Textkit Logo

some computer help please.

Textkit is a learning community- introduce yourself here. Use the Open Board to introduce yourself, chat about off-topic issues and get to know each other.

Moderators: thesaurus, Jeff Tirey

some computer help please.

Postby Bert » Thu Feb 05, 2004 12:37 am

I am only barely computer-literate. Some of you are very literate if not experts when it comes to computers, so I have a question for you.

My home-page for going on the web has always been www1.sympatico.ca/
Just recently, for some reason my home page has changed and I have to go through several windows and pop-ups just to get to my mail box.
I can't seem to get it changed back to sympatico.
Does any one know what the problem might be?
Last edited by Bert on Sat Feb 07, 2004 8:10 pm, edited 1 time in total.
Bert
Textkit Zealot
 
Posts: 1890
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Postby solitario » Thu Feb 05, 2004 3:04 am

Well, I'm not familiar with the web site. But it seems that it does not at this time possess a subdomain called "1."
Try this: http://www1.sympatico.ca/ and let me know if it doesn't work.
phpbb
User avatar
solitario
Textkit Neophyte
 
Posts: 98
Joined: Wed Jan 14, 2004 6:23 am
Location: ROSETVM

Postby mariek » Thu Feb 05, 2004 3:05 am


For Internet Explorer:
Load the webpage http://www1.sympatico.ca/.
Then go Tools > Internet Options. In the General Tab, under the Home Page section, click on the "Use Current" button. That should net the current webpage (viz. http://www1.sympatico.ca/) to be your default Home Page.

For Mozilla:
Load the webpage.
Then go Edit > Preferences. Under Navigator, Home Page section, click on the "Use Current Page" button.

Alternatively, you can just type in the URL in the Home Page field and then click OK, but that's prone to errors if you mistype it.


I hope you don't have a browser hijack on your computer...


User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby Alundis » Thu Feb 05, 2004 5:52 am

I would run Spybot then CWShredder
Alundis
Textkit Neophyte
 
Posts: 65
Joined: Wed May 07, 2003 1:56 am
Location: new jersey

Postby tdominus » Thu Feb 05, 2004 6:52 am

Yes, it sounds like you have spyware installed.
Running those programs should fix it. If not, reply here and i will step you through removing the problematic programs.
tdominus
Textkit Member
 
Posts: 122
Joined: Wed Aug 06, 2003 12:15 pm
Location: Terra Australis

Postby mariek » Thu Feb 05, 2004 4:54 pm

Yes, I was afraid it might be that... it's the part where he says "I have to go through several windows and pop-ups just to get to my mail box. " that sounds suspicious.

I don't think Bert's up to tweaking his Registry himself. I wonder if we can persuade him to run that little Hijackthis utility and post his log file so we can point out what might be causing his problem and then have him go back into Hijackthis to have it autofix it.
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Had the same problem

Postby Rick » Thu Feb 05, 2004 5:00 pm

Yes, my home page too was hijacked by some spyware.
I was able to fix it free by going to a Adaware website and downloading a scanning setup that recognizes problems during your startup and running processes. Be sure to use the forum they so gratiously supply because you will have to post your findings for them to evaluate. This group is from Sweden very knowledgable in this area. The best part...
Its all free! It does work so don't pass this up!!
site is here

http://www.lavasoft.de/
and the forum

http://www.lavasoftsupport.com/
Rick
Textkit Neophyte
 
Posts: 4
Joined: Thu Feb 05, 2004 2:47 pm
Location: ohio

Postby mariek » Thu Feb 05, 2004 5:05 pm


Hi Rick,

You must be new here since this is your 2nd post on the forum. Welcome to Textkit. I see you're from Ohio... I wonder if you're Jeff's neighbor! :D I hope you enjoy your visit here and come back again...
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby Rick » Thu Feb 05, 2004 5:08 pm

Thank you for the welcome! Yes, i guess the post number kinda gives me away :)
I hope the info Lavasoft supply helps. They are a good group there.
They walked this puter literate flunky right through it.
Thanks again for the welcome!
Rick
Textkit Neophyte
 
Posts: 4
Joined: Thu Feb 05, 2004 2:47 pm
Location: ohio

Postby Bert » Thu Feb 05, 2004 11:09 pm

mariek wrote: I wonder if we can persuade him to run that little Hijackthis utility and post his log file so we can point out what might be causing his problem and then have him go back into Hijackthis to have it autofix it.

You can probably persuade him if you tell him how to do it.

You are probably right in your diagnosis because there is always something about 'spyware'.
Bert
Textkit Zealot
 
Posts: 1890
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Postby mariek » Fri Feb 06, 2004 1:13 am


Bert,

Alundis and Rick gave great suggestions.

I've never used Spybot Search and Destroy, but I have used Ad-aware before. It doesn't hurt to have it installed. Run it occassionally and remember to check for updates.

