Popups and Keyboard

Computing.Net > Forums > Security and Virus > Popups and Keyboard

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Popups and Keyboard

Name: rickstyll
Date: February 7, 2004 at 14:01:23 Pacific
OS: Windows XP Professional S
CPU/Ram: Pentium III 512MB

Comment:

I recently used Spybot, Ad-aware, and CWShredder, which removed most adware and popus. However, I still get a number of anoying popup adds. Also when using Internet Explorer, my keyboard seems to start messing up periodically. It's like something takes it over. For example, I'll be typing an email and letters will be capitalized randomly, even though I haven't pressed shift or caps lock. Similarly, my mouse will sometime multi-select even though I am not holding down ctrl or shift. Again, the keyboard behaviour only happens when iexplorer.exe is running.
The HijackThis log is as follows.
Logfile of HijackThis v1.97.7
Scan saved at 4:37:56 PM, on 2/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\System32\MsgSys.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\PROGRA~1\Zinio\ZDLM.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Ident\ident.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Handspring\HOTSYNC.exe
C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
C:\Download\Ad and Spyware detection removal\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sww.sas.com/wwm/technology9/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SAS
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=inetgw.unx.sas.com:80;gopher=inetgw.unx.sas.com:80;http=inetgw.unx.sas.com:80;https=inetgw.unx.sas.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sww.sas.com;*.*.sas.com;*.vm.sas.com;localhost;*.sas.com;<local>
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A3D117F-41E5-4EAB-A065-BFB5413D7536} - C:\WINNT\System32\cssm3c2s.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HWProfileCheck] wscript //B //T:120 c:\support\hwprofiles.vbe
O4 - HKLM\..\Run: [SS_Script] wscript C:\WINNT\system32\ss_script.vbs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SASRemote_Security_Notify] C:\PROGRA~1\SASREM~1\rsnotify.exe -notify
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe" -a
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.exe
O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: ident.lnk = C:\Program Files\Ident\ident.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\winnt\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.peopleclick.com
O16 - DPF: {0369528B-3082-11D2-9997-00A0C9B7A242} (PlaceWare Presentation-Upload Control) - http://scpwai.ops.placeware.com/etc/pwk/sas/placeware.aud.ieupload/UploadControl.cab
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E3} (ShowSetupObj3 Class) - http://invite.mshow.com/ShowSetup.cab
O16 - DPF: {8DDFB1F0-AC20-11D4-87DB-00C04F2C3577} (ClipSaveCtrl Class) - http://sww.sas.com/ds/dll/ClipSave.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://zinio.earthc.net/images.zinio.com/reader/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37853.6244328704
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D0} (EZListings) - http://www.therealyellowpageslive.net/live/ezlistng.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbh.ops.placeware.com/etc/place/RCC-BETA/pws-beta-02/5.1.0.104/lib/quicksilver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.sas.com
O17 - HKLM\Software\..\Telephony: DomainName = na.sas.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.sas.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = na.sas.com,na.sas.com,pc.sas.com,fyi.sas.com,unx.sas.com,sas.com,vm.sas.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = na.sas.com,na.sas.com,pc.sas.com,fyi.sas.com,unx.sas.com,sas.com,vm.sas.com

Any thing look wierd?
Rick

Sponsored Link

Ads by Google

Response Number 1

Name: Imp
Date: February 8, 2004 at 01:00:08 Pacific

Reply:

Hello Rick,
You have to know that as soon as you cleaned your computer with AdAware for exemple, and you come back later to web site where you get pop-ups, you will get again the cookies concerned again and again.
There is no way to rid off it permanently,
meanwhile you can download and try SpywareBlaster 2.61
This freeware will protect you against around 1100 cookies spywares, which is already not bad at all....
Don't forget to update the program as soon as installed....
Good luck.....

iexplore process still running trust 120 spacecam vista ione keyboard	mercury keyboard delux keyboard cisco 350 aironet driver xp
See More

Removing Spyware

Addess bar won't search

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Popups and Keyboard

popups and weird things

Summary

www.computing.net/answers/security/popups-and-weird-things/12408.html

random popups and slow internet

Summary

www.computing.net/answers/security/random-popups-and-slow-internet/21841.html

Disabled Mouse and Keyboard

Summary

www.computing.net/answers/security/disabled-mouse-and-keyboard/13361.html

From the Geek Dictionary
Mephy Run - A way to find items in Diablo 2 LOD. Most effective when ran over and over...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 7 Days.
Discuss in The Lounge
Poll History

Recent Posts
Google Wave

Boot Question

Foxconn G31-mxk 2.0 won't boot with 2 DIMM

cache accesss denied problem

cant access my yahoo maill

All Awaiting Reply

Tom's News
Man Pleads Guilty Selling Fake Chips to Navy

Threatening Rap on YouTube Lands Two in Jail

New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE