Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Commercials/Shows/Ads Playing in Firefox


  • This topic is locked This topic is locked
6 replies to this topic

#1 User10121

User10121

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 04 December 2010 - 12:43 PM

Random audio plays in the background in Firefox.
Closing all my browser windows suthuts it off.
The sounds are from commercials/ads/other.

Running Windows 7 64 bit
Thanks for your help!





DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Voran at 12:28:19.80 on Sat 12/04/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2391 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Fraps\fraps.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Fraps\fraps64.dat
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k secsvcs
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Voran\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [<NO NAME>]
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: tms.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
AppInit_DLLs-X64: acaptuser64.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\adblockpopups@jessehakanen.net
FF - Extension: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\elemhidehelper@adblockplus.org
FF - Extension: Ant Video Downloader: anttoolbar@ant.com - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\anttoolbar@ant.com
FF - Extension: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\en-CA@dictionaries.addons.mozilla.org
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Extension: Fasterfox Lite: FasterFox_Lite@BigRedBrent - C:\Users\Voran\AppData\Roaming\Mozilla\Firefox\Profiles\7ut44boc.default\extensions\FasterFox_Lite@BigRedBrent

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-13 55856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-4-9 249496]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-4-9 33208]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-2-19 148744]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-9 65536]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-3-9 65536]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-5 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-22 5671792]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-4-19 1401672]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-25 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PS3 Media Server;PS3 Media Server;"C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" --> C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-5-10 1196032]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-11-22 18288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-30 1255736]

=============== Created Last 30 ================

2010-11-26 17:07:38 -------- d-----w- C:\Users\Voran\AppData\Local\ElevatedDiagnostics
2010-11-24 16:24:28 -------- d-----w- C:\Users\Voran\AppData\Local\Mozilla
2010-11-24 16:24:22 -------- d-----w- C:\Mozilla Firefox
2010-11-24 05:25:25 53248 ----a-r- C:\Users\Voran\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-24 05:25:11 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-11-24 05:24:41 -------- d-----w- C:\Users\Voran\AppData\Roaming\Logishrd
2010-11-23 22:49:43 -------- d-----w- C:\Users\Voran\AppData\Local\Logitech
2010-11-23 01:22:25 -------- d-----w- C:\Users\Voran\Turbo Squid Tentacles
2010-11-22 16:30:09 18288 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys
2010-11-22 16:29:53 -------- d-----w- C:\Program Files\Tablet
2010-11-22 16:18:04 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2010-11-22 16:17:53 112056 ----a-w- C:\Windows\SysWow64\acaptuser32.dll
2010-11-22 03:00:17 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{580C5B15-4B84-4E7E-A0CE-DA0FF009ADB4}\mpengine.dll
2010-11-22 00:33:59 -------- d-----w- C:\Windows\SysWow64\BestPractices
2010-11-22 00:33:59 -------- d-----w- C:\Windows\System32\msmq
2010-11-22 00:33:58 -------- d-----w- C:\Windows\System32\BestPractices
2010-11-22 00:33:58 -------- d-----w- C:\inetpub
2010-11-17 00:14:13 -------- d-----w- C:\FEAR Public Tools
2010-11-16 23:29:19 -------- d-----w- C:\New folder
2010-11-16 23:27:48 -------- d-----w- C:\FEARCombat
2010-11-16 23:26:26 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-11-16 23:26:26 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-11-16 23:26:26 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2010-11-16 23:26:26 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-11-16 23:26:26 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-11-16 23:26:26 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-11-16 23:26:26 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-11-16 23:26:25 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-11-15 19:31:12 -------- d-----w- C:\Users\Voran\AppData\Local\FOMM
2010-11-14 01:29:56 -------- d-----w- C:\Users\Voran\AppData\Roaming\Monolith Productions
2010-11-10 17:49:36 135568 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2010-11-08 04:06:53 -------- d-----w- C:\Program Files\iTunes
2010-11-08 04:06:53 -------- d-----w- C:\Program Files\iPod
2010-11-08 04:06:53 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-08 04:06:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-08 04:06:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-08 04:06:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-08 04:06:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-08 04:06:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-08 04:06:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-08 04:06:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-11-08 04:05:56 -------- d-----w- C:\Program Files\Bonjour
2010-11-08 04:05:56 -------- d-----w- C:\Program Files (x86)\Bonjour

==================== Find3M ====================

2010-10-25 18:17:16 151552 ----a-w- C:\Windows\SysWow64\nvRegDev.dll
2010-10-25 18:16:27 53248 ----a-w- C:\Windows\SysWow64\nvTextureToolsUtil.dll
2010-10-25 18:16:27 40960 ----a-w- C:\Windows\SysWow64\nvISWOW64.dll
2010-10-21 21:44:02 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 17:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 17:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 17:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 17:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
2010-10-15 00:54:26 362784 ----a-w- C:\Windows\System32\guard64.dll
2010-10-15 00:54:26 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2010-10-15 00:54:25 33208 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2010-10-15 00:54:25 249496 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2010-10-15 00:54:25 20864 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2010-10-14 16:54:06 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-10-14 16:54:06 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-10-14 16:54:06 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-10-14 16:54:06 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-10-08 06:22:54 61032 ----a-w- C:\Windows\System32\nvshext.dll
2010-10-02 22:45:08 5120 ----a-w- C:\Windows\System32\portio64.sys
2010-09-25 16:37:24 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-20 21:46:00 751472 ----a-w- C:\Windows\System32\Wacom_Tablet.dll
2010-09-20 21:46:00 600432 ----a-w- C:\Windows\System32\Wintab32.dll
2010-09-20 21:45:58 644976 ----a-w- C:\Windows\SysWow64\Wacom_Tablet.dll
2010-09-20 21:45:58 506736 ----a-w- C:\Windows\SysWow64\Wintab32.dll
2010-09-18 00:05:05 510840 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2010-09-18 00:02:48 88576 ----a-w- C:\Windows\SysWow64\OptimFROG.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 12:28:43.08 ===============

Attached Files

  • Attached File  ark.log   3.42KB   0 downloads

Edited by Budapest, 05 December 2010 - 04:38 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:40 AM

Posted 11 December 2010 - 05:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 User10121

User10121
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 15 December 2010 - 09:05 PM

Nothings changed, same thing every-time i open Firefox- 30min later audio ads play until i close Firefox. (just as long the browser is open on any site)

Attached Files



#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:40 AM

Posted 16 December 2010 - 09:36 AM

Hello User10121

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate.If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Thank you for your patience!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:40 AM

Posted 16 December 2010 - 06:38 PM

Hi User10121,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case Vuze). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.


I see you have TuneUp Utilities 2010 installed which contains a registry cleaner. Plase be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

More information about registry cleaners can be found at Miekiemoes Blog

Step 1.

We need to disable Spybot S&D's "TeaTimer"

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

Step 2.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

    Note - If you have AVG or CA installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover http://www.appremover.com/supported-applications
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed,
    (Win XP Only
    ) With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

In your next reply please include the following:

ComboFix.txt



How is your computer running?

Thanks!!
PW

#6 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:40 AM

Posted 20 December 2010 - 04:26 PM

Hi User10121


Do you still need assistance?
PW

#7 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:40 AM

Posted 23 December 2010 - 08:49 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users