-
January 30th, 2004, 07:00 PM
#21
i have Mcafee AV....and the EXACT error msg is this. it is at the bottom left hand corner of my screen right next to the little "E" looking thing in IE. it says " this window contains popups" and thats it. but, it wont let me open anything. and as hard as i look i cant find ANY pop up software on my pc..... i have run virus scan and adaware.... it came up with nothing.
-
January 30th, 2004, 07:10 PM
#22
here is my processes
tartupList report, 1/30/2004, 12:15:03 PM
StartupList version: 1.52
Started from : C:\Documents And Settings\Tyler\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Tyler\My Documents\New Folder\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\DOCUME~1\Tyler\LOCALS~1\Temp\ICD2.tmp\jinstall.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Documents And Settings\Tyler\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\DOCUME~1\Tyler\LOCALS~1\Temp\jinstaller142_03.exe
C:\DOCUME~1\Tyler\LOCALS~1\Temp\Jav1A.tmp.exe
C:\WINDOWS\System32\MSIEXEC.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MsmqIntCert = regsvr32 /s mqrt.dll
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
stcloader = C:\WINDOWS\System32\stcloader.exe
CleanUp = C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AIM = C:\Documents and Settings\Tyler\My Documents\New Folder\AIM\aim.exe -cnetwait.odl
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
(Default) =
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssflwbox.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Kontiki\bin\bh309190.dll (file missing) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
PopStop - C:\Documents And Settings\Tyler\Local Settings\Temporary Internet Files\Content.IE5\CJ8LS5C7\PopStop[1]\PopStop.dll - {20988EDF-4CB5-4083-9829-262BBFD0CD52}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Disk Cleanup.job
Disk Defragmenter.job
McAfee.com Scan for Viruses - My Computer (T-3S73WVAPQZL94-Tyler).job
McAfee.com Update Check (T-3S73WVAPQZL94-Jason).job
McAfee.com Update Check (T-3S73WVAPQZL94-Tyler).job
--------------------------------------------------
Enumerating Download Program Files:
[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\System32\macromed\Shockwave 8\Download.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab
[{26E8361F-BCE7-4F75-A347-98C88B418322}]
CODEBASE = http://dst.trafficsyndicate.com/Dnl/T_92/QDow.cab
[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yahoo.com/dl/installs/yinst0309.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB
[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\System32\mcinsctl.dll
CODEBASE = http://bin.mcafee.com/molbin/shared/...4/mcinsctl.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://207.188.7.150/10ba2a205546f82...p/RdxIE601.cab
[{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
[{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}]
CODEBASE = http://toolbar.google.com/data/GoogleActivate.cab
[InstallShield International Setup Player]
InProcServer32 = c:\windows\downlo~1\isetup.dll
CODEBASE = http://www.installengine.com/engine/isetup.cab
[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.co...7896.856400463
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab
[SysWebTelecomInt Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SYSWEB~1.DLL
CODEBASE = http://www.sponsoradulto.com/SysWebTelecomint.cab
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\System32\upnpui.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
--------------------------------------------------
End of report, 7,553 bytes
Report generated in 0.172 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
-
January 30th, 2004, 07:17 PM
#23
PopStop - C:\Documents And Settings\Tyler\Local Settings\Temporary Internet Files\Content.IE5\CJ8LS5C7\PopStop[1]\PopStop.dll - {20988EDF-4CB5-4083-9829-262BBFD0CD52}
what is that?
-
January 30th, 2004, 07:18 PM
#24
Hi
Here it is:
Enumerating Browser Helper Objects:
PopStop - C:\Documents And Settings\Tyler\Local Settings\Temporary Internet Files\Content.IE5\CJ8LS5C7\PopStop[1]\PopStop.dll - {20988EDF-4CB5-4083-9829-262BBFD0CD52}
Try http://www.winpatrol.com
Get the software and load/run it...........the second tab is something like "IE Helpers" Get rid of PopStop.
It is a BHO (Browser Helper Object) that is doing it
Cheers
EDIT: I just checked the site and the software is now up to v6.5 It is free.
Texan, just a word of advice, you need to keep an eye on BHOs and the Windows "Hosts" folder as this is where some ad/spyware likes to hide, and is generally missed by the traditional scanning software.
-
January 30th, 2004, 07:20 PM
#25
THANK YOU!!!!!!!!!!!!!!!! THANK YOU ALL!
-
January 30th, 2004, 07:22 PM
#26
how did that get installed on my system though?
-
January 30th, 2004, 07:37 PM
#27
Originally posted here by The Texan
how did that get installed on my system though?
From our good old friends at internet.com (Jup Media)
SBC Yahoo! Joins Anti-Pop-Up Crusade
http://www.internetnews.com/IAR/article.php/3077951
Could be part of the software you installed?
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
January 30th, 2004, 07:38 PM
#28
The Texan,
BHOs tend to be loaded when you visit a website...........you know like they prompt you to get Adobe Acrobat or whatever.
BHOs tend to be very small, they are effectively plug ins to the main browser software.
If you run advert blocking software this may have loaded at the same time.
Hard to tell where you actually got it from, if I had physical access to your machine for a couple of hours I might just be able to narrow it down
It does not appear to be a "bad guy" I think it is a control tool with the rules set too tight?
Cheers
-
January 31st, 2004, 10:18 AM
#29
Senior Member
there is something that bothers me. Take a look at this listing
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MsmqIntCert = regsvr32 /s mqrt.dll <---- I don't like this entry
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
stcloader = C:\WINDOWS\System32\stcloader.exe <---- I don't like this entry
CleanUp = C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
there are two startup entries that I don't like... any suggestions what it is? Is it safe to delete them?
Ikalo
------
Make your knowledge your deadliest weapon.
-
January 31st, 2004, 01:05 PM
#30
MsmqIntCert = regsvr32 /s mqrt.dll <---- I don't like this entry
Microsoft Message Queue Server (MSMQ) 1.0
found here http://support.microsoft.com/default...nt=1#appliesto
[quote]stcloader = C:\WINDOWS\System32\stcloader.exe <---- I don't like this entry[quote]
Could be a parasite (spyware)
Check here http://www.liutilities.com/products/...ary/stcloader/
But if yo go to the next link it is clasified as a Virus.... about time Parasite software was classified as Malware... oh the link here: http://www.viruslist.com/eng/viruslist.html?id=815149
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|