onslaught of popups!!! - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
Thread Tools Display Modes
Old 03-09-2004, 08:14 AM   #1 (permalink)
Super Techie
Join Date: Mar 2004
Posts: 276
Default onslaught of popups!!!

Wondered if anyone could take a look at my HijackThis log and tell my why I'm getting popups with no IE windows open. No viruses, no spyware and the firewall is closed up tight.



Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iolo\Common\Task Agent\task_agent.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\task_agent.exe
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintit.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.help.bellsouth.net/sdccom...ad/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...877.5187268518
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/Te...loads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D30F57-CCA0-4249-80F1-3A23209D97DE}: NameServer =

canooten is offline  
Old 03-09-2004, 02:10 PM   #2 (permalink)
Junior Techie
Join Date: Mar 2004
Posts: 69
Send a message via AIM to provoko

I didn't see anything specific in that listing. What you could do to be extra safe is (I apologize in advance if you've already done anything I'll be mentioning below):

1) run spybot (updated 12000)
2) run adaware (why not)
3) disable messenger service - if you don't know how to do that, I'll reply back if you don't know (don't disable it through msconfig)
4) run msconfig - go to the last tab and see if you know every single program that starts up
5) run msconfig - go to services tab and click on hide all microsoft services, and then make sure you know every non-microsoft service running
6) install google bar - one of the best pop up blockers when surfing
7) install a firewall - zonealarm
8) run an antivirus - a different one
9) run windows update

If you've done all those and even updated them, then you have to consider if it's one of your programs that are giving you pop ups like logitech.

I looked at your list again , what's "O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintit.exe", sounds like porn, heh, I might be wrong.

Well good luck. Reply back with the results.

provoko is offline  
Old 03-09-2004, 04:24 PM   #3 (permalink)
Master Techie
Join Date: May 2003
Posts: 2,231
Send a message via Yahoo to ADZ

I would agree with all that except zone alarm - I wouldnt install that personally. I would hilight the google toolbar or go with a a browser like Mozilla.
ADZ is offline  
Old 03-09-2004, 06:05 PM   #4 (permalink)
Super Techie
Join Date: Mar 2004
Posts: 276

Haven't run spybot, but I have run adaware twice. Got a few hits on that the first time and deleted all entries, still got the popups and ran again with no results that time. I'll try spybot just for kicks.

I run Norton AV, all definitions are current and scans are done twice a week. Nothing going there either.

I disabled messenger service last year when I started getting those popups, but these are IE ads not just dialog boxes (which is all I ever got from the messenger service.

I'm using the google bar and it works on everything but these popups. Plus the majority of the popups I'm getting are when there are no IE windows open at all (I'm not browsing).

I keep Windows up to date, though I just checked the update site and there were 3 critical updates that I didn't have. One was an IE6 update, one was WinXP and the other was an Access issue.

I'm installing the updates now and I'll try spybot in a few.....
canooten is offline  
Old 03-09-2004, 06:08 PM   #5 (permalink)
Ultra Techie
Join Date: Dec 2003
Posts: 590
Send a message via AIM to Shrapnill

Originally posted by canooten

I'm using the google bar and it works on everything but these popups. Plus the majority of the popups I'm getting are when there are no IE windows open at all (I'm not browsing).
Then that means these things are probably being produced from your PC. We dont recommend Spybot S&D just for kicks, theres things it picks up that AA doesnt.
System specs? Lets just get down to it people:

My penis is bigger than yours.
Shrapnill is offline  
Old 03-09-2004, 06:27 PM   #6 (permalink)
Super Techie
Join Date: Mar 2004
Posts: 276

OK, sorry about the spybot crack. I heard on another board that the updates for spybot had been lagging lately and it wasn't as useful as it used to be.

Not sure if this even matters, but the source for the majority of the popups is...


I don't know if that's associated with anything or not.
canooten is offline  
Old 03-09-2004, 06:31 PM   #7 (permalink)
Junior Techie
Join Date: Mar 2004
Posts: 69
Send a message via AIM to provoko

Spybot may find the problem. =)

Theres a small bug when running the update, or at least I get it, when you try to update it, it'll freeze unless you set it to Australia. You can change where it downloads updates in the dropdown menu next to the button download updates.

If you do it right, you should be scanning for 12,688 known spyware.

By the way, make sure you read each thing it picks up on, sometimes it may find something that's part of kodak or other good software. It'll usually give you a description, so it won't be difficult.
provoko is offline  
Old 03-09-2004, 09:40 PM   #8 (permalink)
Harper's Avatar
Join Date: Jan 2004
Location: Australia
Posts: 6,918

Since I do rely on some software that does have a little bit of spyware involved, (Mainly Download Excellerator) i use the following programs in the following order to clean up those f***ing pop ups.

1. Spybot Search and Destory

then if there is still a problem....
2. Ad Aware 6.0

and there if there is still a problem....
3. HiJack This

4. HiJack This again

5. HiJack This and again

6. fdisk, format C, re-install OS as HiJack this will kill the rest of my OS is I using any further.

Main Rig - AMD FX-8350x8 4.0Ghz CPU, 4x 8Gb (32Gb) DDR3 Ram, Gigabyte GA-970A-D3, GeForce GT 970 4Gb, 1x 256Gb SSD\8Tb (3+2+2+1) SATA HDD, DVDRW, SB X-Fi, Win 10 (64-bit)
HP zBook 14 - Intel Core i7 4600U (2.1 - 2.7 GHz), 16GB, 512GB SSD, 14" Display, Win 10 (64-bit)
Mobile Phone : Samsung Galaxy 8+Console : Play Station 4 Pro
Harper is offline  
Old 03-10-2004, 08:46 AM   #9 (permalink)
Super Techie
Join Date: Mar 2004
Posts: 276

I ran spybot and it gave a list of offending files. Many of them were IE files that it said could allow outside access. I allowed the program to fix all the problems it found but 2. 2 of the files were from Kazaa Lite. I've had that program installed for over a year with no problems, so I know that's not the case. In fact, it had been months since I had even used that program when the popup thing started.

Anyway, as soon as I let spybot fix the problem files and I reboot, the popups start right back up, so that did no good at all.
canooten is offline  
Old 03-10-2004, 10:14 AM   #10 (permalink)
Super Techie
Join Date: Dec 2003
Posts: 333
Send a message via AIM to Harold III

the easiest way to do is getting a cpumeter, to check what weird programs are running. I've been using this technique for a long time.

I do this for Aiur. NOT YOU.
Harold III is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 11:00 AM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.