Toolbar pop up

Hi All
For about the last week I keep getting this little window that opens up then closes in my toolbar next to the Welcome to MSN , I tried to get a print screen of it but it won't show up on a print screen. It pops up every 10 or 15 minutes or so.
I did right click on it and got a minimize, maximize window and when I clicked on Maximize this window opened from University of Phoenix online. My pop up guard does not display a pop up blocked.
See Attachments.

Is there a way I can put a stop to this happening?
Thanks
Geri

 

Hi Geri,

I don't know if you have already done this, but you'll need to run some programs to check your system. Not one program will take care of all problems, so you'll need a few. I use Norton to Check the entire (everything) in your system. You could try AVG from Grisoft instead. If nothing has been detected here, download Adaware from lavasoft.com and Spybot S&D, and these will definitley fix it. Make sure you have all the latest updates. Remember too, if you don't get a fix on it straight away, a fix is pretty near. Generally the virus protection companies are about two to three days behind. So if you can't fix it now by running these programs, an update should be available within the next few days, from any four of these programs. Hope this helps.

 

Hi radiogold
I ran all the scans, I came up clean and still getting the pop up?

The add does not appear, just the window in my toolbar that opens then closes. It's "like" when you click on a link in your browser and a new window opens, only this stays for less then a second then closes.
Geri

 

Hi
OK, seeings as someone Kicked me over to this thread I'll post a HJT log to see if that might help

Logfile of HijackThis v1.99.1
Scan saved at 6:52:16 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\VTTimer.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\Owner\My Documents\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe "
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118491284798
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {F461205D-ABDC-42FE-B2E2-AFD4600B905E} (MASHControl Class) - http://www.amiuptodate.com/vsc/mvt/bin/1,0,0,7/mash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

 

Maybe you are getting it from this. This isn't anything like spyware or adware, a nuisance for some.

C:\Program Files\MSN\MSNCoreFiles\msn.exe

More on this file here.
http://www.liutilities.com/products/wintaskspro/processlibrary/MSN/

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

It either is a useless thing from MS, or a baddie. I think it is the useless thing at this point. I am not real familiar on how MSN Messenger works, but maybe it is starting it up as I do not see a startup for it.

 

Hi Mark
So what do you think I should do? Fix those with HJT?
I removed the MSN search toolbar from my IE browser even though I use MSN Explorer, Still get the pop-up in my toolbar.
I've had MSN messenger for a long time (Version 7.5 beta) and this never happened before.
The only recent downloads I've done are "Start-up control panel by Mike Lin and his Startup monitor ".
I guess I will remove them and see if it keeps happening??
I'll post back to let you know.
Geri

 

bump, same problem as tonyr

 

Hi
Sorry to bump this back up, but it is really starting to bug me.
Is there any free download that will monitor my PC and could tell me what is opening and closing?
I have tried turning off my AV and messinger and MS antispyware to see of it was one of them causing this. But with each one off I still get the opening and closing of something??
I do see that it is only when I'm online.
Anybody??
Geri

 

hello. I can maybe give you some help on this 1.
this is some information for you and you can decide what works for you.
As markp62 said:

I believe that you can shut it down from running and still use the MSN premium browser. I cant say for sure but im pretty sure. you could try shuttin it down and if your MSN browser doesnt work, fire it back up if you insist on useing that browser. I still have msn Premium browser but cant use it without MNS messenger. I use an all in 1 messenger that uses less resources than either MSN or Yahoo.(I used to have both of them also) and it doesnt come with anything extra attached. I access email with Outlook. enables of all office components with the email. much more robust program once you get used to it.
however I would venture to say that this is 1 of the issues. at least the 1 you are noticing anyways.
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
and this is a broken link.(MSN Messenger 7.5)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
>>> even with this your messenger will still work but it should be fixed.
you might consider using Opera 8.5 as your main surfing browser and IE as you online scans and windows update utility.
Opera 8.5 has NO adware/spyware with it. it is completely clean and is much more secure than any of the others.
you can then convert to a free, slimline and clean IM program that works perfectly with all the services. more features and much and all to.
Just a thought for you to think about.
you should also fix these even though they dont "appear" to be bad. could be helping the problem:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Next you need to know about this:
C:\WINDOWS\ALCXMNTR.EXE (stop process 1st with task manager)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE (2nd fix this with HJT before restarting your computer. dont wait too long it might fire itself back up)
*** Realtek AC97 Audio - Event Monitor. alcxmntr.exe is installed alongside hardware drivers for the Realtek AC97 audio device. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers.

you should check out this article > http://www.pcworld.com/news/article/0,aid,123265,00.asp
here is a quote from it:
Both MSN Messenger 7.5 and Yahoo Messenger 7 with Voice install browser toolbars, change your home page, and alter Internet Explorer's default search settings. Both programs add the toolbars and make these changes when you opt for the default installation settings, but they permit you to customize your installation by deselecting some of the extraneous apps during setup.

