some computer help please.

Textkit is a learning community- introduce yourself here. Use the Open Board to introduce yourself, chat about off-topic issues and get to know each other.
Post Reply
Bert
Textkit Zealot
Posts: 1889
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

some computer help please.

Post by Bert »

I am only barely computer-literate. Some of you are very literate if not experts when it comes to computers, so I have a question for you.

My home-page for going on the web has always been www1.sympatico.ca/
Just recently, for some reason my home page has changed and I have to go through several windows and pop-ups just to get to my mail box.
I can't seem to get it changed back to sympatico.
Does any one know what the problem might be?
Last edited by Bert on Sat Feb 07, 2004 8:10 pm, edited 1 time in total.

solitario
Textkit Neophyte
Posts: 98
Joined: Wed Jan 14, 2004 6:23 am
Location: ROSETVM
Contact:

Post by solitario »

Well, I'm not familiar with the web site. But it seems that it does not at this time possess a subdomain called "1."
Try this: http://www1.sympatico.ca/ and let me know if it doesn't work.

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »


For Internet Explorer:
Load the webpage http://www1.sympatico.ca/.
Then go Tools > Internet Options. In the General Tab, under the Home Page section, click on the "Use Current" button. That should net the current webpage (viz. http://www1.sympatico.ca/) to be your default Home Page.

For Mozilla:
Load the webpage.
Then go Edit > Preferences. Under Navigator, Home Page section, click on the "Use Current Page" button.

Alternatively, you can just type in the URL in the Home Page field and then click OK, but that's prone to errors if you mistype it.


I hope you don't have a browser hijack on your computer...



Alundis
Textkit Neophyte
Posts: 65
Joined: Wed May 07, 2003 1:56 am
Location: new jersey
Contact:

Post by Alundis »

I would run Spybot then CWShredder

tdominus
Textkit Member
Posts: 122
Joined: Wed Aug 06, 2003 12:15 pm
Location: Terra Australis

Post by tdominus »

Yes, it sounds like you have spyware installed.
Running those programs should fix it. If not, reply here and i will step you through removing the problematic programs.

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »

Yes, I was afraid it might be that... it's the part where he says "I have to go through several windows and pop-ups just to get to my mail box. " that sounds suspicious.

I don't think Bert's up to tweaking his Registry himself. I wonder if we can persuade him to run that little Hijackthis utility and post his log file so we can point out what might be causing his problem and then have him go back into Hijackthis to have it autofix it.

Rick
Textkit Neophyte
Posts: 4
Joined: Thu Feb 05, 2004 2:47 pm
Location: ohio

Had the same problem

Post by Rick »

Yes, my home page too was hijacked by some spyware.
I was able to fix it free by going to a Adaware website and downloading a scanning setup that recognizes problems during your startup and running processes. Be sure to use the forum they so gratiously supply because you will have to post your findings for them to evaluate. This group is from Sweden very knowledgable in this area. The best part...
Its all free! It does work so don't pass this up!!
site is here

http://www.lavasoft.de/
and the forum

http://www.lavasoftsupport.com/

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »


Hi Rick,

You must be new here since this is your 2nd post on the forum. Welcome to Textkit. I see you're from Ohio... I wonder if you're Jeff's neighbor! :D I hope you enjoy your visit here and come back again...

Rick
Textkit Neophyte
Posts: 4
Joined: Thu Feb 05, 2004 2:47 pm
Location: ohio

Post by Rick »

Thank you for the welcome! Yes, i guess the post number kinda gives me away :)
I hope the info Lavasoft supply helps. They are a good group there.
They walked this puter literate flunky right through it.
Thanks again for the welcome!

Bert
Textkit Zealot
Posts: 1889
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Post by Bert »

mariek wrote: I wonder if we can persuade him to run that little Hijackthis utility and post his log file so we can point out what might be causing his problem and then have him go back into Hijackthis to have it autofix it.
You can probably persuade him if you tell him how to do it.

You are probably right in your diagnosis because there is always something about 'spyware'.

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »


Bert,

Alundis and Rick gave great suggestions.

I've never used Spybot Search and Destroy, but I have used Ad-aware before. It doesn't hurt to have it installed. Run it occassionally and remember to check for updates.

I'm emailing you CWShredder and Hijackthis.

Bert
Textkit Zealot
Posts: 1889
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Post by Bert »

mariek wrote:
.

I'm emailing you CWShredder and Hijackthis.
Thanks. Did you receive my reply?

