click on the IE shortcut the application won't open 4 times out of 5 (starting page of IE is Google BTW).

Opening Windows Task Manager shows there is a running process (IEXPLORE.EXE) for every false start (mem usage around 12556K).

System, registry, startup has been checked and cleaned with S&D, Ki-Washer, EasyCleaner, F-Prot, Housecall and shows no threats whatsoever...

Disabling SD results in IE6 functioning again.

Thank you for reporting this , a similar issue has also been reported.
Are you using any other plugins for the IE 6?
If possible please attach a Spybot S&D Report to your next post. The report also contains information about patches and Service Packs installed on your computer, this may help us in finding the reason for this behavior caused by the SDHelper.

Here it is:




--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

--- Startup entries list ---

Located: HK_LM:Run, F-PROT Antivirus Tray application
command: C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
file: C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
size: 1335928
MD5: 1FDCA29B8992902C70BE708805F184E0

Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 01018F75F3F18CE629FAC9689954A2AE

Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 996ABAC2332DE28F3B6A179C6DA20205

Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 3F2C8DD08549BB3419CDA372F5999FFA

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896E712A34D654A337C8CBB9DEB07200

Located: HK_CU:Run, ki_washer
where: S-1-5-21-3271347553-798414697-4163527479-1006...
command: C:\Program Files\Kalavath Infotech\Ki-Washer\ki-washer.exe Auto
file: C:\Program Files\Kalavath Infotech\Ki-Washer\ki-washer.exe
size: 147456
MD5: D9A866503FBC574D8B71C65CA52A3034

Located: HK_CU:Run, swg
where: S-1-5-21-3271347553-798414697-4163527479-1006...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 18/12/2006 5:16:42
Date (last access): 10/10/2007 16:07:42
Date (last write): 18/12/2006 5:16:42
Filesize: 59032
Attributes: archive
MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
CRC32: 7B0A854F
Version: 7.0.9.50

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 10/10/2007 11:04:52
Date (last access): 10/10/2007 16:07:42
Date (last write): 31/08/2007 16:46:14
Filesize: 1122128
Attributes: archive
MD5: B8958471DAA4481E93B03DF8F991DD6E
CRC32: 35E35F14
Version: 1.5.0.8

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: ssv.dll
Short name:
Date (created): 7/08/2007 19:25:36
Date (last access): 10/10/2007 16:07:56
Date (last write): 12/07/2007 4:00:36
Filesize: 501136
Attributes: archive
MD5: D6137540BDF0F9F9B9055C60ADD8007A
CRC32: 29E910AF
Version: 6.0.20.6

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 14/02/2007 16:59:28
Date (last access): 10/10/2007 16:07:42
Date (last write): 20/01/2007 0:56:04
Filesize: 2436160
Attributes: readonly archive
MD5: 6D44E0C3B43D27484FBB355E470C4188
CRC32: 2DE875CD
Version: 4.0.1601.4978

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\
Long name: swg.dll
Short name:
Date (created): 4/06/2007 9:24:04
Date (last access): 10/10/2007 15:45:28
Date (last write): 4/06/2007 9:24:04
Filesize: 325048
Attributes: archive
MD5: 1DC47CA76A0FFEAA25B45DE5706F2115
CRC32: E2052360
Version: 2.0.301.7164

--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 2:22:38
Date (last access): 10/10/2007 15:40:48
Date (last write): 12/07/2007 4:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control)
DPF name:
CLSID name: LycosMail Upload Control
Installer: C:\WINDOWS\Downloaded Program Files\LycosMail.inf
Codebase: http://mail.lycos.com/hanmail-ax/AttachMail.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: LycosMail.ocx
Short name: LYCOSM~1.OCX
Date (created): 27/04/2006 16:32:22
Date (last access): 10/10/2007 10:58:56
Date (last write): 27/04/2006 16:32:22
Filesize: 507904
Attributes: archive
MD5: 9F5E8E5DB6F8B7BF4583B77C2A62737B
CRC32: DD69E5E4
Version: 1.2.0.54

