Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop ups happen when using IE7


  • This topic is locked This topic is locked
2 replies to this topic

#1 mwclarksr

mwclarksr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 06 March 2009 - 08:45 PM

Hello;

For some odd reason, I must have malwear somewhere on my computer, and I have yet to find it. Everytime I go to a new website, no matter if I'm using IE7 or Firefox 3, Pop ups appear in new windows.

I have Iolo Antivirus and Super Anti-Spywear, but nither one have found a thing. Whatever it is, it will not let me turn on my Automatic Updates. I keep getting error code 1058 when I try to turn it on using the services.msc command in the run application. So here are my 2 attachments. First the DDS:

DDS (Ver_09-02-01.01) - NTFSx86
Run by IrocSS at 20:22:47.70 on 06-Mar-09
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2168 [GMT -5:00]

AV: iolo AntiVirus® *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iolo\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HT TV Plus 4.0 Gold\TVR 2.0\scheduleTV.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkSrv2K_.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mmc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\IrocSS\My Documents\Zip Files from Discs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost
BHO: {6b85e61b-77f2-1e6a-e9f4-a441883a9da3}: {3ad9a388-144a-4f9e-a6e1-2f77b16e58b6} - c:\windows\system32\ffjrnl.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\ssqnmjkL.dll
BHO: {e8110374-a275-460c-9c12-a729b7ea78a9} - c:\windows\system32\rqRIaBQg.dll
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [EssSpkPhone] essspk.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
mRun: [iolo AntiVirus] "c:\program files\iolo\antivirus\ioloAV.exe"
mRun: [ac5ba24e] rundll32.exe "c:\windows\system32\csjrdjam.dll",b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\schedu~1.lnk - c:\program files\ht tv plus 4.0 gold\tvr 2.0\scheduleTV.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\iavlsp.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ssqnmjkL - ssqnmjkL.dll
AppInit_DLLs: ffjrnl.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\ssqnmjkL.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRIaBQg

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\irocss\applic~1\mozilla\firefox\profiles\7c1dm4g2.default\

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-6 628584]
R2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-6 628584]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-6 628584]
R2 StkSSrv;USB2.0 TVBOX Service;c:\windows\system32\StkSrv2K_.exe [2009-3-6 24576]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
R3 StkMini;USB2.0 TVBox;c:\windows\system32\drivers\StkMini.sys [2009-3-6 750303]

