1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spybot and Ad-aware problems

Discussion in 'Virus & Other Malware Removal' started by SDGonBen, Aug 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. SDGonBen

    SDGonBen Thread Starter

    Joined:
    Aug 22, 2004
    Messages:
    5
    Hello everybody.

    I'm having some trouble with both Spybot and Ad-aware.

    Yesterday I updated both these programs to the newer builds. From Spybot 1.2 to 1.3 and from Ad-aware SE 1.02 to 1.03.

    Since then whenever I start to scan with ad-aware I get a notification that


    and the computer restarts (it has like a 50 second countdown). It's only happening when I scan with ad-aware, this I'm sure of.

    Then Spybot. I know there's adware in my PC. Before it restarts like above Ad-aware gets to about 9 Critical objects. But Spybot doesn't get any because there's always and error when searching. Always. Attached is a screenshot of the error.

    I was told at another forum to go back to previous versions (which makes lots of sense) but I can't find those installers anywhere, only the new ones.

    Help!
     

    Attached Files:

  2. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    What you didn't say was what o/s you are running. If XP. have you just recently upgraded to SP2 just before you did this?

    I was told to go in and just go to the Advance tab and click on the setting of that ONE product of the one that you are having problems with (like you would with DSO Exploit) and click ignore, and then you will be fine. Liz
     
  3. SDGonBen

    SDGonBen Thread Starter

    Joined:
    Aug 22, 2004
    Messages:
    5
    Oops :eek: I forgot that

    Yes, it is Windows XP and yes it is SP2. The upgrade to SP2 was before the upgrade of Ad-aware and Spybot though. And although I'm not 100% sure I'm pretty positive that the previous versions worked fine with SP2.

    edit:

    The advanced tab where?
     
  4. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    Okay, this is going to take 3 posts

    Here is the first one showing where the advance tab is located. Liz
     

    Attached Files:

    • SB.JPG
      SB.JPG
      File size:
      22.4 KB
      Views:
      1,343
  5. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    This is the setting you go to ONCE you get to the advance tab...you go to settings and then to ignore product. Liz
     

    Attached Files:

    • SB1.JPG
      SB1.JPG
      File size:
      18.8 KB
      Views:
      1,334
  6. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    This one shows where you go to put the checkmark next to the item you are ignoring. Once you do that you can close the Spybot and the next time you run it, it will ignore that item. Liz
     

    Attached Files:

    • SB2.JPG
      SB2.JPG
      File size:
      19.8 KB
      Views:
      1,331
  7. SDGonBen

    SDGonBen Thread Starter

    Joined:
    Aug 22, 2004
    Messages:
    5
    That worked thanks.

    But... it happened again now with CoolWWWSearch. Now, I can also ignore that program, I'm not that dense. But should Spybot keep having this error with so many programs? It seems a little useless to run spybot if I have to keep ignoring programs.

    What about ad-aware, does anyone know how to fix that one?

    If not, does anybody have Spybot 1.2 and Ad-aware 1.02?
     
  8. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    Okay, then I would say that you need to run a HiJack This log...that it's a problem not with Spybot. But possibly with your computer? Go here: http://www.majorgeeks.com/download3155.html to get HiJack This.

    Create a folder on your hard drive somewhere like in "My Documents" and name it Hijackthis download 'Hijack This to that folder. Doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, DO NOT fix anything yet.

    Wait for a Security Expert to help at that point. Liz
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,806
    First Name:
    Derek
    I've moved this to security and we'll see what shows in the HJT log
     
  10. SDGonBen

    SDGonBen Thread Starter

    Joined:
    Aug 22, 2004
    Messages:
    5
    Ok, here's the log:



