Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I am getting pop up windows when i open open a page from IE browser. Recently i installed Google pop up killer seems like it has not solved the problem. I am still getting the popups which is really nasty. Any help is highly appreciated.
Here is the log from HijackThis:
Logfile of HijackThis v1.97.7
Scan saved at 12:19:30 PM, on 1/27/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\bentaa\beremote.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\Promon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.exe
C:\WINNT\System32\mnmsrvc.exe
C:\PROGRA~1\Xerox\DSClient\DsMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Documents and Settings\rgunturu\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchenhancement.com/searchbar/iev1.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sandial Systems
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\scbar\v1\scbar.dll (file missing)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINNT\System32\aess8.dll
O2 - BHO: (no name) - {22941A26-7033-432C-94C7-6371DE343822} - C:\Program Files\scbar\v1\scbar.dll (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [CLAUDIO] C:\Program Files\XemiComputers\Claudio\Claudio.exe
O4 - HKCU\..\Run: [ANR] C:\Program Files\XemiComputers\Audio Notes Recorder\ANR.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - Startup: Finish Installing....lnk = C:\Program Files\BonziBUDDY\bbsmartstubfal.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://telugu.indiainfo.com/wfplayer/tdserver.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50038/QDow.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FON19106/flash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} (SBFullInst Control) - http://www.spyblast.com/download/SBFull.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
--Thanks in advance
0 
I have run CWShredder and ad-aware some time back and i have not seen pop ups after that. Adaware has removed bunch of files that are affected.
Thanks for the Help.
Here is the current log.
Logfile of HijackThis v1.97.7
Scan saved at 1:19:51 PM, on 1/27/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\bentaa\beremote.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\Promon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.exe
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rgunturu\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sandial Systems
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [CLAUDIO] C:\Program Files\XemiComputers\Claudio\Claudio.exe
O4 - HKCU\..\Run: [ANR] C:\Program Files\XemiComputers\Audio Notes Recorder\ANR.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - Startup: Finish Installing....lnk = C:\Program Files\BonziBUDDY\bbsmartstubfal.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://telugu.indiainfo.com/wfplayer/tdserver.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50038/QDow.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F9F15586FA62} (SBFullInst Control) - http://www.spyblast.com/download/SBFull.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
0
Okay, now I am not an expert or anything, but looking at that, I think I see a few problems. One (and please correct me if I'm wrong techies), but I see a google toolbar. Do you have this running on your comp? This sparks popups similar to the sites you are visiting. Also....you need to get rid of Bonzi Buddy. That program is buggy.
0
Yep.....get rid of that Google popup killer. Get a good popup blocker. Try going to download.com or tucows.com
A good one that I have found is Popup Stopper Pro. Also, have you ran your virus scanner, such as Norton or McAfee?
0
Yeah I ran the system using virus scanner with the latest definitions and it did not report anything. I did remove the Bonzibuddy. I will be removing the Google popup killer as well.
Definitely the system is much better now.
Thanks for your direction. It really helped.
0
I can't believe the ignorance here. I incourage all my users to use the google bar with pop up blocking. Works great. Defeats the pop up and if you want a particular sites pop up they are just a click away. The google bar is not the problem it's the hidden spyware on the computer. Run adaware to purge it off and then no more problems.
0
Th problem you have is that your security setting are probably not configured properly, thereby not prompting you at the beginning about whether or not you want to download the application. Read on to confirm.
To uninstall the program, first exit out of it (right click on the F icon in the lower right of your system tray, then execute the Exit command). Once you have exited from the program, use Add/Remove within your Control Panel to uninstall it. This will remove the program from your computer.
If the program auto-installed when you visited their site, you should be aware that your system might not be set up to guard against that type of activity FROM ANY SITE. This is one way in which computer systems get infected with viruses. We HIGHLY recommend you follow the instructions below to ascertain the security settings of your computer.
Since the Forbes alerting software is a SIGNED ActiveX program, a dialog box should first have come up asking your permission to Accept it before downloading. If it did not do that, it may indicate your system is set up to download ANY programs without your intervention, which you should definitely be concerned with.
We suggest checking your browser settings to confirm that your security parameters are set properly.
If you use IE6, open Tools/Internet Options and click on the Security tab. Once there, click on the Custom Level button. Look for the heading “ActiveX controls and plug-ins”. The most important setting under that menu is "Download signed ActiveX controls". At a minimum, this should normally be set to Prompt. If yours is set to Enable, that could explain why the program auto-installed without first asking. We strongly recommend you change this setting to Prompt if it is set to Enable, just so you do not experience a similar problem at other sites.
If you originally accepted the "Always Trust Content From Forbes" setting in the installation dialog box, it would establish Forbes as a trusted Publisher and auto-install the client in the future without prompting you first no matter what the "Download signed ActiveX controls" setting was set to.
To change this in Windows XP, go to Tools/Internet Options and click on the Content tab. In the Certificates box to the far right, click on the Publishers button. If Forbes is in your list (you may need to scroll), delete it. That should stop Forbes’ auto-installs from happening.
Hope that helps. :-)
0
I'm having the same problems. I've run ad-aware, cwshredder. I dont have bonzai buddy or any type of additional toolbar. I've even tried to uninstall as much of internet explorer as I can and am now using Mozilla as a browser but I am still getting an insane amount of popups. I am permanently connected to the internet through cable. Even when I have no browser open I still get pop-ups. The interesting thing is that even though Mozilla is set as my default web browser all of these pop-ups are coming up under internet explorer. Can anyone help, its driving me nuts. Thanks!
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
