0

: I have located with Both Hijack this log and Ad Aware a program called

ADCONTROL\WINDACT.exe in HiJack this; despite checking the delete box
it will not delete

also; several related AdCONTROL programs pop up in Ad Aware; they will not delete when checked;;;;;;the program freezes in the delete mode

any ideas

Locked out

3
Contributors
7
Replies
8
Views
12 Years
Discussion Span
Last Post by caperjack
0

First you may want to setup Ad-Aware here is how to .after setup reboot computer inSafe mode and run ad-aware ;
Reboot to SAFE run ad-aware
How to start computer in safe mode
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list.

Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window.

1. In the ‘General’ window make sure the following are selected:
• Automatically save log-file
• Automatically quarantine objects prior to removal
• Safe Mode (always request confirmation)

2. Click on the ‘Scanning’ button on the left and select :
• Scan Within Archives
• Scan Active Processes
• Scan Registry
• Deep Scan Registry
• Scan my IE favorites for banned URL’s
• Scan my Hosts file
• Under ‘Click here to select drives + folders’, choose:
• All of your hard drives

3. Click on the ‘Advanced’ button on the left and select:
• Include additional process information
• Include additional file information
• Include environment information
• Include additional object details

4. Click the ‘Tweak’ button and select:
• Under the ‘Scanning Engine’:
• Unload recognized processes during scanning
• Include basic Ad-aware settings in logfile
• Include additional Ad-aware settings in logfile
• Under the ‘Cleaning Engine’:
• Let Windows remove files in use at next reboot

5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’ and on the next screen choose ‘Activate in-depth Scan’ at the bottom of the page

• Use Custom Scanning Options

7. Click ‘Next’ and AdAware will scan your hard drive(s) with the options you have selected.

,,,,,,,,,,,,,,,,,,,,

0

Logfile of HijackThis v1.97.7
Scan saved at 8:25:14 PM, on 11/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\QURB\QSP-2.1.213.3\QOELOADER.EXE
C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADALT.EXE
C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\DVZCOMMON\DVZMSGR.EXE
C:\PROGRAM FILES\THE SPA!\NETSURF.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS1977[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-spa.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.the-spa.com
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\PROGRAM FILES\QURB\QSP-2.1.213.3\QOELoader.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [areslite] "C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE" -h
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://64.89.104.83/surferplugin.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37910.8031134259
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://64.55.105.205/Java/cfs31229.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f000cfd84064750d9ff670ca95bb207a82492892b3b9ab0b150d34825d6c1f4faa5632c97c7c30f0d562bb0995df42c0e856e17f438bb38f5ace6de305:6a2feff70aa50e4b3d9d6f067011f31e
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx

0

1. Your version (1.97.7) of HijackThis is out of date; please download the latest version (1.98.2), run it, and post the log from that version.

2. You should take caperjack's advice and run Ad Aware before you post the new log; Ad Aware will be able to clean out some of the infections indicated in your HijackThis log. Along with Ad Aware you should also run SpyBot (download link in my sig below); it's a good compliment to Ad Aware. Run them consecutively (the order doesn't matter); rebooting after each has finished its fixes.

0

1. Your version (1.97.7) of HijackThis is out of date; please download the latest version (1.98.2), run it, and post the log from that version. Done :

2. You should take caperjack's advice and run Ad Aware before you post the new log; Ad Aware will be able to clean out some of the infections indicated in your HijackThis log. Along with Ad Aware you should also run SpyBot (download link in my sig below); it's a good compliment to Ad Aware. Run them consecutively (the order doesn't matter); rebooting after each has finished its fixes.

Ran ad aware in safe mode; with tweaks.............all set

thanks

0

all set.................problem solved ( safe mode/ad aware; solved all issues)

0

all set.................problem solved ( safe mode/ad aware; solved all issues)

It would have solved a lot but lets see and new log to make sure ,so get the updated hijackthis and post a fresh log .thanks

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.