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »


Bert,

I haven't received your reply yet. Would you please resend it? Thanks.

Bert
Textkit Zealot
Posts: 1889
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Post by Bert »

I tried again.
If it turns out that it is lost somewhere in cyber-space, maybe I should cut and past it to this forum. What do you think?

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »


Try sending another email. If that doesn't work, try posting here. It looks like you're online late afternoon, so I'll check back this afternoon.

Have you tried installing Ad-Aware, getting the latest update, and then letting it do its scan?

Bert
Textkit Zealot
Posts: 1889
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Post by Bert »

Thanks Mariek for your helpfulness.
I have not tried Ad-Aware yet. I thought I'd wait and see if the HijackThis file reveals any thing.

When I ran CWShredder it said that my system is clean.(I was almost hoping it
wouldn't be so that there would be something to fix in order to get rid of this
thing)

When you asked me to enumerate the programs listed in the Add/Remove Programs
window, did you mean to for me to type them out and send you a copy?

Here is the HijackThis file;

Logfile of HijackThis v1.97.7
Scan saved at 9:40:21 PM, on 2/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\HELPEXP.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBSRV.EXE
C:\UNZIPPED\BERT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passthison.com/r4/?s43
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb ... geHome.htm
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet4_50.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM
FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:
\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM
FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:
\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,
LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe"
/H
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,
NewDotNetStartup
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
/Upgrade
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,
LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program
Files\Alset\HelpExpress\Default\Client\HelpExp.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.
EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\RunServices: [HELPEXP.EXE] C:\Program
Files\Alset\HelpExpress\Default\Client\HelpExp.exe
O4 - HKCU\..\RunServices: [HXIUL.EXE] C:\Program
Files\Alset\HelpExpress\Default\HXIUL.EXE
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.
Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.
exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 5576967593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23e3c24e7dea827efb ... xIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... t/opuc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdp ... ainads.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab


thanks again

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »


Holy Guacamole! :shock:

Yep, you've got quite a lot of undesirable stuff there... :(

But we can try to clean it up. Normally I would just manually wade through the registry, then delete any residual files on the hard drive.

I think the easiest thing for you to do is to download and install Ad-Aware and let it do most or all of the cleanup for you.

Some of this bad stuff is evident, while others are not so obvious and harder to get to. I'm sure you have some suspicious stuff in your Add/Remove Programs, such as: Date Manager, Precision Time, Hotbar, WeatherCast, HelpExpress. You can "uninstall" these. Anything that shows up as "Gator" or "GAIN" is bad.

Here's what I suggest:
1. Uninstall anything suspicious from Add/Remove programs. (Some of them might be "tricky" to unistall, requiring you to download something to uninstall them, or a "tricky" question to ask you whether you want to uninstall but encourages you to click on the button that does not uninstall, etc)
3. Reboot your computer.
4. Download Ad-Aware (www.lavasoft.de if I recall correctly), install it, get the latest update, then do a scan.
5. Reboot your computer.
6. Run hijackthis.exe, save another log file, and we'll see whether it looks any better.

Or if you want, skip steps 1 & 2 entirely. Ad-Aware should handle those automatically. (Can you tell I have control issues?)

I will post in another message a copy of your hijack log and highlight all the stuff I see as being bad bad bad bad bad, just to give you an idea of what's going on with your computer...

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »

Here's a copy of your log file. Bad stuff highlighted inred

Logfile of HijackThis v1.97.7
Scan saved at 9:40:21 PM, on 2/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\DEFAULT\CLIENT\HELPEXP.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBSRV.EXE
C:\UNZIPPED\BERT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.passthison.com/r4/?s43
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb ... geHome.htm
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM
FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet4_50.dll

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM
FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:
\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM
FILES\HOTBAR\BIN\4.3.5.0\HBHOSTIE.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:
\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,
LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe"
/H

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,
NewDotNetStartup

O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Hotbar] C:\PROGRAM FILES\HOTBAR\BIN\4.3.5.0\HBINST.EXE
/Upgrade

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,
LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program
Files\Alset\HelpExpress\Default\Client\HelpExp.exe

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.
EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\RunServices: [HELPEXP.EXE] C:\Program
Files\Alset\HelpExpress\Default\Client\HelpExp.exe

O4 - HKCU\..\RunServices: [HXIUL.EXE] C:\Program
Files\Alset\HelpExpress\Default\HXIUL.EXE

O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.
Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.
exe

O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 5576967593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23e3c24e7dea827efb ... xIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... t/opuc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} (PdpPi Class) - http://webpdp.gator.com/v3/download/pdp ... ainads.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »


Oh, one more thing. After you run HijackThis and it shows you a report. You will notice some check boxes to the left of each item. If you want to have HiJackThis automatically fix something, just check the box next to (left of) the line you want to fix.

