|
#1
January 14th, 2003, 07:16 PM
|
|||
|
|||
|
runtime error - win 98
Can someone help please?
I keep getting a message 'microsoft visual G+ runtime library - runtime error' programme C:\windows\explorer.exe R6025 - pure virtual function call I have to reboot to continue. any ideas thanks 
|
|
#2
January 15th, 2003, 01:57 AM
|
||||
|
||||
|
Hi! Welcome to CTH
If this just happened you may have a virus (worm). Do you use Kaaza by chance? Go Here and download and run the file Kill_EZ and it will tell you if you are infected and will remove it. Let us know.
__________________
Help at Murf's Garage Microsoft MVP - 2004-2008 "Moderator - Windows 98, XP, Vista, Hardware" Posting results - helps othersPlease consider supporting CTH with a Subscription.
|
|
#4
January 16th, 2003, 02:06 AM
|
||||
|
||||
|
Hi pit - you may have downloaded other nasties as well from KaZaA. Why dont you post your startups and we will have a look at them for you.
Go here and download and run Startup List. It will generate a log file. Copy the log and paste it back into this thread
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#5
January 16th, 2003, 09:48 AM
|
|||
|
|||
|
hope this is what you want ~ thanks for the help.
StartupList report, 16/01/03, 08:41:31 StartupList version: 1.51 Started from : C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE Detected: Windows 98 SE (Win9x 4.10.2222A) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\PTSNOOP.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\POINT32.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE C:\WINDOWS\SYSTEM\DSLAGENT.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\SYSTEM\MSWHEEL.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\WINDOWS\Start Menu\Programs\StartUp] EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SystemTray = SysTray.Exe EnsoniqMixer = starter.exe ScanRegistry = c:\windows\scanregw.exe /autorun TaskMonitor = c:\windows\taskmon.exe AtiQiPcl = AtiQiPcl.exe POINTER = C:\PROGRA~1\MICROS~1\point32.exe LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme LoadQM = loadqm.exe LWBMOUSE = C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET DSLAGENTEXE = dslagent.exe USB New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~3.DLL,NewDotNetStartup AtiCwd32 = Aticwd32.exe TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme SchedulingAgent = mstask.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY Weather = C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1 msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background -------------------------------------------------- C:\WINDOWS\WININIT.BAK listing: (Created 16/11/2002, 19:19:18) [Rename] NUL=C:\WINDOWS\SYSTEM\RSAENH.DLL C:\WINDOWS\SYSTEM\RSAENH.DLL=C:\WINDOWS\SYSTEM\SET 10D2.TMP C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IE PEERS.RCX C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\RSASIG.DLL C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\XENROLL.DLL C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\MSCAT32.DLL C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\MSSIP32.DLL C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MSSIGN32.DLL C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\CRYPTUI.DLL C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\CRYPTNET.DLL C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\CRYPTEXT.DLL C:\WINDOWS\SYSTEM\MSXMLA.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\MSXMLA.DLL C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4S ETUP\MSXML.DLL C:\WINDOWS\SYSTEM\MSXML3R.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\MSXML3R.DLL C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\WLDAP32.DLL C:\WINDOWS\SYSTEM\MSTIME.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\MSTIME.DLL C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MMUTILSE.DLL C:\WINDOWS\SYSTEM\MSRATELC.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MSRATELC.DLL C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MSRATING.DLL C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4S ETUP\HLINK.DLL C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\I E4SETUP\PROCTEXE.OCX C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SET UP\URL.DLL C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTE M\IE4SETUP\IEXPLORE.EXE C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM2053.TMP C:\WINDOWS\SYSTEM\ADVPACK.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM2083.TMP C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM20B3.TMP C:\WINDOWS\SYSTEM\MSHTML.TLB=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM2101.TMP C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM2111.TMP C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM2115.TMP C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM2134.TMP C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM2142.TMP C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM2150.TMP C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM2181.TMP C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM2194.TMP C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM21A3.TMP C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\IE4S ETUP\ACM21B5.TMP C:\WINDOWS\SYSTEM\IMGUTIL.