Go Back   I-Mockery Forum > I-Mockery Miscellaneous Forums > Questions, Suggestions, and Tech Support
Reload this Page tHE pOp-UP THAT jUST WONT gO away!!!!
FAQ Members List Calendar Today's Posts

Reply
 
Thread Tools Display Modes
  #1  
FartinMowler FartinMowler is offline
Banned
FartinMowler's Avatar
Join Date: Feb 2003
Location: incoherant
FartinMowler sucks
Old Oct 18th, 2004, 03:39 PM        tHE pOp-UP THAT jUST WONT gO away!!!!
One stupid viagra pop-up...that I'm possitive that is in my system because I can get rid of everything but this one...I have Ad-aware...Spybot...Spyware blaster and anti-pop up programs I've wiped my system out not too long ago and it's alway's this same pop-up that comes back.
Reply With Quote
  #2  
MetalMilitia MetalMilitia is offline
Hitler's Canoe!
MetalMilitia's Avatar
Join Date: Sep 2004
Location: UK
MetalMilitia is probably a spambot
Old Oct 18th, 2004, 03:49 PM       
Mabey it comes with a program you have installed such as a download accelerator or some such crap.
__________________
Quote:
Originally Posted by bigtimecow View Post
japan
Reply With Quote
  #3  
FartinMowler FartinMowler is offline
Banned
FartinMowler's Avatar
Join Date: Feb 2003
Location: incoherant
FartinMowler sucks
Old Oct 18th, 2004, 03:59 PM       
Yes, again you are most likely correct. It would be nice to figure out which one.
Reply With Quote
  #4  
Emu Emu is offline
Level 29 ♂
Emu's Avatar
Join Date: Aug 2003
Location: Peoria, IL
Emu is probably a real personEmu is probably a real person
Old Oct 18th, 2004, 04:42 PM       
It's not spyware, it's your wife trying to tell you something.
Reply With Quote
  #5  
eggyolk eggyolk is offline
zoom
eggyolk's Avatar
Join Date: Aug 2003
eggyolk is probably a spambot
Old Oct 18th, 2004, 07:04 PM       
the daily zing

keep em coming!
Reply With Quote
  #6  
Raize Raize is offline
Senior Member
 
Join Date: Mar 2003
Location: Idaho
Raize is probably a spambot
Old Oct 21st, 2004, 08:10 PM       
Look for anything out of the ordinary in your task list. Not just .exe files, but other ones as well. Or get HijackThis, download and run it and post your logs here.
Reply With Quote
  #7  
FartinMowler FartinMowler is offline
Banned
FartinMowler's Avatar
Join Date: Feb 2003
Location: incoherant
FartinMowler sucks
Old Oct 21st, 2004, 09:54 PM       
Running processes:
EWINNT\System32\smss.exe
EWINNT\system32\winlogon.exe
EWINNT\system32\services.exe
EWINNT\system32\lsass.exe
EWINNT\system32\svchost.exe
EWINNT\system32\spoolsv.exe
EProgram Files\Common Files\Symantec Shared\ccEvtMgr.exe
EWINNT\System32\Ati2evxx.exe
EWINNT\System32\svchost.exe
EProgram Files\Norton AntiVirus\navapsvc.exe
EPROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
EWINNT\system32\regsvc.exe
EWINNT\system32\MSTask.exe
EPROGRA~1\Toolbar\TBPSSvc.exe
EWINNT\System32\WBEM\WinMgmt.exe
EWINNT\Explorer.exe
EWINNT\Mixer.exe
EProgram Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
EProgram Files\Common Files\Real\Update_OB\realsched.exe
EProgram Files\QuickTime\qttask.exe
EPROGRA~1\Toolbar\TBPS.exe
EProgram Files\Common Files\Symantec Shared\ccApp.exe
EPROGRA~1\Toolbar\PIB.exe
EProgram Files\Spybot - Search & Destroy\TeaTimer.exe
EProgram Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
EProgram Files\Sony Corporation\Image Transfer\SonyTray.exe
EProgram Files\WinZip\WZQKPICK.EXE
EProgram Files\Yahoo!\Messenger\ymsgr_tray.exe
EPROGRA~1\Yahoo!\browser\ycommon.exe
EProgram Files\Yahoo!\browser\ybrwicon.exe
EPROGRA~1\mozilla.org\Mozilla\Mozilla.exe
EProgram Files\Yahoo!\browser\ybrowser.exe
EPROGRA~1\WINZIP\winzip32.exe
EDocuments and Settings\marty.MARTY-16R0T77EY\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/c...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://EPROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - EPROGRA~1\Toolbar\toolbar.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - EProgram Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_20_0 .dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - EPROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - EPROGRA~1\Toolbar\toolbar.dll
O2 - BHO: IYBookmarkHO Class - {8B11A219-80C8-4B42-B558-B8C14D1AA8C4} - EProgram Files\Yahoo!\browser\ybmho.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - EProgram Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - EProgram Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: RHSI Toolbar - {4DF5B116-4FD9-4039-B377-1130953A980F} - EProgram Files\Rogers Hi-Speed Internet\RHSI Toolbar\ToolBand.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - EPROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - EProgram Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - EWINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - EProgram Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_20_0 .dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] EProgram Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] EWINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "EProgram Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "EProgram Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebSavingsFromEbates0] "EProgram Files\WebSavings_from_Ebates\WebSavingsFromEbates0 .exe"
O4 - HKLM\..\Run: [TBPS] EPROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [ccApp] "EProgram Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "EProgram Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Outpost Firewall] EPROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [cdexv] EWINNT\System32\cdexv.exe
O4 - HKCU\..\Run: [RHSI SHS] "EProgram Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "EProgram Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] EProgram Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] EProgram Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "EProgram Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [Morpheus] "EProgram Files\StreamCast\Morpheus\Morpheus.exe" -min
O4 - Global Startup: Harmony Monitor.lnk = EProgram Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
O4 - Global Startup: Image Transfer.lnk = EProgram Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = EProgram Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - EProgram Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - EProgram Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - EProgram Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - EProgram Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - EWINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - EWINNT\web\related.htm
O12 - Plugin for .pdf: EProgram Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - EProgram Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/c...on=4,3,2,20802
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - EPROGRA~1\Toolbar\toolbar.dll
Reply With Quote
  #8  
Ninjavenom Ninjavenom is offline
Lord Felch Demon
Ninjavenom's Avatar
Join Date: Feb 2003
Ninjavenom is probably a spambot
Old Oct 24th, 2004, 12:49 PM       
Holy crap, you have a lot of stuff running. Compare that to this:

Code:
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Torrents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suprnova.org/
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

The things that stand out to me are the following:

Code:
E:\PROGRA~1\Toolbar\TBPSSvc.exe 
E:\PROGRA~1\Toolbar\TBPS.exe 
E:\PROGRA~1\Toolbar\PIB.exe
E:\PROGRA~1\Yahoo!\browser\ycommon.exe 
E:\Program Files\Yahoo!\browser\ybrwicon.exe 
E:\Program Files\Yahoo!\browser\ybrowser.exe

Is that yahoo stuff like a browser, or a toolbar accessory? Toolbars are the bane of the web browser's existence.
Reply With Quote
Reply

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

   


All times are GMT -4. The time now is 11:18 AM.

I-Mockery.com - Archive - Top

© 2008 I-Mockery.com
Powered by: vBulletin
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.