popups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

grandpastan

Thread Starter
Joined
Jan 27, 2007
Messages
24
I was subscribed to This Site Rocks. They said I needed to install their little program to keep viewing videos. I installed it and immediately started getting popups from them. :mad: I hate popups, so immediately unsubscribed. I tried to get a hold of them to see how I could get rid of it, but no way. I don't know if it is an active x or what it is. Any help would be appreciated.
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi,

Let's have you post a log from Hijackthis and maybe we can spot anything out of place:
go to Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


Next:

Open Hijack This and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.

You can add the list to a new reply here, or Edit your post and throw it in just after you post the HJT log
 

MysticEyes

Banned
Joined
Mar 30, 2002
Messages
4,825
grandpastan said:
I was subscribed to This Site Rocks. They said I needed to install their little program to keep viewing videos. I installed it and immediately started getting popups from them. :mad: I hate popups, so immediately unsubscribed. I tried to get a hold of them to see how I could get rid of it, but no way. I don't know if it is an active x or what it is. Any help would be appreciated.
Did you look in Add/Remove to uninstall?
 

grandpastan

Thread Starter
Joined
Jan 27, 2007
Messages
24
Here is the uninstall list

12Ghosts Password
7-Zip 4.42
Abassis Work Desktop 1.0
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
AI RoboForm Adapter for Firefox/Mozilla/Netscape
AJScreensaver
Alt-Tab Task Switcher Powertoy for Windows XP
AnalogX ITR Client
AnswerMyPhone
Apple Software Update
ASUS Enhanced Display Driver
ASUS SmartDoctor
ASUS VideoSecurity Online
AsusUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI Parental Control & Encoder
AttachmentOptions
AVG Free Edition
BitTorrent 5.0.3
BrowserTraySwitch 1.02.01
Browster
Bubbles
ButtonMonitor
CardRd81
CCScore
Celestia 1.3.2
CmdHere Powertoy For Windows XP
CR2
Creative PC-CAM Center Lite
Creative WebCam Monitor
Creative WebCam NX Driver (1.02.01.0827)
Creative WebCam NX User's Guide (English)
Cute Reminder Standard Edition 2.3
DesktopEarth
DFX for Windows Media Player
DirMS-S
Diskeeper Administrator Edition
Dr Watson for Microsoft Windows OneCare Live v0.9.0944.26
eCleaner 2.02
eGames GameButler
EPSON Printer Software
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
ESSvpaht
ESSvpot
FastStone Capture 4.2
FileBox eXtender
Foxit Reader
Free Download Manager 2.0 - Free Downloads Center Edition
FreshDownload
FW LiveUpdate
Google Desktop
Google Earth
Google Pack Screensaver
Google SketchUp
Google Talk (remove only)
Google Updater
GTK+ 2.6.9 runtime environment
Hijackthis 1.99.1
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914811)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Humanized Enso
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_07
JGoodies JDiskReport 1.2.4
jv16 PowerTools 2006
Kodak EasyShare software
KSU
Launchy 1.0 Beta
LinkScanner
MahJongg Master 6
Messenger Plus! 3
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mihov Image Resizer (remove only)
Mozilla Firefox (1.5.0.9)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MusicIP Mixer 1.6
mvi
My Key Ring!
Nero Suite
Notepad2 1.0.12
Notifier
Nvu 1.0
OfotoXMI
OTtBP
OTtBPSDK
Paint.NET v2.63
Panda ActiveScan
Password Safe
PC Inspector File Recovery
PC Inspector smart recovery
Photo Story 3 for Windows
Picasa 2
PocketKnife Peek 1.2
QuickTime
RadarSync 2007 Standalone (remove only)
Really Slick Screensavers 1.0
Remind Me Attachments
Safarp
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
SFR
SFR2
SHASTA
Shavlik NetChk Protect
SHOUTcast Source DSP 1.9.0 (remove only)
SKIN0001
SKINXSDK
SlimBrowser (remove only)
Sokoban YASC
SoundMAX
SpamBayes 1.0.4
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Streamload Uploader (remove only)
Sunbelt CounterSpy
TOD 072006
Trogladite Software SendTo 1.6
Tweak UI
U.S. Robotics Modem Identification Wizard
U.S. Robotics V.92 Fax Host Int
Unlocker 1.7.9
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VIA Integrated Setup Wizard
VIA Rhine-Family Fast Ethernet Adapter
VPRINTOL
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WIRELESS
Word Connect
Xdrive Desktop
ZoneAlarm
 

