Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EI keeps popping up with unwanted adds


  • Please log in to reply
1 reply to this topic

#1 Gak009

Gak009

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 08 October 2009 - 01:35 AM

My IE explorer keeps popping up with adds even when im not running EI. Ive ran my AVG scan and removed all Trojans and still get this problem. Here is my log and attachment.
Attached File  Attach.txt   12.76KB   2 downloads


DDS (Ver_09-09-29.01) - NTFSx86
Run by Gak at 1:42:14.21 on Thu 10/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.2636 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OCZ Technology\Mouse\Amoumain.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\program files\steam\steam.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\system32\pxwq.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Gak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\Gak\LOCALS~1\Temp\a.exe
C:\Documents and Settings\Gak\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gak\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\gak\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [PopRock] c:\docume~1\gak\locals~1\temp\a.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WheelMouse] c:\program files\ocz technology\mouse\Amoumain.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Turbine Download Manager Tray Icon] "d:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [Launch LGDCore] "c:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\lcdmon.exe"
mRun: [cftmon] c:\windows\system32\pxwq.exe
mRun: [Qtobazomopajebo] rundll32.exe "c:\windows\elupugof.dll",Startup
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli vckbrt.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {8F19E71A-7FAD-4AB5-958D-8720D912B3E7} - c:\documents and settings\gak\local settings\application data\{8F19E71A-7FAD-4AB5-958D-8720D912B3E7}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-13 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-13 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-13 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-13 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-13 297752]
R2 LiveTurbineMessageService;Turbine Message Service - Live;d:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-9-2 267760]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;d:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-9-2 218608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-10-07 23:07 120 a------- c:\windows\Cduduta.dat
2009-10-07 23:07 0 a------- c:\windows\Wfiruxafujaho.bin
2009-10-07 23:04 169,984 a------- c:\windows\msb.exe
2009-10-07 23:04 169,984 a------- c:\windows\msa.exe
2009-10-07 23:04 47,104 a------- c:\windows\wpvi8027.exe
2009-10-07 23:04 218 a------- c:\windows\system32\winset.ini
2009-10-07 23:04 145,920 a------- c:\windows\epljp25350.exe
2009-10-07 22:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-10-07 22:44 <DIR> --d----- c:\program files\RealArcade
2009-10-07 22:33 <DIR> --d----- c:\docume~1\gak\applic~1\Meridian93
2009-10-07 20:02 <DIR> --d----- c:\program files\common files\Logitech
2009-10-07 19:58 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-10-07 19:58 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-10-07 08:17 274,288 a------- c:\windows\system32\mucltui.dll
2009-10-07 08:17 215,920 a------- c:\windows\system32\muweb.dll
2009-10-07 08:17 16,736 a------- c:\windows\system32\mucltui.dll.mui
2009-10-06 23:09 <DIR> --d----- c:\program files\Yahoo!
2009-10-06 17:33 <DIR> --d----- c:\documents and settings\gak\Tracing
2009-10-06 17:29 <DIR> --d----- c:\program files\common files\Windows Live
2009-10-06 17:06 <DIR> --d----- c:\docume~1\gak\applic~1\MSNInstaller
2009-09-28 14:02 <DIR> --d----- c:\program files\iPod
2009-09-27 15:26 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-09-27 15:26 21,504 a------- c:\windows\system32\hidserv.dll
2009-09-27 15:26 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-09-27 15:26 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-27 15:26 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-09-27 15:26 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-09-13 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-09 12:18 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-08-29 19:19 34 a------- c:\documents and settings\gak\jagex_runescape_preferences.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-24 11:36 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-24 11:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-21 18:05 281,760 a------- c:\windows\system32\drivers\atksgt.sys
2009-08-21 18:05 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2009-08-11 14:48 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-05 05:01 204,800 ac------ c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 ac------ c:\windows\system32\wmpdxm.dll
2009-04-15 23:40 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040620090413\index.dat
2009-04-15 23:40 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041520090416\index.dat

============= FINISH: 1:43:55.71 ===============

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:29 AM

Posted 24 October 2009 - 08:31 AM

hi,

Sorry for the delay. Your log is old. If you still need help: Please provide a new DDS log in your reply and we will get started.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users