Ad-Aware locking up

[kkowie]

Hi all-
I have an older computer with ad-aware installed. It gets so far, and then just hourglass....left it on overnight and same thing. It doesn't get too far. I have gone in and physically deleted some big files, seems like it has trouble with zip or large files. But then when it gets to the next one, it freezes up. It is showing that there are something like 73 files it has found and I can't do anything with them, because I have to shut it down and start it over. I tried to do the update file, but says nothing is found. It is on a win95 computer if that makes any difference. Thanks!

 

[Byteman]

Hi, Would like to have you post a log from HijackThis, a program (very tiny) that we use to see what problems exist.

There are directions here to do it:

http://mjc1.com/mirror/hjt/

Download it here:

http://tools.radiosplace.com/HijackThis.exe

It's a direct download so be ready with the folder for it.

Basically, you create a new folder, the desktop is OK provided you make a folder, name it something like HJT, and download TO that folder, run hijackthis.exe from there.

When it is done scanning> the Save log button will become available, save the log as hijackthis.txt which will open with Notepad. Go back to TSG, open your post, and copy and paste the entire logfile into a reply in your thread (here) and wait for advice.

Please do NOT use HJT yourself> nor the other programs yet. There are some cases where other steps are taken!

 

[kkowie]

Hi--
HJT downloaded fine. But when I went to run it..it tells me that 'a required .DLL file MSVBVM60.DLL was not found'. Now what?

 

[Byteman]

hi, You can try getting this:

http://www.javacoolsoftware.com/downloadfaq.html

Down at the bottom get the two downloads

VBRuntimes

MSCOMCTL installer--put them on the desktop,

2 clicks to install for each, that should fix it. Try running/installing again.
Would like an HJT log.

 

[kkowie]

Ok, i think it worked this time, here's my log:

Logfile of HijackThis v1.98.2
Scan saved at 2:52:15 PM, on 9/6/04
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MOUSE SOFTWARE\BALLY4D.EXE
C:\PROGRAM FILES\PLUS!\MICROSOFT INTERNET\IEXPLORE.EXE
C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\JLEDER.EXE
C:\PROGRAM FILES\PLUS!\MICROSOFT INTERNET\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPART~1.DLL
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aspire Performance Tuner] c:\ace\prf\prfrmnce.exe
O4 - HKLM\..\Run: [Reminder] C:\ACE\REMINDER\REMINDER.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\BALLY4D.EXE
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [kyynlspi] C:\WINDOWS\SYSTEM\jleder.exe
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - Startup: welwatch.exe.lnk = C:\ace\desktop\WELWATCH.EXE
O4 - Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O13 - WWW. Prefix: http://

 

[Byteman]

You need an online antivirus scan, go here and scan the entire system:

http://housecall.antivirus.com/housecall/start_corp.asp


Set the AUTOCLEAN button by putting in a checkmark and take marks out of floppy drive, and CDROM drive...it takes awhile to load the ActiveX control but eventually will finish, and when the SCAN button turns dark, hit that button and let it scan.

if that one does not want to work, after you give it plenty of time> someone should post some others for you. One more is:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Then get back to us with a new HJT log and we will see what remains to be done. Good work!

 

[kkowie]

ok, the Housecall virus scan found 5 viruses, which I deleted.. Here is my new HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 5:40:07 PM, on 9/6/04
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MOUSE SOFTWARE\BALLY4D.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPART~1.DLL
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aspire Performance Tuner] c:\ace\prf\prfrmnce.exe
O4 - HKLM\..\Run: [Reminder] C:\ACE\REMINDER\REMINDER.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\BALLY4D.EXE
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - Startup: welwatch.exe.lnk = C:\ace\desktop\WELWATCH.EXE
O4 - Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

[kkowie]

Please recheck my hjt log posted above. thanks!!

 

[Byteman]

Hi, make sure you have the following settings done:

In Windows Explorer>

Open the View menu.
Click Options.
Click the View tab.
Select the "Show all Files" radio button.
Click OK to save your settings.

Add/Remove Programs::

Uninstall MediaLoads or SmartPops or similar
And NetworkEssentials , it's toobar, and MoviePlace or DownloadWare in Add/Remove Programs.



Now, fix these with HJT: No other windows open (Close all IE or other browser windows!)

O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL

O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPART~1.DLL

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O4 - HKLM\..\Run: [MoviePlace] C:\Program Files\MoviePlace\MoviePlace.exe /H

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe

O4 - Startup: PowerReg Scheduler.exe

[Edit: Keep the Ace\Desktop entry I had here
for WELWATCH.exe------keep.

Did you put this into Internet Explorer settings, if so, keep.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

find these files, and delete them:

C:\WINDOWS\SYSTEM\ATPART~1.DLL

C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL

C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
C:\WINDOWS\CONSCORR.exe

C:\WINDOWS\BXXS5.DLL

C:\Program Files\MoviePlace\MoviePlace.exe" /H

Empty the Recycle Bin repost with HJT log.

 

[kkowie]

Was able to delete everything I think ,but had some trouble locating ATPART~1.DLL and BXXS5.DLL.

Here's my latest log:

Logfile of HijackThis v1.98.2
Scan saved at 7:09:12 PM, on 9/6/04
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MOUSE SOFTWARE\BALLY4D.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aspire Performance Tuner] c:\ace\prf\prfrmnce.exe
O4 - HKLM\..\Run: [Reminder] C:\ACE\REMINDER\REMINDER.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\BALLY4D.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - Startup: welwatch.exe.lnk = C:\ace\desktop\WELWATCH.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

[Byteman]

hi, One more run of HJT:

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL

This time, reboot after HJT fix. Then:

Will need a new log, and > about the two files, they seem to be gone, so no problem, it is not unusual for some not to be found.

It would be in the C:\Windows folder,if you dont find it, that's ok.

 

[kkowie]

ok here it is again,...

Logfile of HijackThis v1.98.2
Scan saved at 7:54:41 PM, on 9/6/04
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MOUSE SOFTWARE\BALLY4D.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aspire Performance Tuner] c:\ace\prf\prfrmnce.exe
O4 - HKLM\..\Run: [Reminder] C:\ACE\REMINDER\REMINDER.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\BALLY4D.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - Startup: welwatch.exe.lnk = C:\ace\desktop\WELWATCH.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

[Byteman]

Looks like it went away. Post back if anything returns>
How are things running now?

 

[kkowie]

good! going back to retry the ad-aware software to see what all it found. Will let you all know when it's done running....

 

[Byteman]

Hi,
Forgot this one. When you are done with AdAware, post a log, and we will add this to any thing else> should only be this one thing, but ya never know. good work!

fix this, just run HJT and put check in this one:


O13 - WWW. Prefix: http://

and click to fix checked, as before.