grandpastan

Thread Starter
Joined
Jan 27, 2007
Messages
24
Here is the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:00:58 PM, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program files\Nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ATKKBService.exe
E:\PROGRA~1\Security\avgamsvr.exe
E:\PROGRA~1\Security\avgupsvc.exe
E:\Program files\Diskkeeper\DKSAdmin.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrSII1s.exe
E:\Program files\NetChk\5.6.0.446\HfNetChkProService.exe
E:\Program files\PhoneTray\PhoneTray.exe
E:\Program files\Security\CounterSpy\SBCSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program files\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\taskswitch.exe
E:\Program files\Security\ZoneAlarm\zlclient.exe
C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe
E:\PROGRA~1\Security\avgcc.exe
E:\Program files\Security\CounterSpy\SBCSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
E:\Program files\Calendar\CuteReminder\CuteReminder.exe
C:\Program Files\HumanizedEnso\Enso.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Launchy\Launchy.exe
E:\Program files\Microsoft\DesktopEarth.exe
E:\Program files\FileBX\FileBX.exe
E:\Program files\Internet\AnalogX\ITR\itrc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Hardware\Keyboard\Type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Media Player\wmplayer.exe
E:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerConnect.exe
E:\Program files\Internet\FreshDownload\fd.exe
E:\Program files\Microsoft\Office\WINWORD.EXE
E:\Program files\Security\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.ec.gc.ca/city/pages/sk-41_metric_e.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: DeskalertsBHO - {1F101905-C9C7-4b92-BDE6-4F8E76C5A7DB} - C:\WINDOWS\system32\Deskbar\deskbar.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\PROGRA~1\Internet\FRESHD~1\fdcatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DeskalertsBHO - {67A8D847-B79F-403e-8D2B-D2CADE3A967F} - E:\Program files\Web\DeskAlerts\deskbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: BrwIEConnector Class - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - E:\Program files\Browster\Browster.dll
O2 - BHO: (no name) - {FF344242-A1AF-4343-A223-FC3DA42990C8} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - E:\PROGRA~1\Internet\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program files\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program files\Security\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LinkScanner Monitor] C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe /auto
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Security\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SBCSTray] E:\Program files\Security\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program files\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CuteReminder] E:\Program files\Calendar\CuteReminder\CuteReminder.exe
O4 - HKCU\..\Run: [HumanizedEnso] C:\Program Files\HumanizedEnso\Enso.exe --disable-monologue-boxes
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: BrowserTraySwitch.exe
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Startup: FileBox eXtender.lnk = E:\Program files\FileBX\FileBX.exe
O4 - Startup: ITR Client.lnk = E:\Program files\Internet\AnalogX\ITR\itrc.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: Browster Prefetch On/Off - res://E:\Program files\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program files\Security\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program files\Security\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program files\Security\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program files\Security\Free Download Manager\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save to &Xdrive - res://E:\Program files\Internet\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bubble This URL - {A3A0268C-3146-431d-84EE-2789B750ABD2} - E:\Program files\Internet\Bubbles\BubblesHBO.dll
O9 - Extra button: FreshDownload - {A4ED4E4A-B200-4D7F-B951-BD5968E4B53E} - E:\Program files\Internet\FreshDownload\fd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D3E479-CC68-42B5-A338-938ECE35F419} - http://laughnetwork.com/installer/videos/new_videos.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Security\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Security\avgupsvc.exe
O23 - Service: DirMS_Defragmentation - Unknown owner - E:\Program files\Tools\DirmsService.exe
O23 - Service: Diskeeper Administrator - Diskeeper® Corporation - E:\Program files\Diskkeeper\DKSAdmin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program files\Nero\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NetChk Patch Service (NetChkPatch) - Unknown owner - E:\Program files\NetChk\5.6.0.446\HfNetChkProService.exe
O23 - Service: PhoneTray - Unknown owner - E:\Program files\PhoneTray\PhoneTray.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software, Inc. - E:\Program files\Security\CounterSpy\SBCSSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, I've checked on all the programs you use, and the only thing that would produce popups, is MessengerPlus3, which can install the LOP bundled sponsor software, which is adware and does give popups...but it does not appear in your log at all, and when it is, it is plainly seen so I think you were careful installing MessngerPlus,and opted out of the sponsor software, that is the right thing to do.

