SpywareBlaster2.6.1 Locks up my Machine

Discussion in 'SpywareBlaster & Other Forum' started by k3dc, Feb 26, 2004.

Thread Status:
Not open for further replies.
  1. k3dc

    k3dc Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    33
    Location:
    Sunny Florida
    I recently downloaded SpywareBlaster 2.6.1 and installed it, then checked for and installed the updates as per instructions. When I run it, it appears to work properly. BUT, when I exit the program my computer totally locks up! :'( I'm running Windows Me on a Compaq Presario with McAfee Internet Security 6.0, Spybot S&D 1.2 and AdAware6 installed.

    I have uninstalled SpywareBlaster, rebooted the computer and reinstalled it- nothing changes. The error message says it's caused an error in KERNEL32.DLL; when I click the "OK" button the same message reappears, ad nauseam. The only way I can get out of it is to power down and then reboot and go through the SCANDISK bit.

    I would appreciate any help on overcoming this very unfortunate and annoying tendency. :oops:

    Thanks in advance.
     
  2. k3dc

    k3dc Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    33
    Location:
    Sunny Florida
    HELP! SB and SG *B*O*T*H* Cause Lockup!!

    After I posted my query about SpywareBlaster locking up my computer yesterday, I downloaded and installed SpywareGuard; it produced the same result- a TOTAL lockup of my computer!

    To make things worse, I then downloaded "Hijack This!" and ran it, to get a log of what's happening. When I exited that program, the machine locked up AGAIN (at least I did get the log- I checked when I rebooted).

    Maybe someone will offer some help THIS TIME; no answers to the other one yet. I must have some malware running in here somewhere, but Spybot and Ad-Aware don't find it.

    The problem is always the same: "SpywareBlaster (or SpywareGuard or Hijack This!) has caused an error in KERNEL32.DLL. (Whichever program) will now close." When I click on OK, it just keeps giving the same message and won't do anything else- including it won't shut down or answer "Ctl-Alt-Delete".

    I'm at my wits end. HELP! o_O
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    While I have no specific ideas about this error, as it has not been reported before, if you do have that HijackThis Log, can you post it here? It may help in trying to determine what's happening.
     
  4. k3dc

    k3dc Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    33
    Location:
    Sunny Florida
    Thanks for the reply. I'll try to get the logfile posted this time (I tried just a minute ago, but something told me the name was already taken :doubt: Oh well, let's try again; I don't know if the other time will post or not.

    here goes (I hope).
     

    Attached Files:

  5. k3dc

    k3dc Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    33
    Location:
    Sunny Florida
    Well, that didn't work. Let's see if I can figure this out.

    OK, I think I got it this time. Just bear with me, I'm slow but eventually I get there. ;)


    Logfile of HijackThis v1.97.7
    Scan saved at 3:10:05 PM, on 2/27/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
    C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
    C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
    C:\MY DOCUMENTS\DOWNLOADS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/html/index.cfm?p=16&m=91
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX__SpybotSDDisabled (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GDIEHELP.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [MSKServerExe] C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKDETCT.EXE /startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKLM\..\RunServices: [GuardDogEXE] "C:\PROGRAM FILES\MCAFEE\MCAFEE PRIVACY SERVICE\GUARDDOG.EXE" /SERVICE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Privacy Bar (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37866.7645833333
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  6. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Re:HELP! SB and SG *B*O*T*H* Cause Lockup!!

    I can think of one main connection between all of those programs - they all make use of MSVBVM60.dll.

    Could you please download and install the latest Visual Basic 6.0 SP5 run-time from Microsoft:

    http://download.microsoft.com/download/vb60pro/Redist/sp5/WIN98Me/EN-US/vbrun60sp5.exe

    It will install the latest version of the MSVBVM60.dll file. Please let me know if the problem is then fixed.

    Best regards,

    -Javacool
     
  7. k3dc

    k3dc Registered Member

    Joined:
    Feb 26, 2004
    Posts:
    33
    Location:
    Sunny Florida
    Vielen dank, merci beaucoup and much more, Javacool; that almost totally fixed the problems. Now it runs and doesn't lock up, so I guess I e=really should be happy. I am, of course, :D !

    I still get error messages. First, I get "whatever program" has caused an error in MCHOOK.DLL", and whenb I click OK on that onem I get a single instance of the "KERNEL32.DLL" error message.

    *B*U*T*, it does NOT lock up! I don't know what does happen, but at least the machine seems stable, and it's still running, so I'm not gonna look a gift horse in the mouth.

    Now if I could only get rid of the rest of that Incredimail mess; I've deleted the entire folder and all its children, and all the registry entries I can find that mention Incredimail, and still it appears in the "Hijack This!" log. o_O

    Any suggestions on that would certainly be most welcome, but for now I'm just grateful for your help and support. Thanks again to Javacool and all the team.

    (And to think that one time I thought Morse Code was hard...) ;)
     
Thread Status:
Not open for further replies.