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM21C2.TMP C:\WINDOWS\SYSTEM\MSXML3.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM21D5.TMP C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM2230.TMP C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM2240.TMP C:\WINDOWS\SYSTEM\SHDOC401.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM2244.TMP C:\WINDOWS\SYSTEM\SHD401LC.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM2252.TMP C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM2262.TMP C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM2283.TMP C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM2285.TMP C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM22E0.TMP NUL=C:\WINDOWS\SHELLI~2 NUL=C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE=C:\WINDOWS\SYSTEM\SET 3094.TMP NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\S ET30E5.TMP NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SET 30F4.TMP NUL=C:\WINDOWS\SYSTEM\SENS.DLL C:\WINDOWS\SYSTEM\SENS.DLL=C:\WINDOWS\SYSTEM\SET31 04.TMP NUL=C:\WINDOWS\SYSTEM\SENSAPI.DLL C:\WINDOWS\SYSTEM\SENSAPI.DLL=C:\WINDOWS\SYSTEM\SE T3110.TMP NUL=C:\WINDOWS\SYSTEM\ES.DLL C:\WINDOWS\SYSTEM\ES.DLL=C:\WINDOWS\SYSTEM\SET3114 .TMP NUL=C:\WINDOWS\SYSTEM\ESSHARED.DLL C:\WINDOWS\SYSTEM\ESSHARED.DLL=C:\WINDOWS\SYSTEM\S ET3116.TMP NUL=C:\WINDOWS\SYSTEM\ESTIER2.DLL C:\WINDOWS\SYSTEM\ESTIER2.DLL=C:\WINDOWS\SYSTEM\SE T3121.TMP -------------------------------------------------- C:\AUTOEXEC.BAT listing: if exist C:\WININST0.400\SuWarn.Bat call C:\WININST0.400\SuWarn.Bat if exist C:\WININST0.400\SuWarn.Bat del C:\WININST0.400\SuWarn.Bat CALL C:\WINDOWS\RECOVERY\CHECK.BAT C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup SET BLASTER=A220 I7 D1 T2 SET SNDSCAPE=C:\WINDOWS C:\PROGRA~1\CREATIVE\CTSND\DOSDRV\APINIT.COM mode con codepage prepare=((850) c:\windows\COMMAND\ega.cpi) mode con codepage select=850 keyb uk,,c:\windows\COMMAND\keyboard.sys -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - (no file) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} (no name) - C:\Program Files\NewDotNet\newdotnet4_50.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -------------------------------------------------- Enumerating Task Scheduler jobs: Tune-up Application Start.job Calculator.job Maintenance-Defragment programs.job Maintenance-ScanDisk.job Maintenance-Disk cleanup.job -------------------------------------------------- Enumerating Download Program Files: [CV3 Class] InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL CODEBASE = http://windowsupdate.microsoft.com/R...n/actsetup.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab [Register Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HWUTILS.DLL CODEBASE = http://63.251.206.100/inbrowser/cabf...b/Register.cab [WebPlayer Class] InProcServer32 = C:\WINDOWS\DOWNLO~1\HWAUDIO.DLL CODEBASE = http://63.251.206.100/inbrowser/cabf.../webplayer.cab [SurferNETWORK Plugin] InProcServer32 = C:\WINDOWS\DOWNLO~1\SURFER~1.OCX CODEBASE = http://surfer.www.conxion.com/surferplugin.ocx [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX CODEBASE = http://lw14fd.law14.hotmail.msn.com/...x/HMAtchmt.ocx [IntraLaunch.MainControl] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\INTRALAUNCH.OCX CODEBASE = file://D:\supercd\IntraLaunch.CAB [{69FD62B1-0216-4C31-8D55-840ED86B7C8F}] CODEBASE = http://installs.hotbar.com/installs/...6.0/hotbar.cab [WUCorpSuppControl Class] InProcServer32 = C:\WINDOWS\SYSTEM\WUCORPCT.DLL CODEBASE = http://corporate.windowsupdate.micro...n/wucorpct.CAB [{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}] CODEBASE = http://download.weatherbug.com/minib...ginstaller.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab [CamImage Class] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXISCAMCONTROL.OCX CODEBASE = http://195.166.137.240/activex/AxisCamControl.ocx [{41F17733-B041-4099-A042-B518BB6A408C}] CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe [{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}] CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Update Class] InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL CODEBASE = http://v4.windowsupdate.microsoft.co...576.4602083333 [{A1DC3241-B122-195F-B21A-000000000000}] CODEBASE = http://pluginaccess.com/Browser_Plugin.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #2: C:\Program Files\NewDotNet\newdotnet4_50.dll Protocol #1: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL Protocol #2: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL Protocol #9: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL Protocol #10: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL -------------------------------------------------- End of report, 11,603 bytes Report generated in 1.254 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
|
|
#6
January 16th, 2003, 10:30 AM
|
||||
|
||||
|
Hi pit - yep, you have a nastie called new.net and a whole bunch of ActiveX Controls in your downloaded program files that could cause problems too.
