mystery problem does not allow ad-aware run a full systems scan

Nesatauri · October 31, 2005, 03:18:35 AM

hello,

I thought that since you guys helped (kinda) with my problems with my silly winME computer back in the Lavasoft support, maybe you could help me with a new problem with that same old winME.

Symptoms of the problem:
The computer will freeze at random times, but mostly when connected to the internet. But since the computer is most often used for that purpose, it might as well be random. I am able to run a thorough virus scan with Avast! antivirus without problems, but the scan indicate no problems. I am not able to run a full systems scan with Ad-Aware in the computer's normal mode without getting the Blue Screen of Death.
The BSoD Indicstes the problem is (FILENAME:VMM(01)+0000C81A ERROR: 0E:0028:C0000D81A). However, I am able to perform a full systems scan in the computer's safe mode. The scan turns up nothing.

I have also checked the computer wit Ad-Aware's VX2cleaner add-on. Nothing results.

an Ad-Aware full systems scan logfile follows:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, October 30, 2005 7:37:10 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R72 26.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R72 26.10.2005
Internal build : 84
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 539750 Bytes
Total size : 1615006 Bytes
Signature data size : 1581460 Bytes
Reference data size : 33034 Bytes
Signatures total : 44876
CSI Fingerprints total : 1056
CSI data size : 37714 Bytes
Target categories : 15
Target families : 765

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:58 %
Total physical memory:129568 kb
Available physical memory:47008 kb
Total page file size:1967580 kb
Available on page file:1967580 kb
Total virtual memory:2093056 kb
Available virtual memory:2043776 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects

10-30-2005 7:37:10 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279191609
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294938213
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294936141
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294949281
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:5 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294873145
Threads : 5
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:6 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4294774609
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:7 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294714125
Threads : 2
Priority : Realtime
FileVersion : 4.08.00.0400
ProductVersion : 4.08.00.0400
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2000
OriginalFilename : DDHelp.exe

#:8 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294890161
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1493 entries scanned.
New critical objects:0
Objects found so far: 0

7:43:43 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:32.60
Objects scanned:116881
Objects identified:0
Objects ignored:0
New critical objects:0
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Maybe one of you could point out a problem process. But, since the problem process is not in operation in safe mode, obviously, the process might not be on the process list. Keep in mind I cannot perform a full systems scan in normal mode.
Thanks in advance for any help.

Nesatauri · October 31, 2005, 03:47:51 AM

as an addendum: winME executes scandisk upon startup after the computer is turned on after a improper shutdown. It now tries to scandisk after every shutdown, but is prevented from finishing by, I suppose, whatever is wrong with my computer. Scandisk can't be completed in either safe or normal mode.

Corrine · October 31, 2005, 12:16:00 PM

Hi, Nesatauri. Welcome to LzD.

First thing, please confirm that you are running a Hosts file program:

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1493 entries scanned.

Second, are you able to complete a Smart Scan in normal mode? If so, please run that and post the logfile.

Thanks.

Nesatauri · November 03, 2005, 03:20:47 AM

Ah yes, I either downloaded IE-SPYAD or used one of the hostfile things Mitch recommends on his page. I'll try running that smart scan.

Nesatauri · November 03, 2005, 04:05:44 AM

Hmmm.. things seem to have worsened since the last time I checked on it. The computer can't even get past the start screen, so I cannot enter either safe mode or normal mode.

Oh... I wish it were a linux so I could at least try ssh'ing in... poo... Any suggestions?

Nesatauri · November 03, 2005, 05:28:12 PM

Och... Hard drive may be borked, but I got no way of testing that theory out. the staart up disks I've tried don't help, the computer wont even boot from a floppy. :exorcize: hehe.. last rites for my computer...

Well, thanks anyway!

SpyDie · November 03, 2005, 06:12:50 PM

Seriously, ME is just not worth running. So you are still having these problems or have you sorted them?

Nesatauri · November 03, 2005, 06:45:20 PM

Ah, yes, thats the sentiment of about everyone I talk to. ME is fine under constant maintanance, but I just couldn't be around to take care of it. I have my own computer :lol:, and I tend to forget about my family's computer.

I'm going to conduct a drive fitness test and then a quick restore with it if I can, hopefully I can get it to boot from cd. If none of those work I'm going to just recommend to my father to get a new hard drive. Hopefully I can learn how to put in a new hard drive between now and then. Then its either WinXP or Ubuntu Linux. Good riddance, ME!

Might be a good month or so before this is sorted out because of school and other time consuming monsters in my life, but you may close this topic if you wish, this is most probably a hardware rather than a software problem.

SpyDie · November 03, 2005, 06:52:09 PM

No need to close the topic, someone else might post with some suggestions for you in the mean time.

Hope you get it sorted :)

Paddy · November 03, 2005, 07:03:34 PM

I found some info for you regarding upgrading
Some great info for you at this site ..
http://www.winsupersite.com/showcase/windowsxp_sg_9xupgrade.asp

Regards:

numbnuts.. :breakkie:

Nesatauri · November 23, 2005, 07:42:54 AM

Yep, twas the hard drives. Waiting on replacement parts for now. Thank you all for being so willing to help!

Nesatauri · December 07, 2005, 01:39:45 AM

harddrives replace, but WinME installed. Oh well. Such things are out of my control, and my parents won't take many recommendations from me seriously. They think I'm a loon for wanting to install an antivirus. Heh, maybe I am :hysterical:

Oooo... what an interesting new smiley :beg:

Ack... I will be installing Avast, spywareblaster, and Ad-Aware just to spite them :muahaha:

Jason · December 07, 2005, 02:17:37 PM

Quote from: Nesatauri on December 07, 2005, 01:39:45 AM
harddrives replace, but WinME installed. Oh well. Such things are out of my control, and my parents won't take many recommendations from me seriously. They think I'm a loon for wanting to install an antivirus. Heh, maybe I am :hysterical:
Ack... I will be installing Avast, spywareblaster, and Ad-Aware just to spite them :muahaha:

Nesatauri,

Some parents are convinced on having the "know how" on exactly everything. :?
Because of larger experience on different issues they may certainly mostly be right, but in this specific case I can tell you that yours are out in a swamp stuck in quicksand. :P

Keep up the good work on installing these security items that you've mentioned :thumbsup:, and I strongly suggest that you increase those ideas with a freeware firewall too.

At least you know in your heart that your right on this one, even if your parents has missunderstood your information for some kind of rebuke instead of regarding it as sharing of important knowledge on computers.

After stepping up on security you ought to consider how to convince them :exorcize: on replacing Windows ME for an alternative that's strong supported by security patches from the vendor like for instance Windows 2000 or XP.

Best of luck!
Jason ;)

Nesatauri · December 15, 2005, 03:29:15 AM

:roll: hmmmm........ I see ME comes with a version of IE with an alexa browser extension. Ack, no problem though, ad-aware took care of it.

anyhow, is there a way to get new definition files without connecting to the internet? definition files are 208 days old, and I haven't installed AOL(blech) on the computer yet.

Corrine · December 15, 2005, 03:13:53 PM

Hi, Nesatauri. You can download the zip file from the link below, but as you are already connecting, you may as well do the WebUpdate.

http://lavasoft.element5.com/support/download/