1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Popup/Browser Problems

Discussion in 'Web & Email' started by veena33, Sep 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
    Hi

    Lately we have had serious popup issues as well as our web browser has been directed to another site even if we set a default. Not sure what the problem is but I ran the hijackme log and here are my results. What shud i do next? Not sure what to do

    Veena

    Logfile of HijackThis v1.97.2
    Scan saved at 4:25:17 PM, on 9/19/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
    C:\PROGRAM FILES\SPYBLAST\SPYBLAST.EXE
    C:\WINDOWS\SYSTEM\WINSERVN.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\PROGRAM FILES\ULTIMATE POPUP KILLER\POPUPKILLER.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sfux.com/searchbar.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchby.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sfux.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sfux.com/searchbar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sfux.com/searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
    N1 - Netscape 4: user_pref("browser.startup.homepage", "sfux.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://sea2fd.sea2.hotmail.msn.com/cgi-bin/HoTMaiL"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\yvzaljeq.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\yvzaljeq.slt\prefs.js)
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    O2 - BHO: (no name) - {A28C2A31-3AB0-4118-922F-F6B3184F5495} - C:\Program Files\BonziBUDDY Web Compass\WebCompass.dll (file missing)
    O2 - BHO: (no name) - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL
    O2 - BHO: (no name) - {c0a7fc10-93f2-4bef-80f2-92653b15479e} - C:\WINDOWS\APPLICATION DATA\OSHGGLLLUCH.DLL
    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
    O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
    O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\PROGRAM FILES\XUPITER\XUPITERTOOLBAR.DLL
    O3 - Toolbar: thstrglxdre - {951f8f89-ce56-4503-a034-b022f5d556b0} - C:\WINDOWS\APPLICATION DATA\OSHGGLLLUCH.DLL
    O3 - Toolbar: SurferBar - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - C:\PROGRA~1\WIN32.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [25KD8LX3KXST#7] C:\WINDOWS\SYSTEM\Hcj2s6.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun
    O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe
    O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\PROGRAM FILES\ULTIMATE POPUP KILLER\POPUPKILLER.EXE
    O4 - HKLM\..\RunOnce: [WU2_RegSvr] C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\WUAUPD98.DLL
    O4 - HKLM\..\RunOnce: [UpdateHook] C:\WINDOWS\rundll32.exe AUHKNEW.DLL,RenameDll
    O4 - HKLM\..\RunOnce: [WU4_RegSvr] C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\AUHOOK.DLL
    O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
    O8 - Extra context menu item: Allow popups - file://C:\PROGRAM FILES\ULTIMATE POPUP KILLER\POPUPKILLER.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Ebates (HKCU)
    O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
     
  2. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
    call a repair guy. and then take two asprin and call it a day
     
  3. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Hi veena33

    You can have HJT fix the following. Close your browser, open HJT and put a check next to the following items and click Fix. Reboot afterwards.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sfux.com/searchbar.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchby.net/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sfux.com/searchbar.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sfux.com/searchbar.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sfux.com/searchbar.html


    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch


    O2 - BHO: (no name) - {A28C2A31-3AB0-4118-922F-F6B3184F5495} - C:\Program Files\BonziBUDDY Web Compass\WebCompass.dll (file missing)

    O2 - BHO: (no name) - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\PROGRAM FILES\NETWORK ESSENTIALS\V11\NE.DLL

    O2 - BHO: (no name) - {c0a7fc10-93f2-4bef-80f2-92653b15479e} - C:\WINDOWS\APPLICATION DATA\OSHGGLLLUCH.DLL

    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL

    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL

    O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL

    O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\PROGRAM FILES\XUPITER\XUPITERTOOLBAR.DLL

    O3 - Toolbar: thstrglxdre - {951f8f89-ce56-4503-a034-b022f5d556b0} - C:\WINDOWS\APPLICATION DATA\OSHGGLLLUCH.DLL

    O3 - Toolbar: SurferBar - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - C:\PROGRA~1\WIN32.DLL


    O4 - HKLM\..\Run: [25KD8LX3KXST#7] C:\WINDOWS\SYSTEM\Hcj2s6.exe

    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE

    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

    O4 - HKCU\..\Run: [SpyBlast] C:\Program Files\SpyBlast\SpyBlast.exe /autorun

    O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe

    O4 - HKLM\..\RunOnce: [WU2_RegSvr] C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\WUAUPD98.DLL

