# TechSpot

By kuroigaishin · 21 replies
Jul 31, 2006
1. Whenever i run a scan with ad-aware (I have ad-aware se personal) it comes across a file called "Hkey_local_machine\software\" a few minutes into the scan and then freezes. Because of this, i haven't had a full scan in a bit and recently my computer got really loaded down with spyware. I fixed it eventually, but ad-aware still freezes up. Anyone know what the problem is or anyway that i can stop this from happening? Any help would be appreciated very much.

2. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Hello and welcome to Techspot.

First thing to try, is uninstalling and reinstalling Ad-Aware.

Just to be on the safe side, go and read this thread HERE.

Post a HJT log as a .txt attachment into this thread and Ill take a look and see if youve got any nasties lurking on your system.

Regards Howard :wave: :wave:

This thread is for the use of kuroigaishin only. Please dont post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

3. ### kuroigaishinTS RookieTopic Starter

Here's an HJT log, I uninstalled and reinstalled ad-aware and it still froze up on the same file. Thanks for the reply, let me know what i should try next

4. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Just as I suspected, your system is indeed infected with some nasties.

Go HERE and follow the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard

kuroigaishin,
May I suggest you download "Spybot v1.4" from http://www.safer-networking.org/en/index.html , install this & update during installation... Shut down your Ad-Aware completely before running Spybot.
> All items that show up *red* are bad for your system, those in *green* are Program Files, and those in *black* are System Files.
The RED ones will "auto-check" themselves, then you click "Fix Problems" button and Spybot will destroy those issues contaminating your system.

6. ### howard_hopkinsoTS RookiePosts: 24,177   +19

I hope this proves useful to you.

Anyone who follows the above instructions properly, should in theory, have installed SS&D and Ad-Aware SE, as well as Ewido etc.

BTW. If you have any questions about how we do things around here, please dont hesitate to pm me.

Regards Howard

7. ### kuroigaishinTS RookieTopic Starter

I followed the instructions on that page and heres an updated HJT log, but ad-aware is still freezing on the same file.

edit: by the way Howard, i also uninstalled and reinstalled ad-aware after doing what that post said.

8. ### howard_hopkinsoTS RookiePosts: 24,177   +19

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with (if there).

Web Offer
KillAndClean

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

crypt32(2)(2)(2).exe
wo.exe
KillAndClean.exe

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL (file missing)

O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\system32\wer8274.dll (file missing)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL (file missing)

O4 - HKCU\..\Run: [crypt32(2)(2)(2)] C:\WINDOWS\SYSTEM32\crypt32(2)(2)(2).exe

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0 .6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D235BA3-FD98-438F-8331-DBF674470056}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D85D7B-49D0-474C-9395-7186075A0213}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFAF56F-7214-4641-9685-4E3586208042}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE356E3A-8964-495F-8611-E3350B5CAF40}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.83 85.255.112.183
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D235BA3-FD98-438F-8331-DBF674470056}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.83 85.255.112.183

Only fix the above 017 entries, if they dont belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\KillAndClean
C:\PROGRA~1\Web Offer
C:\WINDOWS\SYSTEM32\crypt32(2)(2)(2).exe

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log and let us know how your system is running.

Regards Howard

9. ### kuroigaishinTS RookieTopic Starter

Ok, did that, only found crypt32(2)(2)(2).dll when looking in folders for those files. Problem still isn't solved, but atleast i'm getting rid of some bad junk that shouldn't be on my computer.

10. ### howard_hopkinsoTS RookiePosts: 24,177   +19

It would appear, Ive missed a nasty entry in your HJT log.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

DaemonTools_WhenUSaveNow_Installer

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

DaemonTools_WhenUSaveNow_Installer.exe

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\DaemonTools_WhenUSaveNow_Installer

Reboot into normal mode and turn system restore back on.

Let us know how your system is running.

Regards Howard

11. ### kuroigaishinTS RookieTopic Starter

well, Ad-aware is still freezing, but firefox is definitely moving more smoothly. Thanks a bunch for the help you've given so far howard

12. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Have HJT fix this entry.

O11 - Options group: [INTERNATIONAL] International*

Other than that your HJT log is clean.

I suggest you completely uninstall Ad-Aware, then go HERE and download the latest version and install it. see if that helps. If not I suspect some kind of software conflict.

Regards Howard

This thread is for the use of kuroigaishin only. Please dont post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

13. ### kuroigaishinTS RookieTopic Starter

Well, it still froze. Anyway, thanks for all the help cleaning up my computer Howard.

14. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Thats a strange one.

I d like you to run a Check disk.

Click start/run and type cmd into the run box and hit the enter button. At the command prompt type chkdsk /r /f and press enter. Note the spaces between the chkdsk command and the forward slash and again between the r and the forward slash.

Follow the onscreen instructions for scheduling a disk check and then type exit.

Reboot your computer and the disk check should begin.

See if it finds any bad clusters or anything. I dont know if itll help, but its worth a try.

Please be patient, as depending on the size of your hard drive, it could take a while to complete.

Regards Howard

15. ### kuroigaishinTS RookieTopic Starter

It said the volume is in use and asked me if I wanted to do it after the next time the volume restarted, i said yes and restarted my computer. After the scan It said:
"the type of file system is NTFS
the volume is clean"
If this check only looked at my C drive, I should probably also check my F drive. But I don't know how to do that, if I need to.

16. ### howard_hopkinsoTS RookiePosts: 24,177   +19

In order to check drive F, do the following.

Open my computer and right click on your f drive, select properties then the tools tab. Click on the check now button. Tick both boxes and click start.

Regards Howard

17. ### kuroigaishinTS RookieTopic Starter

It did fix some errors in the F drive and recovered some "orphaned files." Unfortunaterly, ad-aware still freezes. Also, now that I've tried using some programs other than mozilla and internet explorer I realise my computer is moving much slower than normal.

18. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Download and run the Ccleaner programme from HERE. Run it two or three times. Also, click on the issues button and click the scan for issues button. after the scan has finished, click the fix selected issues button. Do this several times untill no issues are found.

Now run a disk defrag. In fact run it twice.

Regards Howard

19. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Ive just found this interesting article about Ad-Aware freezing. Look HERE.

From what I can gather, this is a very common problem.

Regards Howard

20. ### kuroigaishinTS RookieTopic Starter

After defragging my F drive my computer started to move really slowly, and according to my task manager my CPU usage is at 100% all of the time, I have no clue what could be causing this. I'm running a virus scan with AVG just to be safe. Also, Ad-aware still freezes. I'll look at the other suggestions on that page once this new problem gets fixed.

21. ### kuroigaishinTS RookieTopic Starter

Problem solved. It turned out that both my computer being slow and ad-aware being unable to scan past that file were caused by a virus. After running ad-aware in safe mode and letting my computer sit for a while it found the virus and got rid of it. Thanks for all the help Howard.

22. ### howard_hopkinsoTS RookiePosts: 24,177   +19

Thats great news.

Thanks for letting us know.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard