Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Getting constant popups even when not on Internet Explorer.

  1. #11
    Junior Member
    Join Date
    Jul 2006
    Posts
    6

    Default

    Did as you said, but I couldn't remove the .exe file from the TEMP folder. I had to end the process from the Task Manager and then the file disappeared. Then when I rebooted, it reappeared - seems to be renamed each time though, this time its AR8471.exe. But other than all that, my computer seems to be working fine.

    Logfile of HijackThis v1.99.0
    Scan saved at 9:19:52 AM, on 8/3/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\MWD VPN\IPSec Connections\cvpnd.exe
    C:\Program Files\OfficeScan NT\ntrtscan.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\OfficeScan NT\tmlisten.exe
    C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe
    C:\Program Files\Tally Systems Corp\TSCensus\bin\CClient.exe
    C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\tp4serv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\System32\AEIWLSTA.EXE
    C:\Program Files\Funk Software\Proxy Host\phtray.exe
    C:\Program Files\OfficeScan NT\pccntmon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    D:\Documents and Settings\u08085\Application Data\MetaPass\sysdisk\MetaPassT.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\IBMTOOLS\APPS\BlueTooth Application\BTTray.exe
    C:\Program Files\IBMTOOLS\APPS\BlueTooth Application\BTStackServer.exe
    C:\Program Files\Tally Systems Corp\TSCensus\bin\TSUsage32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    d:\Documents and Settings\u08085\Desktop\Tools\HijackThis 1.99\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a9.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a9.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.a9.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy1.mwd.h2o:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *mwd.dst.ca.us;*.mwd.h2o;*mwdh2o.*;*mwdh20.*;*mwdsc.org;*mwdsc.net;144.166.*.*;*arrowheadtunnels.com;*dvlake.*;www.bwaterwise.*;www.bewaterwise.*;www.calwaterfuture.org;www.socalwaterdialogue.org;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [EZEJTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
    O4 - HKLM\..\Run: [rrpcrg] C:\Program Files\XPOINT\PE\rrpcrg.exe
    O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
    O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MetaPass Quick Launch] "d:\Documents and Settings\u08085\Application Data\MetaPass\sysdisk\MetaPassT.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: MWD Virtual Private Networking Client.lnk = C:\Program Files\MWD VPN\IPSec Connections\vpngui.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
    O15 - Trusted Zone: http://*.getmsds.com
    O15 - Trusted Zone: http://*.trendmicro.com
    O15 - Trusted Zone: http://*.getmsds.com (HKLM)
    O15 - Trusted Zone: http://*.trendmicro.com (HKLM)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mwd.h2o
    O17 - HKLM\Software\..\Telephony: DomainName = mwd.h2o
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mwd.h2o
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\MWD VPN\IPSec Connections\cvpnd.exe
    O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
    O23 - Service: OfficeScanNT Personal Firewall - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
    O23 - Service: Proxy Host Service - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
    O23 - Service: QCONSVC - Unknown - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: OfficeScanNT Listener - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
    O23 - Service: TSCensus Collection Client - Tally Systems Corp. - C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe

  2. #12
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello there,

    Well, you must have done better than you thought because neither of those are showing in your log any more.

    Still running all right? Your log looks clean.

    Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

    MOST IMPORTANT!
    Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. Your current versions are outdated. I cannot stress enough how important this is.

    It is very important to maintain your Firewall.
    A tutorial on understanding and using firewalls may be found here.

    In order to protect yourself against spyware, you should consider installing and running the following free programs:

    SpywareBlaster
    A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

    SpywareGuard
    A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

    Ad-Aware SE
    A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

    Spybot-Search & Destroy
    A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

    IE/Spyad:
    It places over 5000 malicious websites and domains in your IE's restricted zone.
    IE/Spyad

    Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

    * Avoid illegal sites, because that's where most malware is present.
    * Don't click on links inside popups.
    * Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
    * Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

    Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
    http://www.mozilla.org/products/firefox/

    Please make sure to run your antivirus software regularly, and to keep it up-to-date.

    Take care!
    tea

  3. #13
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    As the problem appears to be resolved this topic has been archived.

    If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •