Illegal Operations, PLEASE HELP ME

Please help me!! at startup I received at LEAST 22 Illegal operations messages. Here are 3: CPQDFWAG caused an invalid page fault in module WSOCK32.DLL at 016f:75fabba9., LUNDQ caused an invalid page fault in module KERNEL32.DLL at 016f:bff98adb., and AIVUA caused an invalid page fault in module AIVUA.EXE at 016f:00405891. Also, everytime I run something, Explorer performs an illegal operation. Here is another error message encountered concerning Explorer: CG132 caused an invalid page fault in module <unknown> at 0084:bff7a388. I dont understand why this is happening. My system performance also seems to be deteriorating. PLEASE HELP ME fix this problem!!!!

 

try this for the CPQDF error

Restart the system, when you do tap the F8 key.
This will bring up the startup menu.
To chose option 3 Safe mode type 3 then hit enter.
Once the system is started, if you have Win98 click OK, WinME close the Help and Support window.
Click start > run > type msconfig click ok.
Click the Startup tab, it's at the top along with General, System.ini, Win.ini, etc.
Remove the checkmark from CPQINET, and Connection Helper if it is there.
Click OK.
Click Yes to do you want to restart.
Once the system is running in Windows again if it is ME put a check in "Do not show this dialog again" then click OK, 98 does not have this.
You are done, and everything should be fine.

 

I suspect you have infections with either the magistr or hybris worms or both.

Please do an updated antivirus scan. An online one is available here:

http://housecall.antivirus.com/pc_housecall/

At some point you will need to replace the wsock32.dll which has probably been virus corrupted, see...

http://www.claymania.com/wsock32-extraction.html

If you've had the magistr worm it has probably placed files in your startup list which do not belong and may remain even after the worm has been "cleaned", since they are otherwise "legitimate" files.

Download the startuplog.zip file from the site below. Run the startuplog.com file it contains and paste the entire contents of the startuplog.txt (not stubbpaths.txt) in your next reply.

http://home.earthlink.net/~rmbox/Reticulated/Toys.html

 

I did everything you guys said. WHen I ran the vrius check i did have around 40 files that were infected and all of which had to be deleted. How would I replace those files? Some are: wmytb.exe, lundq.exe, and aivua.exe. I receive a message at startup saying they cannot find these files. There is also one file that I cannot delete because it is in Use and I have no idea what it is: rtftx.exe. But so far all the other problems are solved. I attached the startuplog.txt because i didnt know what to put in here so i just attached the whole thing. But thank you for all of your help and if you can help with this please do. Thanks!!!! oh yea if u need anymore information ill be more than happy to provide it.

 

Hi,

wmytb.exe, lundq.exe, and .exe are no Windows files, but are created by the virus, and they can be deleted.

Took a look at your startuplog, and you should do 1 thing first:

Go to Start/Run, and type Win.ini, then click OK.

You'll see a line run=wmytb.exe, lundq.exe, uepf.exe, gnmj.exe, aivua.exe, itsrotg.exe, crtnvcoreesa.exe, ygsxpta.exe, uamwsy.exe, ikgcikien.exe, lvjvart.exe, kqjvr.exe, pmtdeshnvrfy.exe, dtdadgkdau.exe, mqvia.exe, peeojfael.exe, sweca.exe, menf.exe, rotsdclpo.exe, cokuojhugbuej.exe, fwmgvbmeam.exe, opdiipgsqqih.exe, qodwqjl.exe, eynsw.exe, yrdsl.exe, tscxjaxjcnuib.exe, ldfjxsttho.exe, rmdam.exe, yevavpahq.exe, okhnfwjioehkw.exe, rtftx.exe

No wonder you're getting these errors.

The run= line should be empty. This is all due to the virus.

Delete everything after Run=, and go to File/save.

Now close Win.ini, and reboot.
You shouldn't get any of these errors any more.

There's more harmful stuff among your startups , though,
I'll get back to you with some further recommandations.

Good luck,

 

You have some serious spyware there, plus some stuff routinely responsible for causing errors, and slowing your machine down.
Let's remove all unnecessary and harmful stuff from startup.

Go to Start/run, and type msconfig.
On the Startup tab, uncheck EVERYTHING, EXCEPT for the following items

"LoadPowerProfile"="
"AvconsoleEXE"
"CPQEASYACC"="
"EACLEAN"="
"ScanRegistry"=
"SystemTray"=
"VsStatEXE"=
"Vshwin32EXE"=
"AccessRampMonitor"=(optional)
"StillImageMonitor"="
"hppwrsav"="
"McAfeeWebScanX"
"MSMSGS"="C: (optional)
"MailCleaner" (optional)
SchedulingAgent"=
"LoadPowerProfile"=

Click OK, close Msconfig, and reboot (important!)

The items marked 'optional' aren't neccessary for Windows to run either, and you may experiment later by unchecking them as well.

Now go to Software add/remove and remove Webhancer Agent.

Reboot AGAIN.

Download and install Ad-Aware . This is a program which scans your system for spyware.

After having downloaded AAW, also download the latest Signature file (Reflist.sig) : http://www.lavasoftusa.net/aaw/binary/reflist.zip
Unpack it to the Lavasoft Ad-Aware folder in Program Files, and have it overwrite the one that's there.

Then have your drives and registry scanned for spyware, check all found files and reg keys, click continue, and have them removed.
Reboot one last time.

Now have your system scanned on line again at <A HREF="http://housecall.antivirus.com/">Trend Micro HouseCall </A>


Good luck,