If you go this route, you DO NOT want to check ALL the boxes. Just check the boxes next to the stuff you want to fix.

Bert
Textkit Zealot
Posts: 1889
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Post by Bert »

This is a little embarassing. I can't seem to download the free version.
I tried twice but both times I end up having to buy it in order for it to work.
It's bed time now, I'll try again tomorrw.
Good night.

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Try downloading Ad-aware again

Post by mariek »


I'm sorry this is all such a painful process to go through. I can only imagine how frustrated you must feel. Let's see if we can walk you through downloading the FREE version.

Go to : http://www.lavasoft.de

On the left side column you will see their product listed under "Software".

Don't click on the "Ad-aware Professional" or "Ad-aware Plus" links.

You want to click on the "Ad-aware" link, which is the 3rd one down underneath "Software".

The next page will offer you a download link. It's on the right side this time, under "Download" (in the grey area). Click on the link that says "Our software. There are several sites to download our software from".

On the next page, scroll down to the section titled "Ad-Aware 6 Standard Edition" Full Install. You'll see an enumeration of sites where you can download the software from. Click on one of these links to download it.

Hope this helps...

Dillman
Textkit Neophyte
Posts: 30
Joined: Tue Feb 10, 2004 1:51 am

Post by Dillman »

Oh man....Thats a lot of work to go through them all.....better just light your computer on fire and throw it at a passing car :D

Bert
Textkit Zealot
Posts: 1889
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Post by Bert »

A lot of help you are Dillman; You come with the good advise AFTER I got the problem fixed the hard way! (Mind you, I don't think that throwing a burning computer at a passing car is easy either.)
YES, WE FIXED IT.

I ran adaware, then ran HijackThis once more. I deleted two more things myself yet; this is what the hijackthis file looks like now:

Logfile of HijackThis v1.97.7
Scan saved at 6:30:27 AM, on 2/14/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\BERT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Default\Client\HelpExp.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 5576967593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23e3c24e7dea827efb ... xIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... t/opuc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdp ... ainads.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Yippie! But there's one more thing...

Post by mariek »


Glad to hear the good news. :D I see you've got Sympatico as your home page again.

But I have to tell you that you're not entirely out of the woods yet. There are a few lines in your log that glares back at me as being something undesirable. I don't remember what they were, possibly adware/spyware, someone using your computer's processor power to gather info on you and sending it to someone somewhere. I just find that rude and invasive.

Run HijackThis.exe again, let it do its scan. Then click on the checkbox to the left of the following lines, and then click on the Fix button.




O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Default\Client\HelpExp.exe

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Default\HXIUL.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23e3c24e7dea827efb ... xIE601.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe

O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdp ... ainads.cab





Don't forget to regularly update your Norton AntiVirus definitions and run a scan. It's good practice. :D

mariek
Global Moderator
Posts: 1387
Joined: Mon Jul 07, 2003 11:19 pm
Location: California
Contact:

Post by mariek »

Dillman wrote:Oh man....Thats a lot of work to go through them all.....better just light your computer on fire and throw it at a passing car :D

But if Bert did this, then we would no longer have the pleasure of his company here on Textkit!

Bert
Textkit Zealot
Posts: 1889
Joined: Sat May 31, 2003 2:28 am
Location: Arthur Ontario Canada

Post by Bert »

Done. Thank you very much for the patience and help.
One thing I noticed is that I don't get these anoying popups anymore that say that some "single girl/boy in my area looking for luv" wants me now. There were a few other ones that would pop up at least twice every time I went on line.

Clark3934
Textkit Neophyte
Posts: 27
Joined: Sun Feb 08, 2004 9:43 pm
Location: Oklahoma!
Contact:

Post by Clark3934 »

Easy way to get rid of popups in the google toolbar.

www.toolbar.google.com

Also, if anyone else here is having computer problems I suggest going to

www.blizzhackers.com

This is one of the best tech support forums, if not the best on the net. Part of the reason is that there is over 65000 members and they are usually about 200 on a any given time. You question will be answered in less than 30 seconds. :lol:

Post Reply