Download Spybot - Search & Destroy from here After installing, go to the Online tab, and search for and install all updates. Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks'. These settings are not needed at the moment and you can always consult the "Help" files if you want to experiment later on. Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds. NOTE: SSD will sometimes not be able to remove all active components in the first 'run'. In that case you will get a dialog asking you to run SSD at next start. Click yes and reboot. Subsequently SSD will activate before the system puts these components 'in use', and it will then be able to 'fix' the rest. When you have done this, Open your browser and go to Tools > Internet Options and click on the General Tab. Click on Settings (next to Temporary Internet Files) and then click on View Objects. Rightclick on each and choose Properties. If there is anything there that you dont know what it is (microsoft, apple, macromedia etc are OK) or where it came from,delete it. If there are any damaged controls there, delete those also. Let us know how you get on.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#7
January 16th, 2003, 10:43 AM
|
||||
|
||||
|
There seems to be a dubious file running as well.
C:\WINDOWS\RunDLL.exe the real one does not have capital "DLL" in it, it's just Rundll.exe This may be a virus, but more likely a Trojan.
__________________
Microsoft MVP - 2007/2008 •• •·•• ··· ·· ••·
º EVEREST º You can subscribe to Cyber Tech Help for as little as $5.00! subscribing. Help us help. What's the latest news? Check CTH News ......///\oo/\\\
|
|
#8
January 16th, 2003, 11:02 AM
|
||||
|
||||
|
Good point Spider. Open Windows Explorer and go to C:\WINDOWS\ and look for RunDLL.exe. When you find it, rightclick on it and select Properties. If it is not a microsoft file, run the online antivirus scanner here first pit. It should detect a trojan.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
|
#10
January 16th, 2003, 08:30 PM
|
|||
|
|||
|
Have done everything asked. Spybot picked up a lot ~ cleaned and rebooted ~ scanned again' then used online virus scan as asked. The only virus I can't get at is PE CIH.1003. Is that a big problem and would it have caused the problem I had?
Thanks again for your help ~ both of you regards Pit
|
|
#11
January 16th, 2003, 09:28 PM
|
||||
|
||||
|
Trend reports on what that virus does.
Symantec (Norton) has a fix program to download and kill the virus. You can kill it and then reboot. I don't really have a lot of faith in the killer programs. They more attempt to recover your system but many times there are "scars" left by the virus that can't be fixed unless you format and reinstall WindowsXX. Try the killer and see what happens from there.
__________________
Microsoft MVP - 2007/2008 •• •·•• ··· ·· ••·
º EVEREST º You can subscribe to Cyber Tech Help for as little as $5.00! subscribing. Help us help. What's the latest news? Check CTH News ......///\oo/\\\
|
|
#12
January 16th, 2003, 10:45 PM
|
|||
|
|||
|
CIH sounds familiar! is that the Chernobyl virus from several years ago? i remember that was responsible for taking down the entire network in our engineering class at high school. d:)
it was messy.... one computer got saved because the date had been set wrong, and the Chernobyl virus is date activated. hehe. ya luck!
|
|
#13
January 17th, 2003, 12:55 AM
|
||||
|
||||
|
Good catch Spider! Pit, if it hasnt activated its payload, you might be lucky.
__________________
Moderator: Vista Forum Microsoft MVP - Windows Desktop Experience 2004-2008 If we have helped you, please consider supporting Cyber Tech Help with a subscription Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you. How to help prevent re-infection
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 09:25 AM.
[
RSS ]
