Spybot Crashing

I am using Spybot v1.4. When running scan it keeps crashing computer (WinXP SP2). Last crash I got an error message first that read "Error during check - CoolwwwSearch.Feat2 installer [536] (access violation at address 7c0901104 in module ntdll.dll Write address 00000000).

I ran Ad Aware, AVG Virus scan, Window defender all without finding anything. Please help explain and fix this error. Thanks

Jeff R

 

The last part of teh error message is just telling you which windows process crashed, Why, could be a number of reasons.

Most likely reason is that Spybot is trying to scan a corrupt file.

If you wish too elimate things that are malicous, as a cause, then:
Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

Followed instructions in the readme first. Ran CCleaner - no problem. Ran Bitdefender - it crashed and computer restarted. Ran Panda online - same thing, as with Spybot also (multiple times). Happened in Safe Mode as well as normal startup. AVG and Ad-Aware ran fine and didn't find anything. Gave up at this point. Don't know whether this is malware, program conflicts or corrupted file.

Do I need to turn off Windows Defender, AVG before running the others? Haven't had to in the past.

Suggestions appreciated.

Jeff R

 

Might be a conflict with another app, or a corrupt file.

Post a HijackThis log as an attachment.

 

Here is my HJT log. thanks for your help.

Jeff R

 

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Otherwise your log is clean.

Have you run MEMTEST to check for bad RAM?

 

Thanks for the help. I haven't run MEMTest - where to I get it? I did follow above HJT instructions - will try spybot again and see if it runs. Thanks again.

Jeff R

 

Memtest86+ 1.65

This is an ISO image file. You will need to create bootable CD, using whatever CD burner software you use.

Boot your computer from the MEMTEST CD. Then run the memoray diagnostics. If no errors are found after 5 passes, you RAM is OK.

 

Thanks. BTW what did I fix in HJT? Please educate me for future reference - "If you give a man a fish, he can eat for a day. If you teach a man to fish, he can eat forever."

Jeff R

 

One more thing. I'm not sure how to make a bootable cd with WinXP.

 

Spybot now working properly. Gave this result that I'm not sure what to do with:
Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1078081533-813497703-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

 

The O4 line is from when the Computer restarted, and was doing a system dump.

The O6 line is for IE restrictions set by the Administrator. Malware will sometimes set IE restrictions in order to prevent you from changing settings.

Turn Off Active Desktop. Some forms of malware will utilize this feature, SpywareQuake is a good example.

The ISO image contains a bootsecter. It will create the Bootable CD when you create the CD.