Jump to content


Photo

AdAware consistently hangs


  • This topic is locked This topic is locked
4 replies to this topic

#1 rdanner3

rdanner3

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 17 August 2005 - 08:22 AM

Since I'm totally confused by this whole mess (and neither ScanSpyware or Spybot S&D show anything) I'm asking, almost begging for help here... (and no, telling me to "update to WinXPSP2" isn't an option, sorry. Old machine.)
AdAware hangs totally (locks the OS up, in fact!) every time at one specific point during the registry scan. It's checking CLSIDs at the time, too. The CLSID ends in 00049, if that helps any. (I've also had to quit using the TeaTimer module of Spybot S&D because it won't let me approve changes; the dialog is badly broken.)

Machine details:
CPU: K6-2/350
RAM: 320Mb (8Mb used as video buffer, so 312Mb available to Windows)
WIN: Windows 98SE with all current patches

For many reasons, I use Firefox on all sites except those that absolutely require MSIE...that's how little I trust Microsoft's browser... and I've not used Outlook or Outlook Express in a decade. (again, I don't trust Microsoft's rarely-patched products!)

HijackThis! Log:
Logfile of HijackThis v1.99.1
Scan saved at 08.36 ct, on 8/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
E:\TOOLS\PERFECTDISK\PDENGINE.EXE
C:\WINDOWS\SYSTEM\NPDOR9X.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\BELKIN BULLDOG PLUS\UPSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
E:\TOOLS\AVG FREE\AVGCC.EXE
E:\TOOLS\AVG FREE\AVGEMC.EXE
E:\TOOLS\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\NPDOR\NPDOR.EXE
C:\PROGRAM FILES\NETRATINGSNETMETER\NETMETER\NIELSENONLINE.EXE
C:\WINDOWS\RunDLL.exe
E:\TOOLS\FREE RAM OPTIMIZER\FRO.EXE
E:\SOCKETWATCH\SWATCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\TOOLS\ADOBE\ACROBAT\READER\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\TOOLS\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - E:\TTS\TEXTAL~1\TAFORIE.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVG7_CC] E:\TOOLS\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\TOOLS\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] E:\TOOLS\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [000 - BPFTP Server] E:\BPFTP\Server\bpftpserver.exe -h
O4 - HKLM\..\Run: [MyPointsPointAlert0] "C:\PROGRAM FILES\MYPOINTS_POINTALERT\MyPointsPointAlert0.exe"
O4 - HKLM\..\Run: [Hti] C:\NPDOR\npdor.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [UPSentry Smart 2000] C:\Program Files\Belkin Bulldog Plus\upsd.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [PerfectDisk] e:\tools\perfectdisk\PDEngine.exe
O4 - HKLM\..\RunServices: [NFM Service] C:\WINDOWS\SYSTEM\NPDOR9x.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [UPSentry Smart 2000] C:\Program Files\Belkin Bulldog Plus\upsd.exe
O4 - HKLM\..\RunServices: [G6 FTP Server Startup] E:\BPFTP\SERVER\BPFTPSERVER.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Free Ram Optimizer] E:\Tools\Free Ram Optimizer\fro.exe
O4 - Startup: SocketWatch.lnk = E:\SocketWatch\swatch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: MyPoints - file://C:\PROGRAM FILES\MYPOINTS_POINTALERT\Sy800\Tp800\scri800a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\P2P\HELLO\PICASACAPTURE.DLL
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\P2P\HELLO\PICASACAPTURE.DLL
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\PROGRAM FILES\MYPOINTS_POINTALERT\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmai..._downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Note: I am a panelist on NPDOR, also one with Neilson//NetRatings, and a MyPoints participant. (on a semi-unrelated note, I'm unable to load anything Flash or Shockwave, and there's no apparent reason for it either, but the logfile above doesn't seem to show anything.)

#2 daparker

daparker

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,246 posts

Posted 24 August 2005 - 07:44 PM

Hello and welcome to the forums. Sorry for the delay in responding, but we have been pretty busy here lately. Since your log might have changed since your last posting, I would like to see a new log. If you could please post a new log, I will be glad to review it.

#3 rdanner3

rdanner3

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 24 August 2005 - 08:06 PM

Hello and welcome to the forums.  Sorry for the delay in responding, but we have been pretty busy here lately.  Since your log might have changed since your last posting, I would like to see a new log.  If you could please post a new log, I will be glad to review it.

View Post

Log below is fresh, HiJackThis! is actually still active.

Logfile of HijackThis v1.99.1
Scan saved at 20.58 CT, on 8/24/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\PROGRAM FILES\BELKIN BULLDOG PLUS\UPSD.EXE
E:\TOOLS\FREE RAM OPTIMIZER\FRO.EXE
E:\SOCKETWATCH\SWATCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
E:\TOOLS\WINAMP5X\WINAMP.EXE
E:\MIRC591T\MIRC.EXE
E:\MIRC4JPS\MIRC.EXE
I:\TRILLIAN\TRILLIAN.EXE
E:\BROWSER\THUNDERBIRD\THUNDERBIRD.EXE
E:\BROWSER\MOZILLA\FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\TOOLS\ADOBE\ACROBAT\READER\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\TOOLS\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - E:\TTS\TEXTAL~1\TAFORIE.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [000 - Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [001 - ScanRegWin] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [002 - SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [003 - UPSentry Smart 2000] C:\Program Files\Belkin Bulldog Plus\upsd.exe
O4 - HKLM\..\Run: [004 - Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [000 - SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [001 - KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [002 - Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKCU\..\Run: [000 - Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [005 - Free Ram Optimizer] E:\Tools\Free Ram Optimizer\fro.exe
O4 - HKCU\..\RunOnce: [RWIP-UN5] C:\MYDOCU~1\RWCClea5.exe "E:\TOOLS\R-WIPE~1\RWIPEI~1.EXE"
O4 - Startup: SocketWatch.lnk = E:\SocketWatch\swatch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: MyPoints - file://C:\PROGRAM FILES\MYPOINTS_POINTALERT\Sy800\Tp800\scri800a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\P2P\HELLO\PICASACAPTURE.DLL
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\P2P\HELLO\PICASACAPTURE.DLL
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\PROGRAM FILES\MYPOINTS_POINTALERT\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmai..._downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

The hang by AdAware is not (apparently) explained by the above logfile, but I'm not an expert in this stuff. It's quite annoying.

#4 daparker

daparker

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,246 posts

Posted 24 August 2005 - 10:50 PM

Please download a free trial of Trojan Hunter here and run a scan to clean up anything it finds.

#5 daparker

daparker

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,246 posts

Posted 24 September 2005 - 10:56 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




Member of UNITE
Support SpywareInfo Forum - click the button