One other it could be coming through is Windows Messenger
which is an old part of Windows, that pops up messages between networked office type computers, it is not the same as MSN Messenger so dont confuse it.

We can disable the Windows Messenger this way:

http://www.grc.com/stm/shootthemessenger.htm

Read down the page, it's interesting.....under the picture of Shoot the Messenger there is a little blue link Click this Link

That's the download, just double click to run and follow the prompt.

let us know if the popups stop.
 

grandpastan

Thread Starter
Joined
Jan 27, 2007
Messages
24
I do have Windows messenger disabled. And yes I made sure to not allow other things with messenger plus.
 

grandpastan

Thread Starter
Joined
Jan 27, 2007
Messages
24
I did get popups as soon as I booted up today again. Is it likely an active x or bho?I thought IE7 had a place to manage active x to allow or disallow, but I can't find it.
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, I took a look at This Site Rocks and as soon as you click on one of their pictures, it starts an Active X install, though I tested the site with McAfee's Site Advisor and everything was OK'd by them.

The laughnetwork site is one they link to and use for videos....
I don't see any other of the ones in your HJT log, so it appears it is:

O16 - DPF: {B7D3E479-CC68-42B5-A338-938ECE35F419} - http://laughnetwork.com/installer/videos/new_videos.cab


Run Hijackthis, in your scan window find the box next to the same item as I have above, when you have it checkmarked CLOSE ALL other open or minimized windows, including this one! Leave nothing but Hijackthis open, and click "Fix Checked" Hope that does it!
 

grandpastan

Thread Starter
Joined
Jan 27, 2007
Messages
24
Hey Byteman
I followed your instructions on removing that entry from the registry. It came up today again. Any other ideas?
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, No, unfortunately, if the things you have tried do not end the popups,and you cannot block them then you are kind of at a standstill. Have you tried blocking them in IE 7 or with any other popup blocking things? Google Toolbar, Yahoo toolbar, and many other 3rd party apps can block selected popups.

Other than that, a System Restore to before you installed that Active X or whatever it was, might fix it the easiest.

Exactly what was it that came up today? Popups from This Site Rocks, or what from where?
 

Soxaholic

Banned
Joined
Jan 31, 2007
Messages
69
Use firefox as your browser and install the extension filtersetg. I haven't see a popup in 2 years.
 

grandpastan

Thread Starter
Joined
Jan 27, 2007
Messages
24
It is a 3x3 in box above my tray with links to videos to watch. Soxaholic suggests using FF,but my browser doesn't even need to be open.
 

MysticEyes

Banned
Joined
Mar 30, 2002
Messages
4,825
grandpastan said:
It is a 3x3 in box above my tray with links to videos to watch. Soxaholic suggests using FF,but my browser doesn't even need to be open.
Like this:

 

grandpastan

Thread Starter
Joined
Jan 27, 2007
Messages
24
Very much like that, but no identification on it of any kind. Just links to videos.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top