Ad-Aware locking up

kkowie · Sep 6, 2004

Hi all-
I have an older computer with ad-aware installed. It gets so far, and then just hourglass....left it on overnight and same thing. It doesn't get too far. I have gone in and physically deleted some big files, seems like it has trouble with zip or large files. But then when it gets to the next one, it freezes up. It is showing that there are something like 73 files it has found and I can't do anything with them, because I have to shut it down and start it over. I tried to do the update file, but says nothing is found. It is on a win95 computer if that makes any difference. Thanks!

Byteman · Sep 6, 2004

Hi, Would like to have you post a log from HijackThis, a program (very tiny) that we use to see what problems exist.

There are directions here to do it:

http://mjc1.com/mirror/hjt/

Download it here:

http://tools.radiosplace.com/HijackThis.exe

It's a direct download so be ready with the folder for it.

Basically, you create a new folder, the desktop is OK provided you make a folder, name it something like HJT, and download TO that folder, run hijackthis.exe from there.

When it is done scanning> the Save log button will become available, save the log as hijackthis.txt which will open with Notepad. Go back to TSG, open your post, and copy and paste the entire logfile into a reply in your thread (here) and wait for advice.

Please do NOT use HJT yourself> nor the other programs yet. There are some cases where other steps are taken!

kkowie · Sep 6, 2004

Hi--
HJT downloaded fine. But when I went to run it..it tells me that 'a required .DLL file MSVBVM60.DLL was not found'. Now what?

Byteman · Sep 6, 2004

hi, You can try getting this:

http://www.javacoolsoftware.com/downloadfaq.html

Down at the bottom get the two downloads

VBRuntimes

MSCOMCTL installer--put them on the desktop,

2 clicks to install for each, that should fix it. Try running/installing again.
Would like an HJT log.

kkowie · Sep 6, 2004

Ok, i think it worked this time, here's my log:

Logfile of HijackThis v1.98.2
Scan saved at 2:52:15 PM, on 9/6/04
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MOUSE SOFTWARE\BALLY4D.EXE
C:\PROGRAM FILES\PLUS!\MICROSOFT INTERNET\IEXPLORE.EXE
C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\JLEDER.EXE
C:\PROGRAM FILES\PLUS!\MICROSOFT INTERNET\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPART~1.DLL
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aspire Performance Tuner] c:\ace\prf\prfrmnce.exe
O4 - HKLM\..\Run: [Reminder] C:\ACE\REMINDER\REMINDER.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\BALLY4D.EXE
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [kyynlspi] C:\WINDOWS\SYSTEM\jleder.exe
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - Startup: welwatch.exe.lnk = C:\ace\desktop\WELWATCH.EXE
O4 - Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O13 - WWW. Prefix: http://

Byteman · Sep 6, 2004

You need an online antivirus scan, go here and scan the entire system:

http://housecall.antivirus.com/housecall/start_corp.asp

Set the AUTOCLEAN button by putting in a checkmark and take marks out of floppy drive, and CDROM drive...it takes awhile to load the ActiveX control but eventually will finish, and when the SCAN button turns dark, hit that button and let it scan.

if that one does not want to work, after you give it plenty of time> someone should post some others for you. One more is:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Then get back to us with a new HJT log and we will see what remains to be done. Good work!

kkowie · Sep 6, 2004

ok, the Housecall virus scan found 5 viruses, which I deleted.. Here is my new HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 5:40:07 PM, on 9/6/04
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MOUSE SOFTWARE\BALLY4D.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPART~1.DLL
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aspire Performance Tuner] c:\ace\prf\prfrmnce.exe
O4 - HKLM\..\Run: [Reminder] C:\ACE\REMINDER\REMINDER.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\BALLY4D.EXE
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - Startup: welwatch.exe.lnk = C:\ace\desktop\WELWATCH.EXE
O4 - Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

kkowie · Sep 6, 2004

Please recheck my hjt log posted above. thanks!!

Byteman · Sep 6, 2004

Hi, make sure you have the following settings done:

In Windows Explorer>

Open the View menu.
Click Options.
Click the View tab.
Select the "Show all Files" radio button.
Click OK to save your settings.

Add/Remove Programs::

Uninstall MediaLoads or SmartPops or similar
And NetworkEssentials , it's toobar, and MoviePlace or DownloadWare in Add/Remove Programs.

Now, fix these with HJT: No other windows open (Close all IE or other browser windows!)

O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL

O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPART~1.DLL

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O4 - HKLM\..\Run: [MoviePlace] C:\Program Files\MoviePlace\MoviePlace.exe /H

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe

O4 - Startup: PowerReg Scheduler.exe

[Edit: Keep the Ace\Desktop entry I had here
for WELWATCH.exe------keep.

Did you put this into Internet Explorer settings, if so, keep.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

find these files, and delete them:

C:\WINDOWS\SYSTEM\ATPART~1.DLL

C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL

C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
C:\WINDOWS\CONSCORR.exe

C:\WINDOWS\BXXS5.DLL

C:\Program Files\MoviePlace\MoviePlace.exe" /H

Empty the Recycle Bin repost with HJT log.

kkowie · Sep 6, 2004

Was able to delete everything I think ,but had some trouble locating ATPART~1.DLL and BXXS5.DLL.

Here's my latest log:

Logfile of HijackThis v1.98.2
Scan saved at 7:09:12 PM, on 9/6/04
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MOUSE SOFTWARE\BALLY4D.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aspire Performance Tuner] c:\ace\prf\prfrmnce.exe
O4 - HKLM\..\Run: [Reminder] C:\ACE\REMINDER\REMINDER.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\BALLY4D.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - Startup: welwatch.exe.lnk = C:\ace\desktop\WELWATCH.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Byteman · Sep 6, 2004

hi, One more run of HJT:

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL

This time, reboot after HJT fix. Then:

Will need a new log, and > about the two files, they seem to be gone, so no problem, it is not unusual for some not to be found.

It would be in the C:\Windows folder,if you dont find it, that's ok.

kkowie · Sep 6, 2004

ok here it is again,...

Logfile of HijackThis v1.98.2
Scan saved at 7:54:41 PM, on 9/6/04
Platform: Windows 95 (Win9x 4.00.0950)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAM FILES\MOUSE SOFTWARE\BALLY4D.EXE
C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Aspire Performance Tuner] c:\ace\prf\prfrmnce.exe
O4 - HKLM\..\Run: [Reminder] C:\ACE\REMINDER\REMINDER.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\BALLY4D.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - Startup: welwatch.exe.lnk = C:\ace\desktop\WELWATCH.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Byteman · Sep 6, 2004

Looks like it went away. Post back if anything returns>
How are things running now?

kkowie · Sep 7, 2004

good! going back to retry the ad-aware software to see what all it found. Will let you all know when it's done running....

Byteman · Sep 7, 2004

Hi,
Forgot this one. When you are done with AdAware, post a log, and we will add this to any thing else> should only be this one thing, but ya never know. good work!

fix this, just run HJT and put check in this one:

O13 - WWW. Prefix: http://

and click to fix checked, as before.

Log in or Sign up

Ad-Aware locking up

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

Sponsor

Welcome to Tech Support Guy!

Log in or Sign up

Ad-Aware locking up

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

kkowie Thread Starter

Byteman Gone but Never Forgotten

Sponsor

Welcome to Tech Support Guy!

Useful Searches