Ad-Aware

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Lori 1

Thread Starter
Joined
Jul 25, 2002
Messages
1,505
I have recently discovered something, Those people who have followed my post in the past, know that I have had a problem with my computer restarting on it's own. In the last week or so, my computer has been restarting again. I have discovered that when I get an ad, bug or what ever they are, on my computer, my computer starts, doing the restarting on it's own, and now I am having the problems of my computer freezing up on me. Also, I thought imunizing on spybot, is suppose to stop Alex from getting on my computer, which I have found 4 times in the last 5 days on ad-aware. Doe's anyone have any idea's on this? :rolleyes: :confused:
 
Joined
Mar 20, 2003
Messages
4,823
First of all download the following programmes: Spybot & Adaware

Update both of them first, then run both programmes and have them fix anything they find.

When you have run and fixed everything with Spybot Search and Destroy and AdAware, please reboot before scanning, as not everything can be removed when Windows is running

Go to this page, and download 'Hijack This!'.

Unzip it to My documents, launch Hijack This, then press Scan, and press Save Log

This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

open that file
Go to Edit | Select all
Now click Edit | copy to copy it

Do not change anything just yet
Come back to the forum, Right Click and paste its contents here

Someone will come along and have a look at it, and advise you what still needs to be removed.
 

Lori 1

Thread Starter
Joined
Jul 25, 2002
Messages
1,505
Ok I have spybot and ad-aware, are you saying to reinstall them? probably not. But I will run hijack and post my log.
 

Lori 1

Thread Starter
Joined
Jul 25, 2002
Messages
1,505
Logfile of HijackThis v1.97.7
Scan saved at 3:50:58 PM, on 4/6/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\UNZIPPED\HIJACKTHIS1977[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1501.0\EN-US\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37867.3947337963
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab
O16 - DPF: Sametime Meeting Toolkit ST25 -
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 

Lori 1

Thread Starter
Joined
Jul 25, 2002
Messages
1,505
As looking through the log I saw O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe" My ISP is SCBYahoo DSL hummmm.
 
Joined
Mar 20, 2003
Messages
4,823
it's weatherbug that appears to be causing your problems

Restart Hijack this and put a check mark against the following

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_10_1,0,2,5.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?

click Fix Checked
 

Lori 1

Thread Starter
Joined
Jul 25, 2002
Messages
1,505
ok Thank you so much, should I uninstall weather bug first, or just keep it?
 

Lori 1

Thread Starter
Joined
Jul 25, 2002
Messages
1,505
Ok Thank you so much, I sure hjope this does the job and it stops the restarts,and freeze ups.
Lori
 
Joined
Oct 12, 2003
Messages
567
Lori,

If the instructions you have received in the earlier posts have solved your computer problems, you may want to review the attached site for additional measures you can take to help avoiding getting reinfected.

A word of caution, if you do not have Spywareblaster installed, they recently released a new version(version 3.0) that has had problems on Windows 98 operating systems, but the author has been working on a fix.

http://forums.techguy.org/t208517.html

http://www.wilderssecurity.com/index.php?board=34;action=display;threadid=26356
 

Lori 1

Thread Starter
Joined
Jul 25, 2002
Messages
1,505
Polak, No it didn't work, my computer just up and restarted just before typing this post back. No, I don't have spywareBlaster, I got rid of it cause it seemed to cause problems with my computer.I will read over the links you posted, thank you.
 
Joined
Oct 12, 2003
Messages
567
Lori 1,

Sorry that the suggested fixes haven't solved your computer problems. You may want to consider describing the problems you are experiencing and posting in the Security section of the Tech Guy Support forums. You will find the Security section under Internet and Networking in the TG Support forums. There are some exceptionally knowledgeable individuals in the Security section that deal with HIjackthis logs.
 
Joined
Oct 26, 2001
Messages
57,793
polak said:
A word of caution, if you do not have Spywareblaster installed, they recently released a new version(version 3.0) that has had problems on Windows 98 operating systems, but the author has been working on a fix.
I have 98 nd it has worked ok but twice looking at Spywareblaster 3.0 I have seen that it says... "1 items have protection disable" for Mozilla/Firefox and both times it was the X10.com cookie
 

telecom69

Gone but never forgotten
Joined
Oct 12, 2001
Messages
9,807
Hi Lori 1,apart from all the excellent advice you have been given here,a faulty power supply could be causing your problem,nothing you can do about that,it needs checking out by someone who knows what they are doing of course, but if all else fails,you should consider getting it looked at.....
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

No members online now.
Top