Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Annoying Little Popup [RESOLVED]


  • This topic is locked This topic is locked

#31
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Eneoecu,

I believe that the problems with your computer are due to the K2 - KeyAuditor/KeyServer" software from Sassafras Software. However, to narrow the cause of your computer problems even further, I provided some optional fixes for you to look at.

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

Optional Fixes

Dear Eneoecu, the following lines are optional fixes to stop unnecessary programs from running on startup, which may increase computer system performance. I highly recommend you to fix these items:

Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again. If you use this feature then don't fix this line.

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

Updreg.exe - Reminder to register Creative Labs SoundBlaster Live! cards. If you want this feature then don't fix this line.

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

qttask.exe - This is is a task tray icon which is used as a shortcut to a number of QuickTime related features. You really don't need this in your system tray. It is safe to remove this from your startup. QuickTime's most common purpose is for watching movies commonly in the .mov format. Please fix this line, because this program can be run other than in startup and this will increase the performance of your computer.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

CTEaxSpl.exe - Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard. If you want this feature then don't fix this line.

O4 - HKLM\..\Run: [CTStartup] "C:\PROGRA~1\Creative\SPLASH~1\CTEaxSpl.EXE" /run

hpcmpmgr.exe - Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can\'t shutdown the computer because hpcmpmgr.exe can\'t be ended". Please fix this line, because this program can be run other than in startup and this will increase the performance of your computer.

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

Atiptaxx.exe - Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings. Please fix this line, because this program can be run other than in startup and this will increase the performance of your computer.

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

HPWuSchd2.exe - HP software updates. If a shortcut doesn't exist, create your own and run it manually. Please fix this line, because this program can be run other than in startup and this will increase the performance of your computer. If you want this feature then don't fix this line.

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

realsched.exe - The Real Player automatic update utility. It has no real functional purpose. I would certainly stop this from running on startup. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK. In addition, see this important link: http://www.help2go.c...article&sid=211. If you want this feature then don't fix this line.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

aim.exe - AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs. Please fix this line, because this program can be run other than in startup and this will increase the performance of your computer.

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

steam.exe - Valve Software's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life, Counter-Strike, and Counter-Strike: Condition Zero are all being made available through Steam. Steam games are automatically kept up-to-date with the latest content and revisions. Steam also includes an instant-message client which even works while you're in-game. Can be started manually. Please fix this line, because this program can be run other than in startup and this will increase the performance of your computer.

O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent

Adobe Gamma Loader.exe - Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. If you want this feature then don't fix this line.

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Osa9.exe - Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required - Note: if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show. If you want this feature then don't fix this line.

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
*****************

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Restart your computer and post a new HiJackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :tazz:
  • 0

Advertisements


#32
Eneoecu

Eneoecu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
I could see a little difference in during the start up. It booted up a little quicker, and for some reason, I didn't get the pop up at the begining of start up. :tazz:

Hopefuly what you have had me do has fixed this little problem!! I'll keep a look out for the pop up, and let you know if I see it again.

Logfile of HijackThis v1.99.1
Scan saved at 6:32:55 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\keyacc32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sandy Bridgers\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecu.edu/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com...did/BoardID.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O20 - AppInit_DLLs: KATRACK.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#33
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Eneoecu,

Optional Fixes

Extra Information

To prevent AIM from running when windows starts up. Start the AIM application, head to the preferences dialog box by selecting "My AIM", "Edit Options", "Edit Preferences" (in AIM 3.0 and earlier, use File, My Options, Edit Preferences), under category list box, choose the "Sign On/Off" item, this should bring up the "Sign On/Off" pane. Under the "Sign On" section at the top, uncheck "Start AIM when Windows starts."

Please Restart your computer.

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Restart your computer and post a new HiJackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :tazz:
*****************

Dear Eneoecu, that is good news, I will keep this thread open a few days and then I will post to you a "prevention speech" and close out this thread. :)
  • 0

#34
Eneoecu

Eneoecu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Rambro,

I'm going to keep AIM at the start up!

And thanks again for all the help! :tazz:
  • 0

#35
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear Eneoecu, :)

Your HijackThis log is clean. :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Hopefully this should take care of your problems! Good luck. :)
  • 0

#36
Eneoecu

Eneoecu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Everything is still going good, and the problem hasn't come back. Thanks again Rambro!
  • 0

#37
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP