confuzzling stuff! er? virus?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

big_pimp

Thread Starter
Joined
Jul 1, 2003
Messages
191
I recently formatted my hardrive, cos it had been a long time since i've had this computer and many years of installing uninstalling deleting fixing chopping wiping cleaning and er well it just needed a reformat after so many years usage.

However since the reformat i've been having some strange problems, I did something stupid, after i first reformatted cos my virus scanner needed such a huge update i left it for a few days cos i was only dial up, same with my firewall.

Now i have some very strange problems

I've turned absolutely everything on start up off, except the load power profiles etc etc.. just windows stuff

my computer is hanging like crazy, but i dont seem to be having any memory problems, I keep getting messages saying my hard drive is full, that i might want to run disk clean up, even tho my disk isnt full i have over 4 gig free.

i ran a full virus scan with Mcafee um i think its 7, but the virus signatures are fully updated, i also ran housecall... nothing at all, i ran spybot and adaware and again apart from cookies nothing suspicious is coming up. I've also ran housecall, and a free virus scanner from grisoft i think? not sure its uninstalled now.

my computer tries to connect to the internet every 3 mins or so without my permission ( just the dial up box pops up as i've disabled the automatic feature) (this is with no programes running) it does this before windows has even fully loaded, ie i ran spybot and it asked to run on start up cos something it wanted to delete was in use, before windows had fully loaded and whilst spybot was running my computer was still constantly trying to connect to the net.

I thought well, i've done a virus scan i've done a spyware scan, i'll do a defrag see if it at least helps the hanging. defrag said errors on disk pls repair b4 running defrag again. so i scanned c:\ many many files were found with mis-reported size i repaired all these, then it found a lost file fragment of 81920 bytes, i told it to just get rid and delete, it said it needed to restart cos a program or windows itself had written to the drive .. this happened 3 times finally it accepted deleting the file fragment. it then went on to scan the surface area of the disk, but was unable to do this as everytime the dial up thing popped up it restarted after i recieved the restarted 10x warning i just gave up.

Logfile of HijackThis v1.97.7
Scan saved at 9:37:58 PM, on 4/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http://www-cache.freeserve.com:8080;http=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38076.025625
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab


on msconfig autoexec.bat there is one strange thing

C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanpm.exe C:\

I'm not sure if this is my virus scanner.. probably is running on boot?

occasionaly i get this...

<unknown> has performed an illegal.... and will now close,

this is all happening with just the following turned on at selective start-up

ScanRegistry
TaskMonitor
SystemTray
LoadPowerProfile
LoadQm
MCUpdateexe <--- just noticed this, its mcafee updater but everytime i turn it off i just realised its making another copy of itself, there are currently 3 versions of this, 1 is on 2 off
SchedulingAgent
LoadPowerProfile

any ideas? ayúdeme!!! por favor
 
Joined
Apr 2, 2004
Messages
318
1. Click on START then RUN

2. In the run box type SYSEDIT

3. Select the AUTOEXEC.BAT file

4. Find the following line the autoexec.bat file:

C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan.exe C:\

5. Change the line to

C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan86.exe C:\

6. Click on FILE then SAVE

7. Close down SYSEDIT and restart your computer.

8. If the PC is still slow repeat stages 1 to 3 but this time change the following line:

C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan86.exe C:\

Change the line to

C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanPM.exe C:\

9. Click on FILE then SAVE

10. Close down SYSEDIT and restart your computer.

11. If the PC is still slow repeat stages 1 to 3 but this time change the following line:

C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanPM.exe C:\

to

REM C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scanPM.exe C:\

12. Click on FILE then SAVE

13. Close down SYSEDIT and restart your computer.

There ya go :D

==============================
Advice From A 12 Year Old!
==============================
 

big_pimp

Thread Starter
Joined
Jul 1, 2003
Messages
191
I will give this a try, i've just seen this advice elsewhere for mcafee on the link u told me to check, but as far as i can see this is just for problems on start-up isn't it? where as i dont really have any problems on start-up, i was just unsure as to what it was,

i'll give it a try tho see if it helps, thx
 

big_pimp

Thread Starter
Joined
Jul 1, 2003
Messages
191
could this be a bad install of some software? should i run back thru my installs and uninstall them re-install them 1 by 1? im lost here, don't really want to format again.. but i can see how a bad install would do all this if everythings turned off at startup.. does seem weird that no matter what i do i cant turn off mcafee auto updater, could that in turn be loading other components of mcafee? help :(
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top