I'm emailing you CWShredder and Hijackthis.
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby Bert » Sat Feb 07, 2004 8:09 pm

mariek wrote:
.

I'm emailing you CWShredder and Hijackthis.


Thanks. Did you receive my reply?
Bert
Textkit Zealot
 
Posts: 1890
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Postby mariek » Mon Feb 09, 2004 4:49 pm


Bert,

I haven't received your reply yet. Would you please resend it? Thanks.
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby Bert » Tue Feb 10, 2004 3:29 am

I tried again.
If it turns out that it is lost somewhere in cyber-space, maybe I should cut and past it to this forum. What do you think?
Bert
Textkit Zealot
 
Posts: 1890
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Postby mariek » Wed Feb 11, 2004 4:49 pm


Try sending another email. If that doesn't work, try posting here. It looks like you're online late afternoon, so I'll check back this afternoon.

Have you tried installing Ad-Aware, getting the latest update, and then letting it do its scan?
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby Bert » Thu Feb 12, 2004 12:33 am

Thanks Mariek for your helpfulness.
I have not tried Ad-Aware yet. I thought I'd wait and see if the HijackThis file reveals any thing.

When I ran CWShredder it said that my system is clean.(I was almost hoping it
wouldn't be so that there would be something to fix in order to get rid of this
thing)

When you asked me to enumerate the programs listed in the Add/Remove Programs
window, did you mean to for me to type them out and send you a copy?

Here is the HijackThis file;

Logfile of HijackThis v1.97.7
Scan saved at 9:40:21 PM, on 2/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\HELPEXP.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBSRV.EXE
C:\UNZIPPED\BERT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passthison.com/r4/?s43
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb ... geHome.htm
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet4_50.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM
FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:
\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM
FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:
\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,
LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe"
/H
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,
NewDotNetStartup
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
/Upgrade
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,
LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program
Files\Alset\HelpExpress\Default\Client\HelpExp.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.
EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\RunServices: [HELPEXP.EXE] C:\Program
Files\Alset\HelpExpress\Default\Client\HelpExp.exe
O4 - HKCU\..\RunServices: [HXIUL.EXE] C:\Program
Files\Alset\HelpExpress\Default\HXIUL.EXE
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.
Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.
exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 5576967593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23e3c24e7dea827efb ... xIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... t/opuc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdp ... ainads.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab


thanks again
Bert
Textkit Zealot
 
Posts: 1890
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Postby mariek » Thu Feb 12, 2004 3:12 am


Holy Guacamole! :shock:

Yep, you've got quite a lot of undesirable stuff there... :(

But we can try to clean it up. Normally I would just manually wade through the registry, then delete any residual files on the hard drive.

I think the easiest thing for you to do is to download and install Ad-Aware and let it do most or all of the cleanup for you.

Some of this bad stuff is evident, while others are not so obvious and harder to get to. I'm sure you have some suspicious stuff in your Add/Remove Programs, such as: Date Manager, Precision Time, Hotbar, WeatherCast, HelpExpress. You can "uninstall" these. Anything that shows up as "Gator" or "GAIN" is bad.

Here's what I suggest:
1. Uninstall anything suspicious from Add/Remove programs. (Some of them might be "tricky" to unistall, requiring you to download something to uninstall them, or a "tricky" question to ask you whether you want to uninstall but encourages you to click on the button that does not uninstall, etc)
3. Reboot your computer.
4. Download Ad-Aware (www.lavasoft.de if I recall correctly), install it, get the latest update, then do a scan.
5. Reboot your computer.
6. Run hijackthis.exe, save another log file, and we'll see whether it looks any better.

Or if you want, skip steps 1 & 2 entirely. Ad-Aware should handle those automatically. (Can you tell I have control issues?)

I will post in another message a copy of your hijack log and highlight all the stuff I see as being bad bad bad bad bad, just to give you an idea of what's going on with your computer...
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby mariek » Thu Feb 12, 2004 3:23 am

Here's a copy of your log file. Bad stuff highlighted inred

Logfile of HijackThis v1.97.7
Scan saved at 9:40:21 PM, on 2/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\HELPEXP.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBSRV.EXE
C:\UNZIPPED\BERT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passthison.com/r4/?s43
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb ... geHome.htm
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet4_50.dll

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM
FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:
\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM
FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:
\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,
LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe"
/H

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,
NewDotNetStartup

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
/Upgrade

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,
LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program
Files\Alset\HelpExpress\Default\Client\HelpExp.exe

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.
EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\RunServices: [HELPEXP.EXE] C:\Program
Files\Alset\HelpExpress\Default\Client\HelpExp.exe

O4 - HKCU\..\RunServices: [HXIUL.EXE] C:\Program
Files\Alset\HelpExpress\Default\HXIUL.EXE

O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.
Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.
exe

O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 5576967593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23e3c24e7dea827efb ... xIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... t/opuc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdp ... ainads.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby mariek » Thu Feb 12, 2004 3:27 am


Oh, one more thing. After you run HijackThis and it shows you a report. You will notice some check boxes to the left of each item. If you want to have HiJackThis automatically fix something, just check the box next to (left of) the line you want to fix.

