Excessive popups associated with IE, not with immedeate web page

I have a hijackthis file that hopefully someone can look at, I am running win 2000, fully updated and get random popups, that don't always popup when I am loading a web page, if someone can give me some hints I would greatly appreciate it, I have run norton, adaware, spysweeper. Nothing has found it

 

Hi Blaz0033,

Generally, it is a good idea to follow the steps in this Cleanup Tutorial first:
http://forums.majorgeeks.com/showthread.php?t=35407

If you still have problems, then send us a HijackThis Log.

Note that your HijackThis should be up-to-date (v1.98.2) and extracted to its own safe folder - C:\Program Files\HijackThis

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Best
PP

 

Hijackthis file...in response to previous question

Attached is the hijack this file, I have run all the reccommended programs to rid my computer of general popups, and "registry scan" popups. can someone look at this and help me with fixing things...thanks

 

Re: Hijackthis file...in response to previous question

Hi Blaz0033,

Please keep everything in the same thread. Cuts down on confusion. I'll take a look at your log when I get a chance and post back then.

PP

 

Re: Hijackthis file...in response to previous question

Thanks Chas

Blaz0033,
Please look in Add or Remove Programs for Web Offer and remove it.

Please print this out so that you can operate with all browser windows CLOSED and then run HijackThis and Check the Boxes for the following:

If you are not using a proxy server or these are not familiar, then check their boxes-
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.34.242.8:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 24.34.242.8

These are BAD, so Check their Boxes -
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {418E6705-EE63-219E-D205-12550AF07C1F} - C:\WINNT\system32\ozobbo.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKCU\..\Run: [Yssiggdb] C:\WINNT\system32\??rss.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

If you do not know what this is, then Check its Box -
O4 - HKCU\..\Run: [Aitc] C:\Documents and Settings\Mark .FARSIDE\Application Data\sara.exe

Your 016 entries look tame, so we'll leave them alone for now.

Make sure ALL browser windows are CLOSED when you click FIX.

Now, reboot into Safe Mode with the viewing of hidden files Enabled and DELETE the following:
C:\WINNT\system32\??rss.exe
C:\PROGRA~1\Web Offer

Again, if you don't know what this is, then DELETE it - - -> C:\Documents and Settings\Mark .FARSIDE\Application Data\sara.exe

Reboot to Normal Windows, attach a fresh HJT Log and tell us how things are working. Let us know if you recognize the questionable items. I'll check back when I get a chance - I'm usually here in the wee hours

Best,
PP