    O4 - HKLM\..\RunOnce: [UpdateHook] C:\WINDOWS\rundll32.exe AUHKNEW.DLL,RenameDll

    O4 - HKLM\..\RunOnce: [WU4_RegSvr] C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\AUHOOK.DLL

    ...this last item, if it's not your ISP, then have HJT Fix it too:

    O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com


    After rebooting, delete the following folders:

    C:\PROGRAM FILES\NCASE\

    C:\Program Files\SpyBlast\


    Afterwards, go here and download Spybot:


    http://www.safer-networking.org/index.php?lang=en&page=download

    ...after installing, have it go on line and download all updates. Have it check your system for any problems. Everything it finds in RED is safe to fix.

    :)
     
  4. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
  5. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
    thanks i'll try it out and let u know
     
  6. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
    Ok did everything u said but when i logged on right now and opened internet explorer about 40 web browser windows popped up and also the web page for internet explorer is still set at http://www.searchby.net/. Not sure whats going on? When i was removing the items from the hijack this-> i couldnt find these:

    O4 - HKLM\..\RunOnce: [WU2_RegSvr] C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\WUAUPD98.DLL

    O4 - HKLM\..\RunOnce: [UpdateHook] C:\WINDOWS\rundll32.exe AUHKNEW.DLL,RenameDll

    O4 - HKLM\..\RunOnce: [WU4_RegSvr] C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\AUHOOK.DLL

    Could that be the problem cuz they're not removed?? Help!!!! I just want a clean computer!

    Veena
     
  7. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
    Also, whats the best free popup killer out there? Link?

    V
     
  8. KeithKman

    KeithKman

    Joined:
    Dec 28, 2002
    Messages:
    1,983
    Get this:

    http://spybot.eon.net.au/index.php?...p;page=download and download Spybot - search & destroy.

    Install the program and launch it.

    Before scanning press "Online" and "Search for Updates" .

    Put a check mark at and install all updates.

    Click "Check for Problems" and when the scan is finished let Spybot fix/remove all it finds.

    Restart your computer.

    Be sure and take advantage of the "Immunize" feature in Spybot.

    taken from flrman1's post :D
     
  9. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    veena33

    Make sure you also do a scan with Spybot. Then, post your current HJT log.

    :)


    Also, a good pop-up add link:

    http://www.popuptest.com/
     
  10. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
    Here are the results:

    Logfile of HijackThis v1.97.2
    Scan saved at 9:56:44 AM, on 9/20/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\ULTIMATE POPUP KILLER\POPUPKILLER.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\WINDOWS\SYSTEM\KSOYX.EXE
    C:\WINDOWS\SYSTEM\KSOYX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchby.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    N1 - Netscape 4: user_pref("browser.startup.homepage", "sfux.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://sea2fd.sea2.hotmail.msn.com/cgi-bin/HoTMaiL"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\yvzaljeq.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\yvzaljeq.slt\prefs.js)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [25KD8LX3KXST#7] C:\WINDOWS\SYSTEM\Hcj2s6.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [Ultimate Popup Killer] C:\PROGRAM FILES\ULTIMATE POPUP KILLER\POPUPKILLER.EXE
    O8 - Extra context menu item: Allow popups - file://C:\PROGRAM FILES\ULTIMATE POPUP KILLER\POPUPKILLER.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll

    Also, im getting this privacy alert dialog box that says allow cookie or block cookie...pops up every time im on a site?

    thanks again
     
  11. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
    ok from the site www.popuptest.com is there a recommended popup killer (free one)? not sure which one to download?

    Thanks again
     
  12. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Okay, use HJT to remove this entry:

    O4 - HKLM\..\Run: [25KD8LX3KXST#7] C:\WINDOWS\SYSTEM\Hcj2s6.exe


    As far as pop-up blockers, I've heard good things about this one:

    http://www.panicware.com/product_downloads.html

    ...scroll down to find the free version. You can also do a search on this site for others. This has been a topic in more than one thread.

    The cookie message sounds like a security setting in IE. I don't have IE 6, but it's somewhere if you click on Tools > Internet Options > Security or Advance tabs (at least that's where it is on IE 5.5).

    :)
     
  13. veena33

    veena33 Thread Starter

    Joined:
    Dec 3, 2002
    Messages:
    62
    thanks i'll fix that right away
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166026

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice