Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

websitesurvey.com popups & google work at home popups


  • This topic is locked This topic is locked
1 reply to this topic

#1 AmandaW

AmandaW

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 22 December 2009 - 02:12 PM

I keep getting popups for websitesurvey.com when I visit other websites. They aren't just little popups it is pulling up a new web browser to display the page and sometimes it is a new page for the google work at home ads that are scams.. I can't figure out how to get this to stop as it happens on almost every visit to a new website. I've used spyware removal and virus protection and it isn't finding the problem. Oh and I don't know if this is apart of it or a problem of its own but since this has started when my computer boots up I get an error message about Windows update.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Manda at 12:46:01.25 on Tue 12/22/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2813.1342 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:Windowssystem32Ati2evxx.exe
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32Ati2evxx.exe
C:Windowssystem32svchost.exe -k NetworkService
C:Program FilesLavasoftAd-AwareAAWService.exe
C:Windowssystem32WLANExt.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32spoolsv.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32taskeng.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesTOSHIBATOSCDSPDTOSCDSPD.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Windowsehomeehmsas.exe
C:Program FilesAdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe
C:Windowssystem32agrsmsvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:Windowssystem32svchost.exe -k hpdevmgmt
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:TOSHIBAIVPISMpinger.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Windowssystem32svchost.exe -k imgsvc
c:TOSHIBAIVPswupdateswupdtmr.exe
C:Program FilesTOSHIBATOSHIBA DVD PLAYERTNaviSrv.exe
C:Windowssystem32TODDSrv.exe
C:Program FilesTOSHIBAPower SaverTosCoSrv.exe
C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:Program FilesWindows MailWinMail.exe
C:Windowssystem32wuauclt.exe
C:TOSHIBAIVPISMivpsvmgr.exe
C:UsersMandaDownloadsRootRepeal.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersMandaDownloadsdds.scr
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - c:program filesmypoints toolbar 2.0Helper.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:program filesbitcomettoolsBitCometBHO_1.3.7.16.dll
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:program filesmypoints toolbar 2.0Toolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscanscriptsn.dll
BHO: MyPoints Toolbar: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:progra~1mypointsmypoints.dll
BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:windowssystem32TwcToolbarBho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
TB: MyPoints Toolbar: {a057a204-bacc-4d26-cec4-75a487fd6484} - c:progra~1mypointsmypoints.dll
TB: MyPoints Toolbar 2.0: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:program filesmypoints toolbar 2.0Toolbar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:windowssystem32TwcToolbarIe7.dll
uRun: [TOSCDSPD] "c:program filestoshibatoscdspdTOSCDSPD.exe"
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [mcagent_exe] "c:program filesmcafee.comagentmcagent.exe" /runkey
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:program filesbitcometBitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:program filesbitcometBitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:program filesbitcometBitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~2office10EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:program filesbitcomettoolsBitCometBHO_1.3.7.16.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:usersmandaappdataroamingmozillafirefoxprofilespw8auqwv.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:usersmandaappdataroamingmozillafirefoxprofilespw8auqwv.defaultextensions{b042753d-f57e-4e8e-a01b-7379a6d4cefb}componentsIBitCometExtension.dll
FF - plugin: c:program filesmozilla firefoxpluginsNPcol308.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll
FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-12-21 64288]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:windowssystem32driversjswpslwf.sys [2008-8-18 20384]
R3 FwLnk;FwLnk Driver;c:windowssystem32driversFwLnk.sys [2008-5-5 7168]
R3 mfeavfk;McAfee Inc. mfeavfk;c:windowssystem32driversmfeavfk.sys [2009-12-21 79816]

