1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Crazy pop up ads

Discussion in 'Web & Email' started by mctonto, Sep 10, 2003.

Thread Status:
Not open for further replies.
  1. mctonto

    mctonto Thread Starter

    Joined:
    Sep 9, 2003
    Messages:
    2
    i've had trouble with pop up ads and have read some of the other threads on this. I've since downloaded spybot and hijack, and here is my log, if you can tell me what to "fix" it would be greatly appreciated.
    thanks.

    Logfile of HijackThis v1.96.4
    Scan saved at 1:24:37 PM, on 09/10/2003
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    c:\jet95\jshelper.exe
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\JET95\JETSTAT.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE
    C:\WINDOWS\TVMD.EXE
    C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
    C:\PROGRAM FILES\MSNIA\TRAYCLNT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.globaltoolbar.com/ie_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.globaltoolbar.com/ie_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.globaltoolbar.com/ie_search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.globaltoolbar.com/ie_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.globaltoolbar.com/ie_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.iwon.com/index.jsp?PG=global&SEC=bnav
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.supret.com/
    R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\WINSHOW.DLL (file missing)
    O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM213.DLL
    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM214.DLL
    O3 - Toolbar: (no name) - {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - (no file)
    O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL
    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Internet] C:\WINDOWS\Internet.exe
    O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.EXE -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PopUpKiller] C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
    O4 - Startup: MSN Internet Access.lnk = C:\Program Files\MSNIA\TRAYCLNT.EXE
    O8 - Extra context menu item: Power Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSIETS.DLL//iemenu
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O16 - DPF: {8FBFE5FF-5E98-11D3-80AF-00C04FCFBC72} (SurveyCtl35 Class) - http://activex.microsoft.com/controls/mtswizards/sw35.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37635.3340856481
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...N=yes&Vehicle_Number_int=1011971&action=media
    O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} (SecureWeb Class) - http://secure.goodthinxx.com/(soxcf4454wtxkp55gynzjg45)/secureweb/securewebgt.cab
    O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} (iWon Installer Start) - http://i1img.com/images/nocache/copilot/i1initialsetup1.0.0.5.cab
    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack.cab
    O16 - DPF: ChatSpace Full Java Client 2.1.0.84 - http://pressbox.rtsports.com:443/Java/cs4fs084.cab
     
  2. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,241
    Hi mctonto, and welcome to TSG.. :)

    Lot's here.. :)

    First, please go here http://www.webattack.com/get/cwshredder.shtml and run the Coolwebshredder program. I'm not 100% sure, but it looks as though Global Finder has changed to Global Toolbar (this is more for info to the other techs here) :)

    Then please run a new Hijack log, and check to fix all of the items below. Next close all browser windows and click Fix

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.globaltoolbar.com/ie_search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.globaltoolbar.com/ie_search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.globaltoolbar.com/ie_search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.globaltoolbar.com/ie_search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.globaltoolbar.com/ie_search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about :blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.iwon.com/index.jsp?PG=global&SEC=bnav

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.supret.com/

    R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

    O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINDOWS\WINSHOW.DLL (file missing)

    O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL

    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM213.DLL

    O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM214.DLL

    O3 - Toolbar: (no name) - {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - (no file)

    O3 - Toolbar: (no name) - {8FB0F3E2-5193-11d7-9F88-0050FC5441CB} - (no file)

    O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\1.BIN\IWONBAR.DLL

    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)

    O4 - HKLM\..\Run: [Internet] C:\WINDOWS\Internet.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

    O8 - Extra context menu item: Power Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSIETS.DLL//iemenu

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...mp;action=media

    O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} (SecureWeb Class) - http://secure.goodthinxx.com/(soxcf4454wtxkp55gynzjg45)/secureweb/securewebgt.cab

    O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} (iWon Installer Start) - http://i1img.com/images/nocache/cop...etup1.0.0.5.cab

    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://usa-scripts.downloadv3.com/b...TML_US_pack.cab


    Then reboot and go to Start | Settings | Control Panel | Add/Remove Programs and remove Internet Optimizer. Look also for this program.. Active Alert and remove also if it's there.

    Then could you go here and run the online virus scan. This entry..

    O4 - HKLM\..\Run: [Internet] C:\WINDOWS\Internet.exe

    ..shows that you have the I-Shell trojan lurking.

    Got to get ready for the evening now, so when you've done all the above, could you post a new log for a final once over.. :)

    Cheers

    Liam
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/163750

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice