MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Please Help.. hijackthis log (pop ups)
November 14, 2019, 01:35:20 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 14, 2019, 01:35:20 PM

Login with username, password and session length
 Featured Sites:
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2 3 Go Down Print
Author Topic: Please Help.. hijackthis log (pop ups)  (Read 5609 times)
Diablo04186
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 18


Bookmark and Share

View Profile
« on: August 07, 2004, 03:39:41 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP Home
Problem Application Name & Version:
Problem Hardware Make & Model: HP Pavilon 734n
Error Messages:



Hi, I had this pop up problem for about a week now, I tried searching this forum like I usually do but I couldn't find anything so I thought I need more help and I signed up today to get some help.  I have been getting pop ups for about a week whether Iam surfing or not and I tried to fix it but I couldn't.  Please help me fix this problem.  Thanx

Logfile of HijackThis v1.98.0
Scan saved at 10:28:27 AM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
« Last Edit: August 07, 2004, 04:07:43 PM by Diablo04186 » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: August 07, 2004, 04:15:16 PM »

Is that your whole log?

Have you set some entries in the ignore list?
Or have you fix checked some entries yourself
It's important I see the whole log....

Don't try and fix anything, you may be hiding info or disabling needed programs
The latest version of hijackthis can be downloaded from
HERE or HERE

Make a new folder for this version and post a log....
Logged

 
Diablo04186
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 18


Bookmark and Share

View Profile
« Reply #2 on: August 07, 2004, 04:19:29 PM »

I downloaded new one like you said and this is the log I got, I think its same...

Logfile of HijackThis v1.98.1
Scan saved at 11:17:48 AM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: August 07, 2004, 04:27:17 PM »

You have a couple problems...
Again I ask, is that your whole log?
Have you set some entries in the ignore list?
Have you already tried to fix some entries

Try this....
Download and Install the free version of Ad-Aware
After installation-CHECK FOR UPDATES
Set these additional options for a custom scan
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

RESTART your computer and post back with a fresh hijackthis log
Logged

 
Diablo04186
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 18


Bookmark and Share

View Profile
« Reply #4 on: August 07, 2004, 04:53:54 PM »

I ran Ad-Aware and it found about 141 things on my computer, and I did try to fix it myself and It didn't work... there was this thing there that I wrote down that kept appearing once in a while... "69.20.16.183 ieautosearch"  And my hijackthis log looks same...

Logfile of HijackThis v1.98.1
Scan saved at 11:49:55 AM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: August 07, 2004, 05:04:29 PM »

I would of liked to seen the whole log, you may want to
go back to hijackthis 1.98.0
Click on CONFIG---Misc Tools---Backups and restore the backups
RESTART your computer

Then next:Could you download the VX2 Cleaner plugin for Ad-Aware
http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

After you save it to desktop follow the instructions from Ad-Awares'
site to install and run it, let me know what it finds

Make sure you post back with a fresh hijackthis log, we still have at least one entry we must remove
« Last Edit: August 07, 2004, 05:07:40 PM by benditup » Logged

 
Diablo04186
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 18


Bookmark and Share

View Profile
« Reply #6 on: August 07, 2004, 05:20:18 PM »

I already had VX2 cleaner plug-in, I read one of other posts you helped with that was similar to mine and already installed that in.  I don't have any backups because I deleted it couple days ago and I haven't ran Hijackthis in a while.

Logfile of HijackThis v1.98.1
Scan saved at 12:17:15 PM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #7 on: August 07, 2004, 05:34:35 PM »

Well, we can only work off of this then,hopefully you didn't remove anything you needed, or you'll be reinstalling those programs....

Access your Add/Remove Programs and remove WEB OFFERS if it exists

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

Restart your computer, you should be able
find this folder
C:\Program Files\Web Offer <--this folder
Send it to the recycle bin

Post back and let me know how you made out
Logged

 
Diablo04186
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 18


Bookmark and Share

View Profile
« Reply #8 on: August 07, 2004, 05:53:40 PM »

I deleted the web offer and did fix checked with hijack this, and as I opened this browser I got another Popup ad.

Logfile of HijackThis v1.98.1
Scan saved at 12:51:32 PM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: August 07, 2004, 05:58:46 PM »

Nothing in your log indicates any troubles
May I suggest that you download the Google Toolbar
http://toolbar.google.com/

If you set it properly, you can set it to the right of your address bar
Check out it's options
Let me know how you make out

I don't see it running in your log
but you can also try this small utility
http://grc.com/stm/shootthemessenger.htm
« Last Edit: August 07, 2004, 06:00:12 PM by benditup » Logged

 
Diablo04186
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 18


Bookmark and Share

View Profile
« Reply #10 on: August 07, 2004, 06:12:18 PM »

I just installed the google toolbar and the popup wasn't blocked by the toolbar.
What would you have done if I had a log "O1 - Hosts: 69.20.16.183 ieautosearch" on my hijackthis log? cuz I think I had that before i click to fix that and it keep appearing every few hours.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #11 on: August 07, 2004, 06:27:32 PM »

Download Hoster---Unzip to it's own folderHoster
Close down any browsers

Open Hoster---in the left pane you will see something like this



# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1 localhost



any lines below 127.0.0.1 you didn't manually add to the hosts file
Click on the RESTORE DEFAULTS button

Post back and let me know how things are them

« Last Edit: August 07, 2004, 06:28:26 PM by benditup » Logged

 
Diablo04186
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 18


Bookmark and Share

View Profile
« Reply #12 on: August 07, 2004, 06:32:33 PM »

Sorry, I didn't understand what you wanted me to do so i'll just put the host list things up here.  I don't know what host files do so I don't think I added any host files manually do my knowledge.

127.0.0.1  www.igetnet.com
127.0.0.1  code.ignphrases.com
127.0.0.1  clear-search.com
127.0.0.1  r1.clrsch.com
127.0.0.1  sds.clrsch.com
127.0.0.1  status.clrsch.com
127.0.0.1  www.clrsch.com
127.0.0.1  clr-sch.com
127.0.0.1  sds-qckads.com
127.0.0.1  status.qckads.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1  status.qckads.com
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #13 on: August 07, 2004, 06:42:52 PM »

Can you do me a favor and open Spybot S&D
Ensure your in Advanced mode
Click on Tools----Hosts files and Remove Spybots hosts file list and then
check your Hoster log
Use above instructions
Logged

 
Diablo04186
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 18


Bookmark and Share

View Profile
« Reply #14 on: August 07, 2004, 06:50:48 PM »

I did what you said and this is the result, and also did you want me to Restore to Original Hosts or? I haven't done that yet.

127.0.0.1  www.igetnet.com
127.0.0.1  code.ignphrases.com
127.0.0.1  clear-search.com
127.0.0.1  r1.clrsch.com
127.0.0.1  sds.clrsch.com
127.0.0.1  status.clrsch.com
127.0.0.1  www.clrsch.com
127.0.0.1  clr-sch.com
127.0.0.1  sds-qckads.com
127.0.0.1  status.qckads.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1  status.qckads.com
69.20.16.183  auto.search.msn.com
69.20.16.183  search.netscape.com
Logged

 
Pages: [1] 2 3 Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 20, 2017, 07:21:52 AM