onslaught of popups!!!

Status
Not open for further replies.
C

canooten

In Runtime
Messages
276
Wondered if anyone could take a look at my HijackThis log and tell my why I'm getting popups with no IE windows open. No viruses, no spyware and the firewall is closed up tight.

Thanks!!!

---------------------------------------------

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iolo\Common\Task Agent\task_agent.exe
C:\WINDOWS\System32\wintit.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\task_agent.exe
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintit.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.5187268518
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D30F57-CCA0-4249-80F1-3A23209D97DE}: NameServer = 192.168.1.254
 
I didn't see anything specific in that listing. What you could do to be extra safe is (I apologize in advance if you've already done anything I'll be mentioning below):

1) run spybot (updated 12000)
2) run adaware (why not)
3) disable messenger service - if you don't know how to do that, I'll reply back if you don't know (don't disable it through msconfig)
4) run msconfig - go to the last tab and see if you know every single program that starts up
5) run msconfig - go to services tab and click on hide all microsoft services, and then make sure you know every non-microsoft service running
6) install google bar - one of the best pop up blockers when surfing
7) install a firewall - zonealarm
8) run an antivirus - a different one
9) run windows update

If you've done all those and even updated them, then you have to consider if it's one of your programs that are giving you pop ups like logitech.

I looked at your list again , what's "O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintit.exe", sounds like porn, heh, I might be wrong.

Well good luck. Reply back with the results.
 
I would agree with all that except zone alarm - I wouldnt install that personally. I would hilight the google toolbar or go with a a browser like Mozilla.
 
Haven't run spybot, but I have run adaware twice. Got a few hits on that the first time and deleted all entries, still got the popups and ran again with no results that time. I'll try spybot just for kicks.

I run Norton AV, all definitions are current and scans are done twice a week. Nothing going there either.

I disabled messenger service last year when I started getting those popups, but these are IE ads not just dialog boxes (which is all I ever got from the messenger service.

I'm using the google bar and it works on everything but these popups. Plus the majority of the popups I'm getting are when there are no IE windows open at all (I'm not browsing).

I keep Windows up to date, though I just checked the update site and there were 3 critical updates that I didn't have. One was an IE6 update, one was WinXP and the other was an Access issue.

I'm installing the updates now and I'll try spybot in a few.....
 
canooten said:

I'm using the google bar and it works on everything but these popups. Plus the majority of the popups I'm getting are when there are no IE windows open at all (I'm not browsing).
Click to expand...

Then that means these things are probably being produced from your PC. We dont recommend Spybot S&D just for kicks, theres things it picks up that AA doesnt.
 
Spybot may find the problem. =)

Theres a small bug when running the update, or at least I get it, when you try to update it, it'll freeze unless you set it to Australia. You can change where it downloads updates in the dropdown menu next to the button download updates.

If you do it right, you should be scanning for 12,688 known spyware.

By the way, make sure you read each thing it picks up on, sometimes it may find something that's part of kodak or other good software. It'll usually give you a description, so it won't be difficult.
 
Since I do rely on some software that does have a little bit of spyware involved, (Mainly Download Excellerator) i use the following programs in the following order to clean up those f***ing pop ups.

1. Spybot Search and Destory

then if there is still a problem....
2. Ad Aware 6.0

and there if there is still a problem....
3. HiJack This :rolleyes:

4. HiJack This again :eek:

5. HiJack This and again :angry:

6. fdisk, format C, re-install OS as HiJack this will kill the rest of my OS is I using any further. :mad: :mad: :mad:
 
I ran spybot and it gave a list of offending files. Many of them were IE files that it said could allow outside access. I allowed the program to fix all the problems it found but 2. 2 of the files were from Kazaa Lite. I've had that program installed for over a year with no problems, so I know that's not the case. In fact, it had been months since I had even used that program when the popup thing started.

Anyway, as soon as I let spybot fix the problem files and I reboot, the popups start right back up, so that did no good at all.
 
the easiest way to do is getting a cpumeter, to check what weird programs are running. I've been using this technique for a long time.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom