Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continuous IE Pop ups when IE not in use


  • This topic is locked This topic is locked
2 replies to this topic

#1 babulcool

babulcool

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 03 January 2011 - 06:05 AM

I am getting continuous pop ups even when i am using IE and even when it is not in use. I am experiencing this problem even when i am playing games on my pc. I occurs once in 10-15 minutes. Please let me know if I can also post Hijackthis Logs.

Here is the DSS log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by shivashish at 16:23:30.26 on Mon 01/03/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526.697 [GMT 5.5:30]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! antivirus 4.8.1169 [VPS 110103-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\DOCUME~1\SHIVAS~1\LOCALS~1\Temp\Sdd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\shivashish\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
udefault_page_url = hxxp://www.microsoft.com
uSearch Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
mWinlogon: Taskman=c:\recycler\s-1-5-21-7150494987-2028990070-479354076-9998\sysdate.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdoosoft] c:\docume~1\shivas~1\locals~1\temp\herss.exe
uRun: [nod32] c:\docume~1\shivas~1\locals~1\temp\nodqq.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [JP595IR86O] c:\docume~1\shivas~1\locals~1\temp\Sdd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
StartupFolder: c:\docume~1\shivas~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\shivas~1\startm~1\programs\startup\flipto~1.lnk - c:\program files\fliptoast\fliptoast.exe
StartupFolder: c:\docume~1\shivas~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\shivas~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\securi~1.lnk - c:\program files\websecurity\services.exe
uPolicies-explorer: NoRealMode = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000343&p=ZKfox000&si=&a=0FYXneVGWqigYje47.YsiQ&n=2010032310
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shivas~1\applic~1\mozilla\firefox\profiles\gsc9018m.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKfox000&ptb=0FYXneVGWqigYje47.YsiQ&psa=&ind=2010032310&ptnrS=ZKfox000&si=&st=kwd&n=77cea8b6&searchfor=
FF - component: c:\documents and settings\shivashish\application data\mozilla\firefox\profiles\gsc9018m.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - plugin: c:\documents and settings\shivashish\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: KwiClick: vinceturk@gmail.com - c:\program files\kwiclick llc\KwiClick

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-3 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-11-27 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-27 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-11-27 144760]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-11-27 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-11-27 345464]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

=============== Created Last 30 ================

2011-01-03 10:29:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-01-03 10:29:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-03 10:22:01 -------- d-----w- c:\docume~1\shivas~1\locals~1\applic~1\Sunbelt Software
2011-01-03 10:21:25 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-03 10:21:01 -------- d-----w- c:\program files\Lavasoft
2011-01-02 09:17:58 -------- d-----w- c:\program files\FunWebProducts
2011-01-02 04:49:44 208896 ----a-w- c:\windows\Sfeqoa.exe
2011-01-02 04:49:32 297472 ----a-w- c:\windows\system32\sshnas21.dll
2010-12-31 14:06:19 -------- d-----w- c:\program files\Free Screen Recorder
2010-12-31 14:03:52 -------- d-----w- c:\docume~1\shivas~1\applic~1\com.w3i.FlipToast
2010-12-31 14:02:28 -------- d-----w- c:\program files\KwiClick LLC
2010-12-31 14:02:23 -------- d-----w- c:\program files\W3i
2010-12-31 14:02:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\W3i
2010-12-30 13:55:22 -------- d-----w- c:\docume~1\shivas~1\applic~1\PriceGong
2010-12-30 13:55:07 -------- d-----w- c:\docume~1\shivas~1\locals~1\applic~1\Conduit
2010-12-30 13:55:06 -------- d-----w- c:\program files\Conduit
2010-12-30 13:55:06 -------- d-----w- c:\docume~1\shivas~1\locals~1\applic~1\Freecorder
2010-12-30 13:55:05 -------- d-----w- c:\docume~1\shivas~1\locals~1\applic~1\ConduitEngine
2010-12-30 13:55:04 -------- d-----w- c:\program files\ConduitEngine
2010-12-30 13:53:19 -------- d-----w- c:\docume~1\shivas~1\locals~1\applic~1\FLVService
2010-12-30 13:53:15 -------- d-----w- c:\windows\Freecorder
2010-12-30 13:53:15 -------- d-----w- c:\program files\Freecorder
2010-12-28 08:50:14 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2010-12-27 14:26:05 -------- d-----w- c:\docume~1\shivas~1\locals~1\applic~1\Opera
2010-12-26 13:30:51 -------- d-----w- c:\docume~1\shivas~1\applic~1\qs
2010-12-26 13:29:21 -------- d-----w- c:\program files\QuickSnooker 7
2010-12-24 06:42:05 921600 ----a-w- c:\windows\system32\vorbisenc.dll
2010-12-24 06:42:05 45056 ----a-w- c:\windows\system32\ogg.dll
2010-12-24 06:42:05 237568 ----a-w- c:\windows\system32\OggDS.dll
2010-12-24 06:42:05 188416 ----a-w- c:\windows\system32\vorbis.dll
2010-12-24 06:41:56 -------- d-----w- c:\program files\Tennis Elbow 2009
2010-12-21 16:03:25 -------- d--h--w- c:\windows\PIF
2010-12-09 06:09:16 -------- d-----w- c:\docume~1\shivas~1\locals~1\applic~1\Unity
2010-12-05 09:01:12 -------- d-----w- c:\program files\Dream Match Tennis Pro

==================== Find3M ====================

2010-11-27 13:35:01 88 --sh--r- c:\docume~1\alluse~1\applic~1\30414341E4.sys
2010-11-27 13:35:01 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys

============= FINISH: 16:23:55.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:39 AM

Posted 04 January 2011 - 03:01 AM

Hi,

You have a lot of unwanted/not recommended programs here, so I suggest you uninstall them first.
Please uninstall the following:

* Conduit Engine
* Freecorder Toolbar

Then reboot.

Then, * Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:39 AM

Posted 11 January 2011 - 02:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users