| | |
Microsoft IE Offline Pop-ups
![]() |
It seems as if your browser was hijacked or something for you to be getting IE popups while offline. Are the offline ones always for the same site?
•
•
•
•
Originally Posted by eyeamdaman1
I don't actually know what you mean by "for the same site" but the pop-ups usually are all the same kinds of advertisements.
.
If you can find out where the popups are trying to take you, write down the address, which will probably turn out to be something like: "ads.x10.com" or something. after you compile a large list of these addresses, throw them in your HOSTS file in %system%/System32/drivers/etc folder using this format:
127.0.0.1 www.adbanneraddress.com (thats not a real addy, btw)
what this does is create a kind of DNS "busy signal" for your computer so that everytime the browser is told to go to one of the sites in your HOSTS file, it gets looped back to your local machine instead. done.
I have a rather large hosts file that I'd be willing to give you, you can also get then on the web in different places.
I found that this eliminated one hole through which browser hijackings could occur and proliforate. I hope it helps you.
-gkd
Last edited by gkdmaths; Jan 4th, 2004 at 3:40 pm. Reason: spleeing
Hi eyeamdaman1
What cscgal is wondering is if they are Messenger pop-ups.......Does Messenger appear at the top of a box with them in. ?
Also if you really want to get your browser and comp sorted out, do this :-
Please Download hijackthis from
http://www.merijn.org/files/hijackthis.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
After the scan has finished the "scan" button will turn into a "save log" button
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
steam
What cscgal is wondering is if they are Messenger pop-ups.......Does Messenger appear at the top of a box with them in. ?
Also if you really want to get your browser and comp sorted out, do this :-
Please Download hijackthis from
http://www.merijn.org/files/hijackthis.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
After the scan has finished the "scan" button will turn into a "save log" button
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
steam
•
•
Join Date: Dec 2003
Posts: 16
Reputation:
Solved Threads: 0
Logfile of HijackThis v1.97.7
Scan saved at 7:59:27 PM, on 1/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\uptodate.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\SuperBar\sbhc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Scan saved at 7:59:27 PM, on 1/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\uptodate.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\SuperBar\sbhc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
•
•
Join Date: Dec 2003
Posts: 16
Reputation:
Solved Threads: 0
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Downloaded Program Files\OELoader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\winservn.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Alset\HelpExpress\Owner\HXIUL.EXE
C:\Program Files\Alset\HelpExpress\Owner\Client\HelpExp.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\editpad.exe
C:\Program Files\Alset\HelpExpress\Owner\HXDL.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\Program Files\Alset\HelpExpress\Owner\Client\PrintMonitor.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\emsw.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Downloaded Program Files\OELoader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\winservn.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Alset\HelpExpress\Owner\HXIUL.EXE
C:\Program Files\Alset\HelpExpress\Owner\Client\HelpExp.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\editpad.exe
C:\Program Files\Alset\HelpExpress\Owner\HXDL.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\Program Files\Alset\HelpExpress\Owner\Client\PrintMonitor.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\emsw.exe
•
•
Join Date: Dec 2003
Posts: 16
Reputation:
Solved Threads: 0
C:\Program Files\America Online 8.0a\waol.exe
C:\Program Files\America Online 8.0a\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.webcounter.cc/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?newlx (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?newlx about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?newlx about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://searchmyrequest.com/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R3 - URLSearchHook: (no name) - - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bhs5xvdn.slt\prefs.js)
O1 - Hosts: 209.132.200.78 auto.search.msn.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll
O2 - BHO: (no name) - {23BC1CCF-4BE7-497F-B154-6ADA68425FBB} - C:\WINDOWS\System32\expext.dll
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O3 - Toolbar: 7FaSSt Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Program Files\FS\7Search.dll
C:\Program Files\America Online 8.0a\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.webcounter.cc/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?newlx (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?newlx about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?newlx about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://searchmyrequest.com/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R3 - URLSearchHook: (no name) - - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bhs5xvdn.slt\prefs.js)
O1 - Hosts: 209.132.200.78 auto.search.msn.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINDOWS\System32\msiefr40.dll
O2 - BHO: (no name) - {23BC1CCF-4BE7-497F-B154-6ADA68425FBB} - C:\WINDOWS\System32\expext.dll
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O3 - Toolbar: 7FaSSt Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Program Files\FS\7Search.dll
![]() |
Other Threads in the Web Browsers Forum
- Previous Thread: No e-mail pulldown default in IE6
- Next Thread: IE Slow click response in Win98
| Thread Tools | Search this Thread |
andrewlippmann android aol apple awesomebar background britain browser browserproblems browsers browsing budget bug bughunt childabuse china chrome code compuserve contest crash defect development dns email error eu europe exploit explorer facebook fennec fileeditmissing firefox flash gecko google government history ie8 internet internet.broadband internetexplorer internetexplorer8 internetusage iphone leak linux malware marshallmcluhan media memory microsoft mobile mobilebrowsers mosaic mozilla music netscape networking news newspapers offline onlinecommunities opensource opera opera.software porn privacy problem safari save security server sex silverlight social software survey surveys teenagers television testing thunderbird twitter u.s. uk update usenet users utest web webbrowser webdevelopment webusage wikipedia windowslivemail worldrecord worldwideweb xp







