Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 11-13-2004, 11:07 PM   #1
Baseband Member
 
smackfan76's Avatar
 
Join Date: Sep 2004
Posts: 37
Send a message via Yahoo to smackfan76
Default PopUP Problem

Can anyone tell me if any of these programs are causing me to have a popup problem? I used Adware and It didnt find anything. I used hijack this to get this list but not sure about some of the items in the list.

Logfile of HijackThis v1.98.2
Scan saved at 8:08:12 PM, on 11/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\gzxebv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
E:\Programs\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [undxhqw] C:\WINDOWS\system32\gzxebv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098141682030
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.ghostsandlegends.com/AxisCamControl.ocx
O16 - DPF: {9D5B6642-8C3F-4504-B2FC-42779ABAE4B9} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/113/rssoft.cab


Anything in there that shouldn't be?
__________________

smackfan76 is offline   Reply With Quote
Old 11-14-2004, 12:16 AM   #2
Fully Optimized
 
rakedog's Avatar
 
Join Date: May 2004
Posts: 2,718
Send a message via AIM to rakedog
Default Re: PopUP Problem

Here is a list of some suspicious files I see:

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

You seem to have a lot of weather bugs. Luckily, these should be rather easy to remove. And by the way, you never mentioned you had norton, though i see files running. If you didn't install norton, that would be a virus that acts like it's norton, and you should delete that too.
__________________

__________________
hackthissite.org (criticalsecurity.net) | gentoo.org

The best argument against evolution are creationists themselves. They prove that life is devolving rather than evolving.
rakedog is offline   Reply With Quote
Old 11-14-2004, 02:53 AM   #3
The Candyman
 
~mr mixx~'s Avatar
 
Join Date: Jun 2004
Location: USA
Posts: 11,310
Default Re: PopUP Problem

If you haven't screened with the latest version of CWShredder (2.0), you've missed an important check.
__________________
" Let the music move you "
~mr mixx~ is offline   Reply With Quote
Old 11-14-2004, 07:30 AM   #4
Baseband Member
 
Join Date: Sep 2004
Posts: 34
Default Re: PopUP Problem

Make sure your messenger service is not transmitting as this will let your computer to be bombarded By “Messenger Service”.
e1cks is offline   Reply With Quote
Old 11-14-2004, 01:18 PM   #5
Baseband Member
 
smackfan76's Avatar
 
Join Date: Sep 2004
Posts: 37
Send a message via Yahoo to smackfan76
Default Re: PopUP Problem

Quote:
Originally Posted by rakedog
You seem to have a lot of weather bugs. Luckily, these should be rather easy to remove. And by the way, you never mentioned you had norton, though i see files running. If you didn't install norton, that would be a virus that acts like it's norton, and you should delete that too.

I put weather bug on there myself about 6 months ago and I havent had a problem with popups. I also put norton on myself so I dont think it's that either. Is there anything else in there that could be causing it?
smackfan76 is offline   Reply With Quote
Old 11-14-2004, 01:53 PM   #6
Fully Optimized
 
rakedog's Avatar
 
Join Date: May 2004
Posts: 2,718
Send a message via AIM to rakedog
Default Re: PopUP Problem

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

what's that?
__________________
hackthissite.org (criticalsecurity.net) | gentoo.org

The best argument against evolution are creationists themselves. They prove that life is devolving rather than evolving.
rakedog is offline   Reply With Quote
Old 11-14-2004, 05:56 PM   #7
Baseband Member
 
smackfan76's Avatar
 
Join Date: Sep 2004
Posts: 37
Send a message via Yahoo to smackfan76
Default Re: PopUP Problem

Quote:
Originally Posted by rakedog
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

what's that?
I was assuming that it had something to do with Norton System Works or Norton Personal Firewall.
smackfan76 is offline   Reply With Quote
Old 11-14-2004, 09:46 PM   #8
The Candyman
 
~mr mixx~'s Avatar
 
Join Date: Jun 2004
Location: USA
Posts: 11,310
Default Re: PopUP Problem

correct ....read this Important tip though.
__________________
" Let the music move you "
~mr mixx~ is offline   Reply With Quote
Old 11-15-2004, 01:59 AM   #9
In Runtime
 
Gary Graefen's Avatar
 
Join Date: Apr 2004
Posts: 336
Default Re: PopUP Problem

O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\gzxebv.exe



I wouldn't put it past adobe to create popups
the others in my list look suspisious.
__________________
When In Doubt-Format and start over
Gary Graefen is offline   Reply With Quote
Old 01-01-2005, 09:11 AM   #10
BSOD
 
Computergen's Avatar
 
Join Date: Dec 2004
Posts: 3,175
Default

WeatherBug is spyware not too good if you don't read the AOL Instant Messenger Install it will Install weatherbug with it unless you uncheck that.
__________________

Computergen is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:23 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0