=============== Created Last 30 ================

2009-03-06 20:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-06 20:00 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-06 20:00 <DIR> --d----- c:\docume~1\irocss\applic~1\SUPERAntiSpyware.com
2009-03-06 19:59 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-06 19:41 37,376 a------- c:\windows\system32\jkkKbBTl.dll
2009-03-06 19:15 37,376 a------- c:\windows\system32\mlJApMgD.dll
2009-03-06 19:14 1,806,793 ---sh--- c:\windows\system32\majdrjsc.ini
2009-03-06 19:13 81,920 a------- c:\windows\system32\csjrdjam.dll
2009-03-06 19:13 124,928 a------- c:\windows\system32\ffjrnl.dll
2009-03-06 19:13 124,928 a------- c:\windows\system32\moixippm.dll
2009-03-06 19:12 11,098 a--sh--- c:\windows\system32\gQBaIRqr.ini2
2009-03-06 19:12 0 a--sh--- c:\windows\system32\gQBaIRqr.ini
2009-03-06 19:12 303,616 a------- c:\windows\system32\rqRIaBQg.dll
2009-03-06 19:07 48,128 a------- c:\windows\system32\fccYrpoO.dll
2009-03-06 19:07 37,376 a------- c:\windows\system32\ssqnmjkL.dll
2009-03-06 18:53 432 a------- c:\windows\system32\iolo.ini
2009-03-06 18:39 <DIR> --d----- c:\program files\directx
2009-03-06 18:39 <DIR> --d----- c:\program files\HT TV Plus 4.0 Gold
2009-03-06 18:36 126,976 a------- c:\windows\system32\iavlsp.dll
2009-03-06 18:36 <DIR> --d----- c:\program files\common files\Authentium
2009-03-06 18:36 <DIR> --d----- c:\program files\iolo
2009-03-06 18:35 74,703 a------- c:\windows\system32\mfc45.dll
2009-03-06 18:35 <DIR> --d----- c:\docume~1\irocss\applic~1\iolo
2009-03-06 18:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2009-03-06 18:22 0 a------- c:\windows\14A_510A[10c].INI
2009-03-06 18:18 0 a------- c:\windows\RPC1_20D.INI
2009-03-06 18:15 0 a------- c:\windows\AUTO_20D.INI
2009-03-06 17:20 <DIR> --d----- c:\windows\system32\scripting
2009-03-06 17:20 <DIR> --d----- c:\windows\system32\en
2009-03-06 17:20 <DIR> --d----- c:\windows\system32\bits
2009-03-06 17:20 <DIR> --d----- c:\windows\l2schemas
2009-03-06 17:19 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-06 17:15 <DIR> --d----- c:\windows\EHome
2009-03-06 17:14 647 a------- c:\windows\system\Cmicnfg3.ini
2009-03-06 17:13 5,504 a------- c:\windows\system32\drivers\mstee.sys
2009-03-06 17:13 10,880 a------- c:\windows\system32\drivers\ndisip.sys
2009-03-06 17:13 15,232 a------- c:\windows\system32\drivers\streamip.sys
2009-03-06 17:13 16,384 a------- c:\windows\system32\ipsink.ax
2009-03-06 17:13 11,136 a------- c:\windows\system32\drivers\slip.sys
2009-03-06 17:13 19,200 a------- c:\windows\system32\drivers\wstcodec.sys
2009-03-06 17:11 20,992 a------- c:\windows\system32\dshowext.ax
2009-03-06 16:59 <DIR> --d----- c:\program files\Xtreme Sound PCI
2009-03-06 16:59 <DIR> --d----- c:\program files\Xtreme Sound Driver Setup
2009-03-06 16:58 376 a------- c:\windows\ODBC.INI
2009-03-06 16:58 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-06 16:57 <DIR> --d----- c:\windows\ShellNew
2009-03-06 16:55 618,496 a------- c:\windows\system32\stvcol.dll
2009-03-06 16:55 105,292 a------- c:\windows\restart.exe
2009-03-06 16:55 69,632 a------- c:\windows\system32\stv680sl.dll
2009-03-06 16:55 49,152 a------- c:\windows\system32\stvscale.dll
2009-03-06 16:55 32,172 a------- c:\windows\system32\STV680u.cfg
2009-03-06 16:55 <DIR> --d----- c:\program files\AIPTEK
2009-03-06 16:55 331,776 a------- c:\windows\system32\g2video1.ocx
2009-03-06 16:55 245,760 a------- c:\windows\system32\STV680u.dll
2009-03-06 16:55 119,536 a------- c:\windows\system32\drivers\stv680.sys
2009-03-06 16:55 49,152 a------- c:\windows\system32\STV680tg.dll
2009-03-06 16:55 40,960 a------- c:\windows\system\Omniuns.exe
2009-03-06 16:52 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-03-06 16:52 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-06 16:52 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-03-06 16:50 44,288 a------- c:\windows\system32\drivers\WmXlCore.sys
2009-03-06 16:50 21,216 a------- c:\windows\system32\drivers\WmFilter.sys
2009-03-06 16:50 10,144 a------- c:\windows\system32\drivers\WmBEnum.sys
2009-03-06 16:50 5,728 a------- c:\windows\system32\drivers\WmVirHid.sys
2009-03-06 16:49 81,920 -----r-- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2009-03-06 16:48 10,432 a------- c:\windows\system32\drivers\itchfltr.sys
2009-03-06 16:48 322,832 a------- c:\windows\system32\MFC30.DLL
2009-03-06 16:48 <DIR> --d----- c:\program files\common files\Logitech
2009-03-06 16:48 <DIR> --d----- c:\windows\network diagnostic
2009-03-06 16:43 172,032 a------- c:\windows\system32\lxcginsb.dll
2009-03-06 16:43 <DIR> --d----- c:\program files\Lexmark 2300 Series
2009-03-06 16:43 <DIR> --d----- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2009-03-06 16:42 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-03-06 16:33 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-06 16:33 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-03-06 16:33 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-03-06 16:33 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-06 16:33 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-06 16:33 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-06 16:33 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-06 16:32 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-06 16:32 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-06 16:32 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-06 16:32 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-06 16:31 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-06 16:29 482,304 ac------ c:\windows\system32\dllcache\pintlgnt.ime
2009-03-06 16:28 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-03-06 16:27 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-03-06 16:26 13,738 a------- c:\windows\system32\wpa.bak
2009-03-06 16:23 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-06 16:21 145,408 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-06 16:21 145,408 a----r-- c:\windows\system32\drivers\e100b325.sys
2009-03-06 16:21 118,784 a----r-- c:\windows\system32\Prounstl.exe
2009-03-06 16:21 24,064 a----r-- c:\windows\system32\IntelNic.dll
2009-03-06 16:21 12,288 a----r-- c:\windows\system32\e100bmsg.dll
2009-03-06 16:21 5,110 a----r-- c:\windows\system32\e100b325.din
2009-03-06 16:20 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2009-03-06 16:20 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-03-06 16:20 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-06 16:20 702,188 ac------ c:\windows\system32\dllcache\es56hpi.sys
2009-03-06 16:20 702,188 a----r-- c:\windows\system32\drivers\es56hpi.sys
2009-03-06 16:20 167,936 a----r-- c:\windows\essspk.exe
2009-03-06 16:20 49,152 a----r-- c:\windows\remvess.exe
2009-03-06 16:20 <DIR> --d----- C:\drivers
2009-03-06 16:16 <DIR> --d----- c:\documents and settings\IrocSS
2009-03-06 16:15 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-06 15:41 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-06 15:39 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-03-06 15:38 57,856 ac------ c:\windows\system32\dllcache\esuimgd.dll
2009-03-06 15:37 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-06 15:37 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-03-06 15:37 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-06 15:37 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-03-06 15:37 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-03-06 15:37 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-06 15:37 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-06 15:37 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-06 15:37 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-06 15:37 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-03-06 15:37 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-03-06 15:37 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-06 15:36 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-03-06 15:36 <DIR> --d----- c:\windows\system32\DirectX
2009-03-06 15:35 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-06 15:33 <DIR> --d----- c:\program files\Online Services
2009-03-06 15:33 <DIR> --d----- c:\program files\Messenger
2009-03-06 15:32 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-06 15:31 <DIR> --d----- c:\program files\Windows NT
2009-03-06 10:14 <DIR> --d----- c:\program files\common files\ODBC
2009-03-06 10:14 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-06 10:13 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-03-06 17:22 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-06 15:33 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 20:25:27.95 ===============



And attached is the Attach.txt

Thank-You

Matthew

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:29 PM

Posted 15 March 2009 - 11:42 PM

Hello mwclarksr,

Sorry for the delay. We have over 600 logs backed up.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:29 PM

Posted 11 April 2009 - 10:13 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users