=============== Created Last 30 ================

2009-12-22 16:15:05 0 d-----w- c:program filesTrend Micro
2009-12-21 21:32:09 8126 ----a-w- c:windowssystem32Config.MPF
2009-12-21 21:26:31 79816 ----a-w- c:windowssystem32driversmfeavfk.sys
2009-12-21 21:26:31 40552 ----a-w- c:windowssystem32driversmfesmfk.sys
2009-12-21 21:26:31 35272 ----a-w- c:windowssystem32driversmfebopk.sys
2009-12-21 21:26:20 130424 ----a-w- c:windowssystem32driversMpfp.sys
2009-12-21 21:25:34 0 d-----w- c:program filescommon filesMcAfee
2009-12-21 21:25:31 0 d-----w- c:program filesMcAfee.com
2009-12-21 21:25:24 0 d-----w- c:program filesMcAfee
2009-12-21 21:17:33 34248 ----a-w- c:windowssystem32driversmferkdk.sys
2009-12-21 21:13:44 0 ---ha-w- C:ProgramData.LOG2
2009-12-21 21:13:44 0 ---ha-w- C:ProgramData.LOG1
2009-12-21 20:53:07 15880 ----a-w- c:windowssystem32lsdelete.exe
2009-12-21 18:53:41 64288 ----a-w- c:windowssystem32driversLbd.sys
2009-12-21 18:28:56 0 dc-h--w- c:programdata{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-21 18:28:35 0 d-----w- c:programdataLavasoft
2009-12-21 18:28:35 0 d-----w- c:program filesLavasoft
2009-12-17 20:34:05 0 d-----w- c:program filesOSI Codes Inc
2009-12-17 16:01:32 0 d-----w- c:program filesonOne Software
2009-12-16 23:35:40 0 d-----w- c:program filescommon filesPX Storage Engine
2009-12-10 09:05:27 24064 ----a-w- c:windowssystem32nshhttp.dll
2009-12-10 09:05:23 411136 ----a-w- c:windowssystem32drivershttp.sys
2009-12-10 09:05:23 31232 ----a-w- c:windowssystem32httpapi.dll
2009-11-26 13:54:03 2048 ----a-w- c:windowssystem32tzres.dll
2009-11-25 12:34:54 1399296 ----a-w- c:windowssystem32msxml6.dll
2009-11-25 12:34:53 1257472 ----a-w- c:windowssystem32msxml3.dll
2009-11-25 12:34:48 714240 ----a-w- c:windowssystem32timedate.cpl

==================== Find3M ====================

2009-11-21 06:40:20 916480 ----a-w- c:windowssystem32wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:windowssystem32iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:windowssystem32iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:windowssystem32ieUnatt.exe
2009-11-04 22:54:12 214664 ----a-w- c:windowssystem32driversmfehidk.sys
2009-11-03 02:42:06 195456 ------w- c:windowssystem32MpSigStub.exe
2009-10-07 12:41:32 244224 ----a-w- c:windowssystem32rastls.dll
2009-10-07 12:41:31 281600 ----a-w- c:windowssystem32raschap.dll
2009-08-25 17:26:20 51200 ----a-w- c:windowsinfinfpub.dat
2009-08-25 17:26:19 86016 ----a-w- c:windowsinfinfstor.dat
2009-08-25 17:26:19 143360 ----a-w- c:windowsinfinfstrng.dat
2008-10-12 18:45:36 665600 ----a-w- c:windowsinfdrvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2008-10-12 16:16:44 14 --sh--r- c:windowssystem32driversfbd.sys
2008-10-12 16:16:43 4 --sh--r- c:windowssystem32driverstaishop.sys

============= FINISH: 12:49:40.92 ===============

Here is the other website that pops up, it is this one and the websitesurvey.com. It just popped up so I wanted to add this in because I couldn't remember it when I created the post

hxxp://www.local-news-online.com/?t202id=12893&t202kw=

Deactivate link, merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 25 December 2009 - 01:17 PM.


BC AdBot (Login to Remove)

 


#2 AmandaW

AmandaW
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 31 December 2009 - 01:56 PM

You can close this, no one responded to me and the virus ended up eating my computer alive.. wouldn't allow me to even boot up unless in safe mode. Had to reformat and lose my stuff.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users