Ad-Aware crashing , help plz

^aRaS^ · 10-25-2004, 05:53 PM

Hi there , I am new in this forum , but I think u ppl are smart and friendly :)) And will help me

btw sry for bad english

Ok here is the problem , I use Ad-Aware SE with newest updates , and when I start scan my hhd it crash always on windows directory , just stop and dont do anything :( before everething was ok , so now I feel like my pc got tons of no needed crap , and I cant clean it :(

I hope u understood what I wrote , if u will have any questions feel free to ask ...

thx u for helping me

**Pancake** · 10-25-2004, 07:44 PM

Hi ^aRaS^
Will you get "SpyBot S&D' and then do a scan.Everything it finds that is marked in red,get spybot to fix.Then try to run Adaware.Let us know if this helps.

ni4wdc · 10-26-2004, 03:57 AM

Funny you should have problems with Ad-Aware SE as I downloaded it the other day and the only way I can get it to work is to stop it searching in zipped files???

Alan...

^aRaS^ · 10-26-2004, 09:36 AM

Pencace

I downloaded Spybod S&D , made a scan , fixed all in red , but ad-aware is still working the same :(

I use Norton Antivirus , it have newest updates , and dont found anything too...

what else I could do ?

btw I tryed to take off scaning in zip files , but its the same as before...

thx

^aRaS^ · 10-26-2004, 11:21 AM

Here is my hjack log file , hope it will help a little

Logfile of HijackThis v1.98.2
Scan saved at 21:14:35, on 2004.10.26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJC\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab

CTSNKY · 10-26-2004, 03:40 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until menu shows up).

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\conscorr.exe

Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.

Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com. Your XP is sorely out of date!

^aRaS^ · 10-26-2004, 03:52 PM

Thx for your answer CTSNKY , I will try to do it , and then I will come with new log

I never do win updates

it looks for me like my pc start to work much more slowely after updates , and have tons of no needed crap

but its just my opinion , maybe I am wrong ~~

CTSNKY · 10-26-2004, 03:56 PM

It may seem slow at first, but will surely improve. There are MUCH needed security patches, which protect your computer against well-known flaws in XP. Hackers lick their lips when they come across an non-updated machine.

^aRaS^ · 10-26-2004, 03:59 PM

but it also instal a lot of no needed things ?
so u sugest me to make update ?

CTSNKY · 10-26-2004, 04:01 PM

I suggest you go to that site and download & install ALL Critical patches that Windows recommends you have.

^aRaS^ · 10-26-2004, 04:22 PM

Ok I did everething u sayd , also wondering about this file conscorr.ini in Windows dir. I need to delete it too ?

Here is my new log :

Logfile of HijackThis v1.98.2
Scan saved at 02:19:04, on 2004.10.27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab

CTSNKY · 10-26-2004, 04:26 PM

Yes, I would recommend deleting conscorr.ini from that folder.

Your log is clean, well done. Any lingering problems?

To help prevent future spyware installations/infections, please read the Anti-Spyware Section and use the tools provided.

^aRaS^ · 10-26-2004, 04:39 PM

THX for your help dude

ok , I will follow "Spyware Prevention"

but I still have main problem : my ad-aware crash

In safe mode it works fine , but in normal , it scans about 500-1500 objects and stops ... just stops on one file and dont move :(

any ideas about this one ?

CTSNKY · 10-26-2004, 04:51 PM

What does it say on the screen when it crashes? Any error message? Is it stuck on "Conditional Scanning"? If yes, then check this info from Lavasoft:

Please run Ad-Aware SE using the command line to skip the conditional scan.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +procnuke +cskip

Click OK.

Note: The path above (between the quotes) is the default location of Ad-Aware SE, if you installed to a different directory please adjust it to the correct location.

This will lauch Ad-Aware SE with the special +procnuke option. Click Start and make sure that "Search for negligible risk entries" is unchecked i.e. it has a red cross. Then select "Perform full system scan" and click next to start the scan.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family". Click next, Click OK to confirm removal.

After completing a scan skipping the conditional scan, you should be able to do a full system scan.

^aRaS^ · 10-26-2004, 05:13 PM

it dont show any erorrs or smth ... it just freeze ...
I made screen shot , maybe it will help :
http://upl.silentwhisper.net/uplfold...are_screen.JPG

how u see on the pic , scaning just stoped on that moment , I can left it for hour or even more , but it will show the same

btw I tryed to do that what u wrote , it dont help :(

mimo2005 · 10-26-2004, 05:25 PM

Hi
uninstall it ,and download it again ,and see if the problem still occurs .

^aRaS^ · 10-26-2004, 05:52 PM

Quote:

Originally Posted by mimo2005

Hi
uninstall it ,and download it again ,and see if the problem still occurs .

Hi mimo2005

Yes , the problem still accurs :(
Btw I noticed that it almost everytime freeze on *.dll file in system32

have any other sugestions ?

mimo2005 · 10-26-2004, 06:02 PM

well ,your last log looks clean . have you tried it in safe mode ?