Yahoo definitly gives a cold to peoples pc's. such as alexa toolbar. I have google toolbar strait from google and it is clean. yahoo with "anti-spy" (yeah right) gave me the alexa toolbar along with it. it is mixed in with the yahoo so you wont notice.

you should check out this article also > http://www.dslreports.com/forum/remark,10399574~mode=flat

Also, Real player is BAD about "phoning home" without you knowing about it. If you like the program and want to keep it I would suggest you do the following:
Open up RealPlayer. under tools > prefrences. click the plus sign next to automatic services. then click on automatic services. remove any checkmarks in any of the boxes.
then click on auto update and make sure there is no checkmark in the box next to automatically download.
Now click on the plus sign next to connections. then click on Internet/Privacy. remove any checkmarks in any of the boxes.
click on OK and close RealPlayer.
this wont stop all of it when you have it running but at least they cant monitor you when it is off.
then fix this with HJT before you restart your computer:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

then as a bonus (LOL) im gonna let you in on some performance things (and minor security) you could do.
if you dont use visual basic you should shut this down:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
and you should never have added programs do auto updates. especially if they start at startup. they will check for updates when you use the program.
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
If you updated you should uninstall previous. dont know why both of these would be running unless you use both. otherwise fix first 1 with HJT.
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
and if you dont have any hot keys programmed into your keyboard, you should shut this down also:
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
Dont know personally but you should check to make sure exactly what each of these do. make sure they are not doing the same things. if so disable features in 1 that the other is doing. then you could keep both unless you notice some other issue going on. you would be supprised at what the issue might be. besides the fact that I dont recommend running 2 apps doing same job. could cause conflicts. (most of the time unknown by user until too late)
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\SpywareGuard\sgmain.exe

then there is a couple other things I need to research. I will let you know what I find out.

Here is an example for you regerding the performace things: I have an Intel Pentium D with onboard gigabit LAN and run a 4 - 250GB HDD SATA 2 set configured into 2 RAID arrays (each array uses all 4 drives) and have a 160 GB hard drive allocated for backups plus a wireless network card that is running at full direct plugin cable speed, an HP PSC 1510xi (print, scan, copy) and alot of other goodies I wont go into cuz the list gets long. but I will run HJT right now and post my log for you to compare.
I hope this helps you out.

 

My HJT for you to look at

as I said ,here you go.
Logfile of HijackThis v1.99.1
Scan saved at 4:58:17 AM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonalPremium\AVGNT.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\AVPersonalPremium\AVWUPSRV.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRAM FILES\AVPERSONALPREMIUM\AVGUARD.EXE
C:\Program Files\AVPersonalPremium\AVESVC.EXE
C:\Program Files\AVPersonalPremium\AVMAILC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonalPremium\AVGNT.EXE /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing >>>(this is my AV Guard)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133472638362
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - AntiVir PersonalProducts GmbH. - C:\Program Files\AVPersonalPremium\AVMAILC.EXE
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - AntiVir PersonalProducts GmbH - C:\PROGRAM FILES\AVPERSONALPREMIUM\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVE Service (AVEService) - AntiVir PersonalProducts GmbH - C:\Program Files\AVPersonalPremium\AVESVC.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonalPremium\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

More Info for you

Here is more info for you. As I said in my 1st reply to your posting, I am only trying to give you info so you know what is going on with your PC even if you do manage to get the Popups to stop. Everything is at your discretion. I believe the popup has to do with the HP AutoTBar. Or a combination of the MSN core files, the ST addon in the toolbar and the HP hotbar.
this is only my opinion. Forgot to mention that my printer also has the digital imaging thingy. (LOL) and is pictbridge enabled. and I run Office XP. the more you have running full time the slower you go and the more likely you are to run out of resources at the most in-opportune times. Most apps will work automatically when you start a program and shut down when you close it.
Anyways, here you go:

O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
>>> autotbar.exe is a process belonging to the HP AutoView Internet Explorer Toolbar. This is a non-essential process. Disabling or enabling this is down to user preference. If you disable the HP VIEW toolbar in IE and rarrange the toolbars on a reboot they will be back as they were before if this is left enabled. it is unnecessary to run this program automatically when Windows starts as you can run it manually when necessary.
Do not use under any circumstance in a business environment. The first time we came across HotBar we were trying to solve slow Internet Explorer loading and sluggish Internet Access Performance, in addition to unexplained crashes of the PC. There is no doubt that having HotBar installed does make your browser pretty; however, after first investigating everything else, we eventually told the user we would have to de-install HotBar to see if that cured the problems. It did ! Further investigations of the version of HotBar we were using then also showed that this process accesses the Internet when you are connected, and it constantly communicates back to a specific IP address. This activity is explained when one takes the time to read the License Agreement which states, unequivocally, "Hotbar collects and stores information about the web pages you view and the data you enter in search engine search fields while using the software. Hotbar uses this information to determine which ads and buttons to display on your hotbar toolbars and which ads to show in your browser ". In short, this is what we call adware. This alone explains the sluggish Internet performance of a PC when HotBar is installed, as any software which connects back to ad servers and then pulls up ads, automatically decreases Internet browsing performance. For all these reasons our recommendation is that you do not use HotBar.

O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
>>> HP Digital Imaging Component. backupnotify.exe is a process associated with the HP Digital Imaging application. What does it do and is it required?
the status of this entry is unknown at this time and more research is necessary.

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
>>> Multimedia Keyboard Manager found on HP and Compaq PCs and laptops (Compaq is owned by HP). This task enables the user to configure and/or use the configurable keys on the HP keyboard, such as Internet, Email, Wordprocessing keys, Volume Control, keyboard shortcuts to specific websites, etc...
Down to end-user preference. If you do not use the multimedia and configurable keys on your keyboard, then disable this task. Otherwise, for those who do need to have KBD running, be mindful that there is a history of problems with KBD. Most of those problems occur when the user has to do a System Recovery, occasionally when the user has to do a System Restore, and almost every time that Microsoft issues a major Service Pack such as, for example, XP SP1 and XP SP2. When it is the latter, to their credit HP are quick in producing a fix, so simply visit the HP site for fixes to the multimedia keyboard software if you have problems with KBD. When there are problems they range from KBD errors on boot-up or shutdown, or software crashes when using the HP Media Center software, to sluggish PCs as a result of "KBD using upwards of 50% of all your resources ".
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
>>> you might check out the "Spy Sub" listing on this page. http://www.answersthatwork.com/Tasklist_pages/tasklist_s.htm
I know of others that have had the same type of problems that is listed on this page.

All I have been able to figure out about this entry is that it is listed in the active X area. You might want to check it out and find out exactly what it does and if you need it.
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB

Also, McAfee Personal firewall is basically a beefed up windows firewall. quite good at keeping things out when properly configured. has no outbound protection though.
I dont know if any of this stuff helps you out but I hope you get it figured out and get the popup to stop.

 

Hi mrsmith
This was no longer there, I had deleted MSN Toolbar.
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
Fixed these,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

These, One is for my Digital Camera, The other for my Printer I believe,
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

This has been on my systen from day one, so I don't believe it is causing the problem.
C:\WINDOWS\ALCXMNTR.EXE

I know messenger is not the best IM, But I have a lot of contacts that use it, and so I don't really want to delete it
Realplayer was part of my OME, and I never went through the set up for it, I never really use it so I deleted it.

Watching task manager I seen that my processes go up by two when this happens.
This one comes up...
HPOSM.EXE
And this one when I get the open and closing of the window in my taskbar...
Hptskmgr.exe
I'm going to do a search and see what I come up with.
Geri

 

Hi mrsmith
Thanks for the info.

Here is some I found out about Hptskmgr.exe I have stopped it from running in msconfig, I'll see if the pop-ups stop.
http://castlecops.com/postp678288.html

Geri

 

Hi mrsmith

I don't have SpySubtract on my system that I know of? Or anything from Trend Micro.
So where is this coming from?

.
Really? It notifies me when programs try to access the internet and then ask if I want to grant them access or not?
It is free with my MSN.

Geri

 

your process'

1.) C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
*** Still looking *** NO DATA AT ANY PROCESS DATABASES SO FAR ***

2.) C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
Process File: hptskmgr.exe
Process Name: HP Task Management Component
Description: hptskmgr.exe is a process associated with the Task Management Component included in the coretech software from HP. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems.

 

Hi mrsmith

Is a part of hpcoretech and hptskmgr.exe according to a Google search.

Don't know if it's causing problems? But I don't like it, I will check for updates manually, Don't need to check every 15 minutes
Geri