If you go this route, you DO NOT want to check ALL the boxes. Just check the boxes next to the stuff you want to fix.
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby Bert » Fri Feb 13, 2004 3:03 am

This is a little embarassing. I can't seem to download the free version.
I tried twice but both times I end up having to buy it in order for it to work.
It's bed time now, I'll try again tomorrw.
Good night.
Bert
Textkit Zealot
 
Posts: 1890
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Try downloading Ad-aware again

Postby mariek » Fri Feb 13, 2004 3:43 am


I'm sorry this is all such a painful process to go through. I can only imagine how frustrated you must feel. Let's see if we can walk you through downloading the FREE version.

Go to : http://www.lavasoft.de

On the left side column you will see their product listed under "Software".

Don't click on the "Ad-aware Professional" or "Ad-aware Plus" links.

You want to click on the "Ad-aware" link, which is the 3rd one down underneath "Software".

The next page will offer you a download link. It's on the right side this time, under "Download" (in the grey area). Click on the link that says "Our software. There are several sites to download our software from".

On the next page, scroll down to the section titled "Ad-Aware 6 Standard Edition" Full Install. You'll see an enumeration of sites where you can download the software from. Click on one of these links to download it.

Hope this helps...
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby Dillman » Fri Feb 13, 2004 1:04 pm

Oh man....Thats a lot of work to go through them all.....better just light your computer on fire and throw it at a passing car :D
phpbb
Dillman
Textkit Neophyte
 
Posts: 30
Joined: Tue Feb 10, 2004 1:51 am

Postby Bert » Sat Feb 14, 2004 11:33 am

A lot of help you are Dillman; You come with the good advise AFTER I got the problem fixed the hard way! (Mind you, I don't think that throwing a burning computer at a passing car is easy either.)
YES, WE FIXED IT.

I ran adaware, then ran HijackThis once more. I deleted two more things myself yet; this is what the hijackthis file looks like now:

Logfile of HijackThis v1.97.7
Scan saved at 6:30:27 AM, on 2/14/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\BERT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Default\Client\HelpExp.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 5576967593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23e3c24e7dea827efb ... xIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... t/opuc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdp ... ainads.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab
Bert
Textkit Zealot
 
Posts: 1890
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Yippie! But there's one more thing...

Postby mariek » Sat Feb 14, 2004 7:41 pm


Glad to hear the good news. :D I see you've got Sympatico as your home page again.

But I have to tell you that you're not entirely out of the woods yet. There are a few lines in your log that glares back at me as being something undesirable. I don't remember what they were, possibly adware/spyware, someone using your computer's processor power to gather info on you and sending it to someone somewhere. I just find that rude and invasive.

Run HijackThis.exe again, let it do its scan. Then click on the checkbox to the left of the following lines, and then click on the Fix button.




O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Default\Client\HelpExp.exe

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23e3c24e7dea827efb ... xIE601.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe

O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdp ... ainads.cab





Don't forget to regularly update your Norton AntiVirus definitions and run a scan. It's good practice. :D
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby mariek » Sat Feb 14, 2004 7:43 pm

Dillman wrote:Oh man....Thats a lot of work to go through them all.....better just light your computer on fire and throw it at a passing car :D


But if Bert did this, then we would no longer have the pleasure of his company here on Textkit!
User avatar
mariek
Global Moderator
Global Moderator
 
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California

Postby Bert » Sat Feb 14, 2004 8:37 pm

Done. Thank you very much for the patience and help.
One thing I noticed is that I don't get these anoying popups anymore that say that some "single girl/boy in my area looking for luv" wants me now. There were a few other ones that would pop up at least twice every time I went on line.
Bert
Textkit Zealot
 
Posts: 1890
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Postby Clark3934 » Sun Feb 15, 2004 5:19 am

Easy way to get rid of popups in the google toolbar.

www.toolbar.google.com

Also, if anyone else here is having computer problems I suggest going to

www.blizzhackers.com

This is one of the best tech support forums, if not the best on the net. Part of the reason is that there is over 65000 members and they are usually about 200 on a any given time. You question will be answered in less than 30 seconds. :lol:
Clark3934
Textkit Neophyte
 
Posts: 27
Joined: Sun Feb 08, 2004 9:43 pm
Location: Oklahoma!


Return to Open Board

Who is online

Users browsing this forum: No registered users and 13 guests