virus scaning

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

RS419

Thread Starter
Joined
Sep 29, 2003
Messages
8
I have been trying to use the pandasoftware active scan and every time i start it it don't get far and something comes up and said i have preformed a illegal operation and when i click it off it cuts my computer off.I have windows 98 and i have Mcafee.Then i tryed spyware and after i downloaded that when i went to open it that said setup files or corrupted.Please obtain a new copy of the programs.Don't know what to do now and my computer is very slow.
 
Joined
Dec 9, 2000
Messages
45,855
Can you give the full, exact message regarding "corrupt" downloads. I fear you may have the "spaces" virus, but fortunately there is a repair for it if we know for sure.

Can you download, unzip and run HijackThis and post a Scanlog?

http://www.tomcoyote.org/hjt/
 

RS419

Thread Starter
Joined
Sep 29, 2003
Messages
8
Logfile of HijackThis v1.97.2
Scan saved at 3:37:07 AM, on 10/1/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\AMERICA ONLINE 6.0\WAOL.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {9EBE0402-27C2-11D6-A9D5-00500413153C} (DFRun Class) - http://webpdp.gator.com/download/iegator_3090_webpdpgeneric.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4028.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0312.dll
O16 - DPF: {9EBE0412-27C2-11D6-A9D5-00500413153C} (DFRun Class) - http://webpdp.gator.com/download/iegator_3090B_hd3ptdm.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 
Joined
Dec 9, 2000
Messages
45,855
Ok, I see a few spy/adware problems there, but I don't know if they are responsible for the problem you are encountering. In any case they need to be cleaned.

Here's what I'd like you to do for starters. Download and install Spybot. Once it is installed, click the Online tab, then "search for updates". Download all updates.

http://tomcoyote.org/SPYBOT/index1.html

Before actually running Spybot to "check for problems", go to Add/Remove programs and remove:

new.net

and reboot.

If New.net is not found in Add/Remove progrms, you will have to follow instructions here for removal:

http://www.newdotnet.com/#remove

Once new.net is removed have Spybot "check for problems" and once the scan has completed have it fix everything it checks. Reboot afterwards and post another Scanlog.
 

RS419

Thread Starter
Joined
Sep 29, 2003
Messages
8
I downloaded and installed spybot. I searched for updates and downloaded all updates. I removed new.net and then reboot. I checked for problems and fixed everything it checked and reboot afterwards. I tryed to scan for virus again and the you have preformed a illegal operation came back up again and it said when i clicked details WAOL caused an invalid page fault in module OLE32.DLL at 017f:7ff847f4. and now here is the new scanlog:


Logfile of HijackThis v1.97.2
Scan saved at 11:56:08 AM, on 10/1/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\AMERICA ONLINE 6.0\WAOL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4028.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0312.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 
Joined
Dec 9, 2000
Messages
45,855
The scanlog looks faultless now.

If you use IE instead of AOL as your browser, do you get the same error?

It might be worthwhile to install the dcom98 1.3 update for OLE files. If you have mismatched versions, this should set them straight:

http://www.microsoft.com/com/dcom/dcom98/dcom1_3.asp

I do notice that you do not have ScanRegistry listed in your startups. Although unrelated to your problem, this should be present in any Win98/ME starting profile.

Would you run msconfig and click on the Startup tab.

Do you see ScanRegistry there? If it is UNchecked, please check it.
 

RS419

Thread Starter
Joined
Sep 29, 2003
Messages
8
I used IE and AOL as my browser and still got the same error.I installed dcom98 1.3 update and still got the error.When I clicked on details it said EXPLORER caused an invalid page fault in module MSHTML.DLL at 017f:70c32cdf.

I also did run Msconfig and ScanRegistry was unchecked so I checked it.
 
Joined
Dec 9, 2000
Messages
45,855
Is the error always the same one, or is it changing?

Mshtml errors are tough nuts to crack. Sometimes they are caused by outdated video drivers. Others seem peculiar to particular browser versions. IE 5.5 was one, but the issue was supposed to pertain to the WinME version.

When doing these online virus scans, I've found it best not to do any browsing or anything else until they complete -- in spite of what they say!
 

RS419

Thread Starter
Joined
Sep 29, 2003
Messages
8
It seems they are not always the same.I had one that said explorer executed an invalid instruction in module VSAPI32.DLL at 017f:67272 ead.

Then another one said explorer caused an invalid page fault in module MSHTML.DLL at 017f: 70c32cdf

Another one said explorer caused an invalid page fault in module <unknown> at 0000:72dlb087.

Then i have to click the x to get it off and then it shuts me down.Then it takes a few mins to every get back on.
 
Joined
Dec 9, 2000
Messages
45,855
It could be a video driver problem or perhaps a hardware issue such as overheating. It doesn't sound like a Windows file issue if they are happening randomly like that.

Do they tend to happen after the system has been on for a while, as opposed to soon after a startup? I'm leaning towards a heat issue, actually.
 

RS419

Thread Starter
Joined
Sep 29, 2003
Messages
8
actually it has not done it in awhile.Seems it only does it now when i try to do the virus scan.Every time i do the virus scan it will start scanning but then not long that will pop up there.If I don't do that it don't come up.
 
Joined
Dec 9, 2000
Messages
45,855
The virus scanning could be making high, sustained use of the cpu which might then get overly hot.

Have you tried HouseCall as well as Panda?

You can also try downloading and running Trends Cleaner; it does not use ActiveX like the others and is a full fledged virus scan:

http://www.trendmicro.com/download/tsc.asp

If you want to install a freeware antivirus program, try AVG:

http://www.grisoft.com/us/us_dwnl_free.php

I would recommend this as it will give you real time protection.
 

RS419

Thread Starter
Joined
Sep 29, 2003
Messages
8
I have tried House Call as well as Panda.I also wanted to let you know I do already have Macafee installed before I install another antivirus.
 
Joined
Dec 9, 2000
Messages
45,855
I didn't see anything in the startups, did you completely disable McAfee?

You need to have some real time protection.

And if the Mcafee version was an old one, it might not have been offering the level of protection necessary for the newer threats.
 

RS419

Thread Starter
Joined
Sep 29, 2003
Messages
8
Could you please tell me why after i have been online for awhile I will get something that saids you have preformed and illegal operation and will be shut down then it cuts me off and have to restart my computer.Another problem when i first sign on it takes little bit for my welcome screen to pop up.Can you help me with these problems.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top