[Lori 1]

I have recently discovered something, Those people who have followed my post in the past, know that I have had a problem with my computer restarting on it's own. In the last week or so, my computer has been restarting again. I have discovered that when I get an ad, bug or what ever they are, on my computer, my computer starts, doing the restarting on it's own, and now I am having the problems of my computer freezing up on me. Also, I thought imunizing on spybot, is suppose to stop Alex from getting on my computer, which I have found 4 times in the last 5 days on ad-aware. Doe's anyone have any idea's on this?

 

[ping88]

run adwatach on ur adaware

 

[putasolution]

First of all download the following programmes: Spybot & Adaware

Update both of them first, then run both programmes and have them fix anything they find.

When you have run and fixed everything with Spybot Search and Destroy and AdAware, please reboot before scanning, as not everything can be removed when Windows is running

Go to this page, and download 'Hijack This!'.

Unzip it to My documents, launch Hijack This, then press Scan, and press Save Log

This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

open that file
Go to Edit | Select all
Now click Edit | copy to copy it

Do not change anything just yet
Come back to the forum, Right Click and paste its contents here

Someone will come along and have a look at it, and advise you what still needs to be removed.

 

[Lori 1]

Ok I have spybot and ad-aware, are you saying to reinstall them? probably not. But I will run hijack and post my log.

 

[Lori 1]

Logfile of HijackThis v1.97.7
Scan saved at 3:50:58 PM, on 4/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\UNZIPPED\HIJACKTHIS1977[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1501.0\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37867.3947337963
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab
O16 - DPF: Sametime Meeting Toolkit ST25 -
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

[Lori 1]

As looking through the log I saw O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe" My ISP is SCBYahoo DSL hummmm.

 

[putasolution]

it's weatherbug that appears to be causing your problems

Restart Hijack this and put a check mark against the following

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?

click Fix Checked

 

[Lori 1]

ok Thank you so much, should I uninstall weather bug first, or just keep it?

 

[putasolution]

I would uninstall it. It's a bit of a bandwidth thief

 

[Lori 1]

Ok Thank you so much, I sure hjope this does the job and it stops the restarts,and freeze ups.
Lori

 

[polak]

Lori,

If the instructions you have received in the earlier posts have solved your computer problems, you may want to review the attached site for additional measures you can take to help avoiding getting reinfected.

A word of caution, if you do not have Spywareblaster installed, they recently released a new version(version 3.0) that has had problems on Windows 98 operating systems, but the author has been working on a fix.

http://forums.techguy.org/t208517.html

http://www.wilderssecurity.com/index.php?board=34;action=display;threadid=26356

 

[Lori 1]

Polak, No it didn't work, my computer just up and restarted just before typing this post back. No, I don't have spywareBlaster, I got rid of it cause it seemed to cause problems with my computer.I will read over the links you posted, thank you.

 

[polak]

Lori 1,

Sorry that the suggested fixes haven't solved your computer problems. You may want to consider describing the problems you are experiencing and posting in the Security section of the Tech Guy Support forums. You will find the Security section under Internet and Networking in the TG Support forums. There are some exceptionally knowledgeable individuals in the Security section that deal with HIjackthis logs.

 

[hewee]

A word of caution, if you do not have Spywareblaster installed, they recently released a new version(version 3.0) that has had problems on Windows 98 operating systems, but the author has been working on a fix.

I have 98 nd it has worked ok but twice looking at Spywareblaster 3.0 I have seen that it says... "1 items have protection disable" for Mozilla/Firefox and both times it was the X10.com cookie

 

[telecom69]

Hi Lori 1,apart from all the excellent advice you have been given here,a faulty power supply could be causing your problem,nothing you can do about that,it needs checking out by someone who knows what they are doing of course, but if all else fails,you should consider getting it looked at.....

 

[Lori 1]

Hi Harry, I'm not really quite sure what you mean in your post, but i have seen Mozilla on my computer, which I didn't put there. and Telecom69 thanks for your input also.

 

[hewee]

If it your power try hooking your PC to another outlet plug in the house to rule out the wall outlet.

Well if you have Netscape 6 or 7 your have a Mozilla folder.

Here is what I am talking about.
I have to go and recheck the X10.com twice because it is somehow getting unchecked.
But I have not seen any X10 cookies on my PC either so don't know what is going on.

 

[Lori 1]

Just to keep you,posted I haven't had any problems,with restarting,lol {knock on wood} Smile, and I want to Thank you all, for your information and posts. There is one more qustion I have for anyone that might know, In my HiJack results, is it ok to put checks on the results, of programs that I uninstalled? I noticed Panda was on there and I deleted that long agh and I want to Thank Ray again, for what he has taught me, and been so patient, lol I'm learning,{smile}

 

[hewee]

Did you do anything or did the problems with restarting just go away?

I think you can just uncheck them in HiJack but will like other that know more say something too.

 

[Lori 1]

Ok Harry, I followed the above intructions, and it hasn't automaticly restarted,yet. Oh and Thanks for resizing my pic.