{CAFECAFE-0013-0001-0014-ABCDEFABCDEF} (JInitiator 1.3.1.14)
DPF name: JInitiator 1.3.1.14
CLSID name: JInitiator 1.3.1.14
Installer:
Codebase:
description:
classification: Legitimate
known filename: npjinit13114.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Oracle\JInitiator 1.3.1.14\bin\
Long name: NPJinit13114.dll
Short name: NPJINI~1.DLL
Date (created): 14/08/2006 17:16:22
Date (last access): 10/10/2007 10:58:56
Date (last write): 8/07/2003 12:10:12
Filesize: 53338
Attributes:
MD5: 23021DF39CC2B1E3EBFAA88F3555FDA2
CRC32: D22BB8E6
Version: 1.3.1.14

{CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18)
DPF name: JInitiator 1.3.1.18
CLSID name: JInitiator 1.3.1.18
Installer:
Codebase: http://ATA.GNOG/forms90/jinitiator/jinit13118.exe
description:
classification: Legitimate
known filename: npjinit13118.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Oracle\JInitiator 1.3.1.18\bin\
Long name: NPJinit13118.dll
Short name: NPJINI~1.DLL
Date (created): 3/10/2006 20:08:22
Date (last access): 10/10/2007 13:12:02
Date (last write): 2/03/2004 14:29:30
Filesize: 53336
Attributes: archive
MD5: 383E9AA81712AC6A31ECCE27A5655B24
CRC32: 7677C481
Version: 1.3.1.18

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 2:22:38
Date (last access): 10/10/2007 15:40:48
Date (last write): 12/07/2007 4:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 2:22:38
Date (last access): 10/10/2007 15:40:48
Date (last write): 12/07/2007 4:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 10/11/2006 0:46:26
Date (last access): 10/10/2007 10:58:56
Date (last write): 10/11/2006 0:46:26
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 548 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 596 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 620 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 664 ( 0) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 676 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 836 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 904 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1000 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1060 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1256 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1456 ( 0) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1664 ( 0) C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
size: 18528
MD5: E81B0918920C9D02DC28D499C3A22742
PID: 1684 ( 0) C:\Program Files\Dell\OpenManage\Client\Iap.exe
size: 155648
MD5: BE9A7EE5BFCFE8E3F11C98B892D8FEF5
PID: 156 ( 0) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1068 ( 0) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 1192 ( 0) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 01018F75F3F18CE629FAC9689954A2AE
PID: 1224 ( 0) C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 996ABAC2332DE28F3B6A179C6DA20205
PID: 1240 ( 0) C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896E712A34D654A337C8CBB9DEB07200
PID: 1248 ( 0) C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
size: 1335928
MD5: 1FDCA29B8992902C70BE708805F184E0
PID: 1276 ( 0) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 2168 ( 0) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1748 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 2368 ( 0) C:\Program Files\Outlook Express\msimn.exe
size: 60416
MD5: 091C14F4C71328D4316248A2421190DE
PID: 1104 ( 0) C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 71288
MD5: 6C37AD8C2212D3DDC456BB48A3AA398E
PID: 160 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3684 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 2992 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 1516 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3712 ( 0) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3536 ( 0) C:\WINDOWS\system32\taskmgr.exe
size: 135680
MD5: FC160ACE21C81837692B339D230DD4BE
PID: 2044 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9

complete report (zipped)

Hello,

I heard this from some users now and they have reported that upgrading to new version of Internet Explorer helps. There is already the IE7 availible.

Best regards
Sandra
Team Spybot

Felix Atagong,

got you report file, I trying to recreate this issue by configuring the testsystem as close to your system as possible. I will inform you if something comes up or if I need more information.
In the meantime you can use the filemon (http://www.microsoft.com/technet/sysinternals/utilities/filemon.mspx)
to log what happens when you try to start the IE6.
If you get this log, please attach it to your next post or send it via email to detections-at-spybot.info (replace -at- with @)

ok,

the result of our testing is as follows:
There is an incompatibility issue with the SDHelper if the Googletoolbar is installed and activated on an Internet Explorer 6.
Currently there are 2 ways to handle this:

1. Upgrade to Internet Explorer 7
this way you can keep both, the SDHelper and Googletoolbar.

2. Disable either Googletoolbar or SDHelper if you use the Internet Explorer 6.

I had completely forgotten about this thread. :oops:
Thanks for the answer!