10-25-2004, 05:53 PM	#1 (permalink)
^aRaS^ Registered User Join Date: Oct 2004 Location: Lithuania Posts: 39 OS: XP	Ad-Aware crashing , help plz Hi there , I am new in this forum , but I think u ppl are smart and friendly :)) And will help me btw sry for bad english Ok here is the problem , I use Ad-Aware SE with newest updates , and when I start scan my hhd it crash always on windows directory , just stop and dont do anything :( before everething was ok , so now I feel like my pc got tons of no needed crap , and I cant clean it :( I hope u understood what I wrote , if u will have any questions feel free to ask ... thx u for helping me

10-25-2004, 07:44 PM	#2 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,405 OS: XP Pro SP3	Hi ^aRaS^ Will you get "SpyBot S&D' and then do a scan.Everything it finds that is marked in red,get spybot to fix.Then try to run Adaware.Let us know if this helps. __________________ An Australian Member of Eddy

10-26-2004, 03:40 PM	#6 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point. Reboot into Safe Mode (hit F8 key until menu shows up). Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\WINDOWS\conscorr.exe Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean. Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com. Your XP is sorely out of date! __________________ GO BIG BLUE!!

10-26-2004, 03:52 PM	#7 (permalink)
^aRaS^ Registered User Join Date: Oct 2004 Location: Lithuania Posts: 39 OS: XP	Thx for your answer CTSNKY , I will try to do it , and then I will come with new log I never do win updates it looks for me like my pc start to work much more slowely after updates , and have tons of no needed crap but its just my opinion , maybe I am wrong ~~ Last edited by ^aRaS^ : 10-26-2004 at 03:55 PM.

10-26-2004, 03:56 PM	#8 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	It may seem slow at first, but will surely improve. There are MUCH needed security patches, which protect your computer against well-known flaws in XP. Hackers lick their lips when they come across an non-updated machine. __________________ GO BIG BLUE!!

10-26-2004, 03:57 AM	#3 (permalink)
ni4wdc Registered User Join Date: Oct 2004 Location: New Zealand Posts: 2 OS: XP Pro	Funny you should have problems with Ad-Aware SE as I downloaded it the other day and the only way I can get it to work is to stop it searching in zipped files??? Alan...

10-26-2004, 09:36 AM	#4 (permalink)
^aRaS^ Registered User Join Date: Oct 2004 Location: Lithuania Posts: 39 OS: XP	Pencace I downloaded Spybod S&D , made a scan , fixed all in red , but ad-aware is still working the same :( I use Norton Antivirus , it have newest updates , and dont found anything too... what else I could do ? btw I tryed to take off scaning in zip files , but its the same as before... thx

10-26-2004, 11:21 AM	#5 (permalink)
^aRaS^ Registered User Join Date: Oct 2004 Location: Lithuania Posts: 39 OS: XP	Here is my hjack log file , hope it will help a little Logfile of HijackThis v1.98.2 Scan saved at 21:14:35, on 2004.10.26 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Messenger\msmsgs.exe C:\HJC\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Tau Monitor] C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab

10-26-2004, 03:59 PM	#9 (permalink)
^aRaS^ Registered User Join Date: Oct 2004 Location: Lithuania Posts: 39 OS: XP	but it also instal a lot of no needed things ? so u sugest me to make update ?

10-26-2004, 04:01 PM	#10 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	I suggest you go to that site and download & install ALL Critical patches that Windows recommends you have. __________________ GO BIG BLUE!!

10-26-2004, 04:22 PM	#11 (permalink)
^aRaS^ Registered User Join Date: Oct 2004 Location: Lithuania Posts: 39 OS: XP	Ok I did everething u sayd , also wondering about this file conscorr.ini in Windows dir. I need to delete it too ? Here is my new log : Logfile of HijackThis v1.98.2 Scan saved at 02:19:04, on 2004.10.27 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Tau Monitor] C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab

10-26-2004, 04:26 PM	#12 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Yes, I would recommend deleting conscorr.ini from that folder. Your log is clean, well done. Any lingering problems? To help prevent future spyware installations/infections, please read the Anti-Spyware Section and use the tools provided. __________________ GO BIG BLUE!!

10-26-2004, 04:39 PM	#13 (permalink)
^aRaS^ Registered User Join Date: Oct 2004 Location: Lithuania Posts: 39 OS: XP	THX for your help dude ok , I will follow "Spyware Prevention" but I still have main problem : my ad-aware crash In safe mode it works fine , but in normal , it scans about 500-1500 objects and stops ... just stops on one file and dont move :( any ideas about this one ?

10-26-2004, 04:51 PM	#14 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	What does it say on the screen when it crashes? Any error message? Is it stuck on "Conditional Scanning"? If yes, then check this info from Lavasoft: Please run Ad-Aware SE using the command line to skip the conditional scan. Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown) "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +procnuke +cskip Click OK. Note: The path above (between the quotes) is the default location of Ad-Aware SE, if you installed to a different directory please adjust it to the correct location. This will lauch Ad-Aware SE with the special +procnuke option. Click Start and make sure that "Search for negligible risk entries" is unchecked i.e. it has a red cross. Then select "Perform full system scan" and click next to start the scan. When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family". Click next, Click OK to confirm removal. After completing a scan skipping the conditional scan, you should be able to do a full system scan. __________________ GO BIG BLUE!!

10-26-2004, 05:13 PM	#15 (permalink)
^aRaS^ Registered User Join Date: Oct 2004 Location: Lithuania Posts: 39 OS: XP	it dont show any erorrs or smth ... it just freeze ... I made screen shot , maybe it will help : http://upl.silentwhisper.net/uplfold...are_screen.JPG how u see on the pic , scaning just stoped on that moment , I can left it for hour or even more , but it will show the same btw I tryed to do that what u wrote , it dont help :(

10-26-2004, 05:25 PM	#16 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	Hi uninstall it ,and download it again ,and see if the problem still occurs .

10-26-2004, 06:02 PM	#18 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,620 OS: xp	well ,your last log looks clean . have you tried it in safe mode ?