Please help me!

Toggle sidebar Toggle sidebar
S

Stewby

Member
Nov 11, 2004
38
0
0
I've got an exitexchange.com popunder that I'm not sure how to get rid of. I have WinXP SP2 with popup blocker on, I guess it doesn't work on popunders tho. I've done a few searches for removal tools on Yahoo! but haven't found anything.

Could you guys please help me? I have Ad-aware SE Personal but it hasn't removed it either.

Thanks
 
D

DaveSimmons

Elite Member
Aug 12, 2001
40,730
670
126
Did you read and follow the instructions linked to in the Adware/Spyware thread at the top of this forum? (thread #5)
 
S

Stewby

Member
Nov 11, 2004
38
0
0
Yes, I just did. The exitexchange.com popunder is still present.

I downloaded/installed/and ran:
CWShredder
HiJackThis
AntiVir XP

CWShredder found no problems. Nothing stood out to me in HiJackThis. AntiVir XP only found two small problems, which were fixed. My WinXP messenger service is also disabled.

Here is my HiJackThis log:
Logfile of HijackThis v1.99.0
Scan saved at 11:06:27 PM, on 12/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\UGSPLM\I-DEAS11\sec\lmgrd.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
C:\WINDOWS\runservice.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe
C:\UGSPLM\I-DEAS11\sec\eds_id11.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\UGSPLM\I-DEAS11\ideas\ideas.exe
C:\WINDOWS\system32\cmd.exe
C:\UGSPLM\I-DEAS11\ideas\bridge.exe
C:\UGSPLM\I-DEAS11\geo\geomod.exe
C:\UGSPLM\I-DEAS11\oarun\dpsmgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\System32\kbdgae.exe
C:\WINDOWS\System32\winpack.exe
C:\Documents and Settings\Stewy\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kbdgae] C:\WINDOWS\System32\kbdgae.exe
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - <a target=_blank class=ftalternatingbarlinklarge href="https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?1&amp;4&amp;04.00.07.02&amp;unknown&amp;unknown&amp;http://www.scion.com/scionConfigApp/scion/viewsection.jsp?forceLoad=1">https://components.viewpoin......on.jsp?forceLoad=1</a>
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.com/78/html/gtdownlr.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.73.downloa...1102470477593OneCC.cab
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: I-DEAS License Manager 11.0 - GLOBEtrotter Software Inc. - C:\UGSPLM\I-DEAS11\sec\lmgrd.exe
O23 - Service: IT iona_services.config_rep.stewy-vt37oggdq cfr-MyDomain - IONA Technologies - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
O23 - Service: IT iona_services.locator.stewy-vt37oggdq MyDomain - IONA Technologies - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe
O23 - Service: IT iona_services.naming.stewy-vt37oggdq MyDomain - IONA Technologies - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe
O23 - Service: IT iona_services.node_daemon.stewy-vt37oggdq MyDomain - IONA Technologies - C:\UGSPLM\I-DEAS11\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe
O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe

 
warcrow

warcrow

Lifer
Jan 12, 2004
11,078
11
81
Hrm, anyone else not find anything odd about the hijack log?


Stewby, do this:

- Download and update the following apps: Spybot Search and Destroy, Adware SE (you already have, but be sure to update it), and Spywareblaster
- Reboot into safe mode.
- Run all 3 applications.
- Boot back into windows and see if you have the same issue.
- Report back here with what happens.
 
S

Stewby

Member
Nov 11, 2004
38
0
0
Ok, I'm currently downloading the new programs. Adaware SE and AntiVir are both up-to-date.

What did you find odd about my hijack.log?
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom