Unknown program trying to access my Outlook email addresses

Please follow the below steps exactly:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Are you sure your problem is not related to something you installed. Like:

Code:

[size=4][color=#000000]Qoeloader - Qoeloader.exe - Process Information[/color][/size]
[size=2][b]Process File: [/b]Qoeloader or Qoeloader.exe
[b]Process Name: [/b]Qurb AntiSpam
 
[b]Description:[/b]
Qoeloader.exe is a process belonging to Qurb AntiSpam, an anti=spam application
for Outlook Express which blocks un-solicited advertising e-mails. This program 
is a non-essential process to the running of the system, but should not be 
terminated unless suspected to be causing problems.
[/size]

Now run the steps below.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {E32E0E42-0D5D-41CE-8B98-99D6FC57E32D} - C:\WINDOWS\System32\adpibbb.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://www.bn.com
O15 - Trusted Zone: www.menshealth.com

And if you do not recognize the below 016 line, fix it too.
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://adventsoftware.webex.com/client/v_mywebex/event/ieatgpc.cab

After clicking Fix, exit HJT.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

I would not say yes to anything vague message like that. If it does not report the exact file name that is trying to access you email addresses, you should say NO!

Next time before running Outlook, do the below.

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\Program Files\Qurb\QSP-3.0.311.3\QOELoader.exe

Now exit HJT and run Outlook. Do you still get the popup messages?

If the answer is yes, run the below steps:

Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report. And tell me if you are still having any problems.

 

The file found by Ewido appears to be a valid file as shown below. They probably noticed that it is some form a dialer and keyed on that.

Process File: conmgr or conmgr.exe
Process Name: Internet Access Connection Manager

Description:
conmgr.exe is an ISP installation file. Sometimes used by ISPs to setup your Internet Connection, e.g. Earthlink. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.


Sounds like you do not have a problem and that the dialogue box is related to Franklin Covey (FC) . Why it just started doing it, I don't know. Perhaps it was just upgrade recently???

 

You're welcome.

 

If it only occurs when running FC, I would have to suspect that it is some setting related to it. It does not seem to be malware. You could dig into and documents or help files for FC to determine if they do this and why. I do not know anything about the program so I cannot help you with it. Other than that, you could try saying yes and see what happens.

 

Speak to FranklinCovey! Or check the Software Forum to see if anyone there is familia with the program. This is not an issue for this forum.