    Logfile of HijackThis v1.98.2
    Scan saved at 12:52:57 PM, on 8/23/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINNT\System32\rmctrl.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\RUNDLL32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD4.tmp\checkcrc.exe
    C:\documents and settings\owner\local settings\temp\tQcx.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    C:\Documents and Settings\Owner\My Documents\Download\rainlendar-0.19.1\rainlendar-0.19.1\Rainlendar.exe
    C:\Documents and Settings\Owner\My Documents\Download\yz_dck0083\YzDock.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Owner\My Documents\Download\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: jimmyhelp.CBrowserHelper - {2B0BF7F2-F606-44DC-9910-C9DA2AF8853B} - C:\WINNT\d8etEy.dll (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [RemoteControl] C:\WINNT\System32\rmctrl.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Juegos\LOCALS~1\Temp\MiniBug.exe 1
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mswspl] C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD4.tmp\checkcrc.exe
    O4 - HKLM\..\Run: [tQcx] C:\documents and settings\owner\local settings\temp\tQcx.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Shortcut to Rainlendar.lnk = C:\Documents and Settings\Owner\My Documents\Download\rainlendar-0.19.1\rainlendar-0.19.1\Rainlendar.exe
    O4 - Startup: Shortcut to YzDock.lnk = C:\Documents and Settings\Owner\My Documents\Download\yz_dck0083\YzDock.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.cokemusic.com
    O15 - Trusted Zone: http://www.toungestud.com
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {34A44FCF-50E3-63A5-A8DA-7835752B9571} - http://www.captaincode.com/ccbar/ccbar.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/DownloadManager.ocx
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18a10a411b87cabf3002/netzip/RdxIE601.cab
    O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093027166343
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://ntcast.com/tv/nsvplayx_vp6_mp3.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB1DCF12-89D2-488F-9066-C3BE7CA4E80C} - http://connect.tickle.com/hub/jump.html?d=toolbar_install_IE&c=byDuzrmthj.vrYUZeLnAU.XL6zKcNjAj
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_4_0.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,806
    First Name:
    Derek
    There are a few suspect entries that might cause this problem , lets fix them and see what happens

    Also I have heard of Style XP causing all sorts of problems with SP2

    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


    O2 - BHO: jimmyhelp.CBrowserHelper - {2B0BF7F2-F606-44DC-9910-C9DA2AF8853B} - C:\WINNT\d8etEy.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [Tray Temperature] C:\DOCUME~1\Juegos\LOCALS~1\Temp\MiniBug.exe 1
    O4 - HKLM\..\Run: [mswspl] C:\DOCUME~1\Owner\LOCALS~1\Temp\ICD4.tmp\checkcrc.exe
    O4 - HKLM\..\Run: [tQcx] C:\documents and settings\owner\local settings\temp\tQcx.exe

    O4 - Startup: PowerReg Scheduler.exe
    O16 - DPF: {34A44FCF-50E3-63A5-A8DA-7835752B9571} - http://www.captaincode.com/ccbar/ccbar.cab

    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edg...loadManager.ocx
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18a10a411b87ca...ip/RdxIE601.cab
    O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/...ion=4,3,2,20802
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
    O16 - DPF: {EB1DCF12-89D2-488F-9066-C3BE7CA4E80C} - http://connect.tickle.com/hub/jump....LnAU.XL6zKcNjAj
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} - http://companion.logitech.com/compa...1/bin/imvid.cab

    as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    then go to C:\Documents and Settings\USER NAME\Local Settings\Temp and select everything in that folder and delete it as you appear to have several users do this for all users

    as XP will not let you delete files less than 24 hours old as it thinks it might need them please also do this
    while in the temp folder, select view and select details.
    then right click a blank part and select arrange icons by, and select show in groups and modified, that will give a list of all files in date order with today at the top of the page.
    select all the files/folders except the today ones and delete them all.

    and select EVERYTHING in C:\windows\temp except temporary internet files, cookies and history folders and delete all that as well

    1) Open Control Panel
    2) Click on Internet Options
    3) On the General Tab, in the middle of the screen, click on Delete Files
    4) You may also want to check the box "Delete all offline content"
    5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
    6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

    then
    Reboot normally & see if spybot & adaware run OK now
     
  12. SDGonBen

    SDGonBen Thread Starter

    Joined:
    Aug 22, 2004
    Messages:
    5
    Spybot worked thanks :) When it was removing the spyware I got a couple of notices about a some files not being a proper window image and to check it against my installation diskette.

    But this didn't crash Spybot and it still succesfully removed the spyware.

    As for Ad-aware, what I had done was under system properties for My Computer un-check the option for it to restart automatically after system failure. (This was advice given at the Lavasoft forum) since Windows erroniously thinks that ad-aware made the system crash when it searches.
    This works but is it a good idea to have that option off? If there is a real system failure and it doesn't shut down automatically could something really bad happen to my system?
     
  13. yodudeguybro

    yodudeguybro

    Joined:
    Sep 29, 2004
    Messages:
    4
    SDGonBen, i did what you said in the system properties for my computer, clicked advacned tab, clicked settings uner startup and recovery, and uncheck automatically restart under system failure.

    When i run ad-aware, the windows still pops up saying that the system is shutting down. and 50 seconds later it shuts down. I have looked everywhere else in the system propeorties, but could not find anything ele to turn off......any ideas?
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/265219

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice