I am having problems with pop ads and after running adaware, spybot
blaster, bazooka, and hijack this, still am having trouble.  The
computer is running real slow, and I constantly have to restart.  I
have run my Norton Antivirus, and it says I'm virus free.  I'm
attaching the hijackthis log for help.

Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 11:40:53 AM, on 7/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\XL.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\CURSORS\KBDVD.EXE
C:\WINDOWS\PLAXO\2.0.0.116\INSTALLSTUB.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.1.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O1 - Hosts: 216.93.168.167 auto.search.msn.com
O1 - Hosts: 216.93.168.167 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} -
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBARBHO.DLL
O2 - BHO: (no name) - {60112085-E1CE-4e0e-823A-EBB1AD98804C} -
C:\WINDOWS\TEMP\DVDBK.DAT
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Viewpoint Toolbar -
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\PROGRAM
FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [XtreamLok License Manager] C:\WINDOWS\SYSTEM\xl.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\MICROR~1\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\MICROR~1\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RealTray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony
Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\SYSTEM\E_S4I2L1.EXE
/P19 "EPSON Stylus CX6400" /O7 "EPUSB1:" /M "Stylus CX6400"
O4 - HKLM\..\Run: [KBDVD] C:\WINDOWS\CURSORS\KBDVD.EXE
O4 - HKLM\..\Run: [MP3OLE] C:\WINDOWS\FONTS\AARCS\MP3OLE.EXE
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.0.0.116\InstallStub.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON
CardMonitor\EPSON CardMonitor1.1.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM
FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ComcastHSI (HKLM)
O9 - Extra button: Support (HKLM)
O9 - Extra button: Help (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe
VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
- http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) -
http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://media.memphiszoo.org/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37941.6131365741
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com
Configuration Class) -
http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {CDCC6BE5-720B-488D-A953-047E0598D996} (UpMan Class) -
https://www.plaxo.com/activex/plx_upldr.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 -
http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

---

Request for Question Clarification by inquisitive-ga on 29 Jul 2004 09:08 PDT

Hi nolaguy-ga,

What version of Norton Antivirus are you running (I believe only the
2004 version checks for adware. I had to upgrade mine recently --I was
running 2003-- after having similar problems to yours)?

Have you downloaded all recent updates for Adaware and Spybot S&D?

Did Adaware and/or Spybot find anything the first time? Even if they
find something and you have the program remove it, you may have
something on your computer that turns around and installs them again.

---

Clarification of Question by nolaguy-ga on 29 Jul 2004 10:38 PDT

inquisitive - I am running Antivirus 2003.  Unfortunately, everytime I
try to download the Internet Security 2004 upgrade, my computer
freezes up before I get to checkout.  When I ran the Lavasoft AdAware
6, it found these 6 objects:

ArchiveData(auto-quarantine- 29-07-2004 13-33-18.bckp)
======================================================

TRACKING COOKIE
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[0]=File : c:\windows\cookies\default@a.as-us.falkag[1].txt
obj[1]=File : c:\windows\cookies\default@adserver.pollstar[2].txt
obj[2]=File : c:\windows\cookies\default@casalemedia[1].txt
obj[3]=File : c:\windows\cookies\default@questionmarket[2].txt
obj[4]=File : c:\windows\cookies\default@zedo[2].txt
obj[5]=File : c:\windows\cookies\default@0001[1].txt

---

Request for Question Clarification by inquisitive-ga on 29 Jul 2004 12:04 PDT

Your hijack this and adaware logs are showing a few minor adware type
things, but nothing that should be causing such problems

A few suggestions.

1) Try Norton's online security scan (it's free). It will help check
for security threats and often catches things that older installed
versions of Norton will not:
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

Let me know what it says.

2) While your computer is on, make sure you have checked for all
recent updates to Norton, Adaware and Spybot S&D.

3) Go to windowsupdate.com and make sure you have downloaded and
installed all updates marked as "critical." This is especially
important since you are running Windows 98 and IE 6. Try to do what
you can before your computer freezes.

4) Turn off your computer. Leave off for at least 30 seconds to clear
memory. Then reboot into Safe Mode.

Instructions for rebooting your computer in safe mode:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

5) Once you're in safe mode, re-run Norton, Lavasoft's AdAware and
Spybot S&D. This will help them find and remove files that they can't
handle while they are running in memory (which the computer is in
regular mode).

If you have problems with any of these, please post an update for me.
Also, let me know what the virus/security scans come back with.

I know this seems like a lot, but these things can be really hard to
diagnose without being there. I recently had to spend hours clearing
some of this popup adware off my daughter's computer and it was quite
a pain!

Use Lavasoft adware (http://www.lavasoftusa.com/).
There is one more online site which checks for worms and viruses.
Do check this site and do an virus check
online.http://housecall.trendmicro.com/housecall/start_corp.asp.
Thanks,
Dude

inquisitive - I am running Antivirus 2003.  Unfortunately, everytime I
try to download the Internet Security 2004 upgrade, my computer
freezes up before I get to checkout.  When I ran the Lavasoft AdAware
6, it found these 6 objects:

ArchiveData(auto-quarantine- 29-07-2004 13-33-18.bckp)
======================================================

TRACKING COOKIE
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
obj[0]=File : c:\windows\cookies\default@a.as-us.falkag[1].txt
obj[1]=File : c:\windows\cookies\default@adserver.pollstar[2].txt
obj[2]=File : c:\windows\cookies\default@casalemedia[1].txt
obj[3]=File : c:\windows\cookies\default@questionmarket[2].txt
obj[4]=File : c:\windows\cookies\default@zedo[2].txt
obj[5]=File : c:\windows\cookies\default@0001[1].txt

Your restarts could be caused by a dieing power supply or a virus. You
might want to try a different anti-virus program, like the free AVG
(http://www.grisoft.com/us/us_index.php) As far as the popups, if you
get them while surfing the web, I would suggest using the free and
open-source Mozilla browser http://www.mozilla.org/about/ It has very
good automatic popup blocking built in.

The problem is that some pop up are very dodgy ... 
Try to install Personal Firewall from www.download.com