TechSpot

ad-aware freezing

By kuroigaishin
Jul 31, 2006
  1. Whenever i run a scan with ad-aware (I have ad-aware se personal) it comes across a file called "Hkey_local_machine\software\" a few minutes into the scan and then freezes. Because of this, i haven't had a full scan in a bit and recently my computer got really loaded down with spyware. I fixed it eventually, but ad-aware still freezes up. Anyone know what the problem is or anyway that i can stop this from happening? Any help would be appreciated very much.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    First thing to try, is uninstalling and reinstalling Ad-Aware.

    Just to be on the safe side, go and read this thread HERE.

    Post a HJT log as a .txt attachment into this thread and I`ll take a look and see if you`ve got any nasties lurking on your system.

    Regards Howard :wave: :wave:

    This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    Here's an HJT log, I uninstalled and reinstalled ad-aware and it still froze up on the same file. Thanks for the reply, let me know what i should try next
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Just as I suspected, your system is indeed infected with some nasties.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :)
     
  5. Shadowhawk

    Shadowhawk TS Rookie

    kuroigaishin,
    May I suggest you download "Spybot v1.4" from http://www.safer-networking.org/en/index.html , install this & update during installation... Shut down your Ad-Aware completely before running Spybot.
    > All items that show up *red* are bad for your system, those in *green* are Program Files, and those in *black* are System Files.
    The RED ones will "auto-check" themselves, then you click "Fix Problems" button and Spybot will destroy those issues contaminating your system.
    > Re-Install your Ad-Aware SE v1.06r, update & run :).
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hi Shadowhawk.

    If you care to look at this thread HERE, you will see links to other threads that contain instructions for downloading SS&D/Ad-Aware Se and a host of other virus/spyware removal tools.

    I hope this proves useful to you.

    Anyone who follows the above instructions properly, should in theory, have installed SS&D and Ad-Aware SE, as well as Ewido etc.

    BTW. If you have any questions about how we do things around here, please don`t hesitate to pm me.

    Regards Howard :)
     
  7. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    I followed the instructions on that page and heres an updated HJT log, but ad-aware is still freezing on the same file.

    edit: by the way Howard, i also uninstalled and reinstalled ad-aware after doing what that post said.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with (if there).

    Web Offer
    KillAndClean

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    crypt32(2)(2)(2).exe
    wo.exe
    KillAndClean.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL (file missing)

    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL (file missing)

    O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\system32\wer8274.dll (file missing)

    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL (file missing)

    O4 - HKCU\..\Run: [crypt32(2)(2)(2)] C:\WINDOWS\SYSTEM32\crypt32(2)(2)(2).exe

    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

    O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c9.cab

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0 .6.cab

    O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1004a_pack_XP.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D235BA3-FD98-438F-8331-DBF674470056}: NameServer = 85.255.114.83,85.255.112.183
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D85D7B-49D0-474C-9395-7186075A0213}: NameServer = 85.255.114.83,85.255.112.183
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFAF56F-7214-4641-9685-4E3586208042}: NameServer = 85.255.114.83,85.255.112.183
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE356E3A-8964-495F-8611-E3350B5CAF40}: NameServer = 85.255.114.83,85.255.112.183
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.83 85.255.112.183
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D235BA3-FD98-438F-8331-DBF674470056}: NameServer = 85.255.114.83,85.255.112.183
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.83 85.255.112.183

    Only fix the above 017 entries, if they don`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\KillAndClean
    C:\PROGRA~1\Web Offer
    C:\WINDOWS\SYSTEM32\crypt32(2)(2)(2).exe

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log and let us know how your system is running.

    Regards Howard :)

    This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    Ok, did that, only found crypt32(2)(2)(2).dll when looking in folders for those files. Problem still isn't solved, but atleast i'm getting rid of some bad junk that shouldn't be on my computer.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It would appear, I`ve missed a nasty entry in your HJT log.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html


    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    DaemonTools_WhenUSaveNow_Installer

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    DaemonTools_WhenUSaveNow_Installer.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\DaemonTools_WhenUSaveNow_Installer

    Reboot into normal mode and turn system restore back on.

    Let us know how your system is running.

    Regards Howard :)

    This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    well, Ad-aware is still freezing, but firefox is definitely moving more smoothly. Thanks a bunch for the help you've given so far howard :)
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have HJT fix this entry.

    O11 - Options group: [INTERNATIONAL] International*

    Other than that your HJT log is clean.

    I suggest you completely uninstall Ad-Aware, then go HERE and download the latest version and install it. see if that helps. If not I suspect some kind of software conflict.

    Regards Howard :)

    This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    Well, it still froze. Anyway, thanks for all the help cleaning up my computer Howard.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19


    That`s a strange one.

    Apart form the freezing Adaware. Is your system running ok?

    I `d like you to run a Check disk.

    Click start/run and type cmd into the run box and hit the enter button. At the command prompt type chkdsk /r /f and press enter. Note the spaces between the chkdsk command and the forward slash and again between the r and the forward slash.

    Follow the onscreen instructions for scheduling a disk check and then type exit.

    Reboot your computer and the disk check should begin.

    See if it finds any bad clusters or anything. I don`t know if it`ll help, but it`s worth a try.

    Please be patient, as depending on the size of your hard drive, it could take a while to complete.

    Regards Howard :)
     
  15. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    It said the volume is in use and asked me if I wanted to do it after the next time the volume restarted, i said yes and restarted my computer. After the scan It said:
    "the type of file system is NTFS
    the volume is clean"
    If this check only looked at my C drive, I should probably also check my F drive. But I don't know how to do that, if I need to.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In order to check drive F, do the following.

    Open my computer and right click on your f drive, select properties then the tools tab. Click on the check now button. Tick both boxes and click start.

    Regards Howard :)
     
  17. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    It did fix some errors in the F drive and recovered some "orphaned files." Unfortunaterly, ad-aware still freezes. Also, now that I've tried using some programs other than mozilla and internet explorer I realise my computer is moving much slower than normal.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download and run the Ccleaner programme from HERE. Run it two or three times. Also, click on the issues button and click the scan for issues button. after the scan has finished, click the fix selected issues button. Do this several times untill no issues are found.

    Now run a disk defrag. In fact run it twice.

    Next, uninstall Ad-Aware completely, then go HERE and download the latest version.

    See how your system runs.

    Regards Howard :)
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`ve just found this interesting article about Ad-Aware freezing. Look HERE.

    From what I can gather, this is a very common problem.

    Regards Howard :)
     
  20. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    After defragging my F drive my computer started to move really slowly, and according to my task manager my CPU usage is at 100% all of the time, I have no clue what could be causing this. I'm running a virus scan with AVG just to be safe. Also, Ad-aware still freezes. I'll look at the other suggestions on that page once this new problem gets fixed.
     
  21. kuroigaishin

    kuroigaishin TS Rookie Topic Starter

    Problem solved. It turned out that both my computer being slow and ad-aware being unable to scan past that file were caused by a virus. After running ad-aware in safe mode and letting my computer sit for a while it found the virus and got rid of it. Thanks for all the help Howard.
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s great news.

    Thanks for letting us know.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...