ad-aware freezing

[kuroigaishin]

Whenever i run a scan with ad-aware (I have ad-aware se personal) it comes across a file called "Hkey_local_machine\software\" a few minutes into the scan and then freezes. Because of this, i haven't had a full scan in a bit and recently my computer got really loaded down with spyware. I fixed it eventually, but ad-aware still freezes up. Anyone know what the problem is or anyway that i can stop this from happening? Any help would be appreciated very much.

 

[howard_hopkinso]

Hello and welcome to Techspot.

First thing to try, is uninstalling and reinstalling Ad-Aware.

Just to be on the safe side, go and read this thread HERE.

Post a HJT log as a .txt attachment into this thread and I`ll take a look and see if you`ve got any nasties lurking on your system.

Regards Howard :wave: :wave:

This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kuroigaishin]

Here's an HJT log, I uninstalled and reinstalled ad-aware and it still froze up on the same file. Thanks for the reply, let me know what i should try next

 

[howard_hopkinso]

Just as I suspected, your system is indeed infected with some nasties.

Go HERE and follow the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard

 

[Shadowhawk]

kuroigaishin,
May I suggest you download "Spybot v1.4" from http://www.safer-networking.org/en/index.html , install this & update during installation... Shut down your Ad-Aware completely before running Spybot.
> All items that show up *red* are bad for your system, those in *green* are Program Files, and those in *black* are System Files.
The RED ones will "auto-check" themselves, then you click "Fix Problems" button and Spybot will destroy those issues contaminating your system.
> Re-Install your Ad-Aware SE v1.06r, update & run .

 

[howard_hopkinso]

Hi Shadowhawk.

If you care to look at this thread HERE, you will see links to other threads that contain instructions for downloading SS&D/Ad-Aware Se and a host of other virus/spyware removal tools.

I hope this proves useful to you.

Anyone who follows the above instructions properly, should in theory, have installed SS&D and Ad-Aware SE, as well as Ewido etc.

BTW. If you have any questions about how we do things around here, please don`t hesitate to pm me.

Regards Howard

 

[kuroigaishin]

I followed the instructions on that page and heres an updated HJT log, but ad-aware is still freezing on the same file.

edit: by the way Howard, i also uninstalled and reinstalled ad-aware after doing what that post said.

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with (if there).

Web Offer
KillAndClean

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

crypt32(2)(2)(2).exe
wo.exe
KillAndClean.exe

Close task manager.

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL (file missing)

O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\system32\wer8274.dll (file missing)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL (file missing)

O4 - HKCU\..\Run: [crypt32(2)(2)(2)] C:\WINDOWS\SYSTEM32\crypt32(2)(2)(2).exe

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c9.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0 .6.cab

O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1004a_pack_XP.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D235BA3-FD98-438F-8331-DBF674470056}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D85D7B-49D0-474C-9395-7186075A0213}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFAF56F-7214-4641-9685-4E3586208042}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE356E3A-8964-495F-8611-E3350B5CAF40}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.83 85.255.112.183
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D235BA3-FD98-438F-8331-DBF674470056}: NameServer = 85.255.114.83,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.83 85.255.112.183

Only fix the above 017 entries, if they don`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\KillAndClean
C:\PROGRA~1\Web Offer
C:\WINDOWS\SYSTEM32\crypt32(2)(2)(2).exe

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log and let us know how your system is running.

Regards Howard

This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kuroigaishin]

Ok, did that, only found crypt32(2)(2)(2).dll when looking in folders for those files. Problem still isn't solved, but atleast i'm getting rid of some bad junk that shouldn't be on my computer.

 

[howard_hopkinso]

It would appear, I`ve missed a nasty entry in your HJT log.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html


Go to add remove programmes in your control panel and uninstall anything to do with(if there).

DaemonTools_WhenUSaveNow_Installer

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

DaemonTools_WhenUSaveNow_Installer.exe

Close task manager.

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\DaemonTools_WhenUSaveNow_Installer

Reboot into normal mode and turn system restore back on.

Let us know how your system is running.

Regards Howard

This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kuroigaishin]

well, Ad-aware is still freezing, but firefox is definitely moving more smoothly. Thanks a bunch for the help you've given so far howard

 

[howard_hopkinso]

Have HJT fix this entry.

O11 - Options group: [INTERNATIONAL] International*

Other than that your HJT log is clean.

I suggest you completely uninstall Ad-Aware, then go HERE and download the latest version and install it. see if that helps. If not I suspect some kind of software conflict.

Regards Howard

This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kuroigaishin]

Well, it still froze. Anyway, thanks for all the help cleaning up my computer Howard.

 

[howard_hopkinso]

Well, it still froze. Anyway, thanks for all the help cleaning up my computer Howard.

That`s a strange one.

Apart form the freezing Adaware. Is your system running ok?

I `d like you to run a Check disk.

Click start/run and type cmd into the run box and hit the enter button. At the command prompt type chkdsk /r /f and press enter. Note the spaces between the chkdsk command and the forward slash and again between the r and the forward slash.

Follow the onscreen instructions for scheduling a disk check and then type exit.

Reboot your computer and the disk check should begin.

See if it finds any bad clusters or anything. I don`t know if it`ll help, but it`s worth a try.

Please be patient, as depending on the size of your hard drive, it could take a while to complete.

Regards Howard

 

[kuroigaishin]

It said the volume is in use and asked me if I wanted to do it after the next time the volume restarted, i said yes and restarted my computer. After the scan It said:
"the type of file system is NTFS
the volume is clean"
If this check only looked at my C drive, I should probably also check my F drive. But I don't know how to do that, if I need to.

 

[howard_hopkinso]

In order to check drive F, do the following.

Open my computer and right click on your f drive, select properties then the tools tab. Click on the check now button. Tick both boxes and click start.

Regards Howard

 

[kuroigaishin]

It did fix some errors in the F drive and recovered some "orphaned files." Unfortunaterly, ad-aware still freezes. Also, now that I've tried using some programs other than mozilla and internet explorer I realise my computer is moving much slower than normal.

 

[howard_hopkinso]

Download and run the Ccleaner programme from HERE. Run it two or three times. Also, click on the issues button and click the scan for issues button. after the scan has finished, click the fix selected issues button. Do this several times untill no issues are found.

Now run a disk defrag. In fact run it twice.

Next, uninstall Ad-Aware completely, then go HERE and download the latest version.

See how your system runs.

Regards Howard

 

[howard_hopkinso]

I`ve just found this interesting article about Ad-Aware freezing. Look HERE.

From what I can gather, this is a very common problem.

Regards Howard

 

[kuroigaishin]

After defragging my F drive my computer started to move really slowly, and according to my task manager my CPU usage is at 100% all of the time, I have no clue what could be causing this. I'm running a virus scan with AVG just to be safe. Also, Ad-aware still freezes. I'll look at the other suggestions on that page once this new problem gets fixed.

 

[kuroigaishin]

Problem solved. It turned out that both my computer being slow and ad-aware being unable to scan past that file were caused by a virus. After running ad-aware in safe mode and letting my computer sit for a while it found the virus and got rid of it. Thanks for all the help Howard.

 

[howard_hopkinso]

That`s great news.

Thanks for letting us know.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of kuroigaishin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.