TechSpot

Random IE popups while using Firefox

Inactive
By keracz
Jul 31, 2011
  1. Hi!
    I scanned pc in safe mode with restore system off using five different software. (spybot, ad-aware, avg, malwarebytes, superantispyware) I found some infections and removed. I'm still getting annoying IE popups. Can anyone can check this log for me please
    .



    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by keracz at 16:56:51 on 2011-07-31
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2065 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredimail.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uDefault_Page_URL = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = *.local
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    StartupFolder: c:\docume~1\keracz\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279331093578
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
    TCP: Interfaces\{9A8456DB-6C9F-4B03-94EC-F1A9A78E2638} : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\keracz\application data\mozilla\firefox\profiles\p0fpmwvv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - eBay
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=&sourceid=navclient-ff&rlz=1R0GGLL_en&ie=UTF-8
    FF - component: c:\documents and settings\keracz\application data\mozilla\firefox\profiles\p0fpmwvv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\keracz\application data\mozilla\firefox\profiles\p0fpmwvv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: c:\documents and settings\keracz\application data\mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-22 10448]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
    R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
    S1 MpKsl0bc1e34a;MpKsl0bc1e34a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{199197d6-d9ae-4612-9d45-5374fbe180d8}\mpksl0bc1e34a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{199197d6-d9ae-4612-9d45-5374fbe180d8}\MpKsl0bc1e34a.sys [?]
    S1 MpKsl2e9f101b;MpKsl2e9f101b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{08382756-ce08-4e2f-a548-294c3fe6401f}\mpksl2e9f101b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{08382756-ce08-4e2f-a548-294c3fe6401f}\MpKsl2e9f101b.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-16 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-16 136176]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-07-31 20:24:01 388096 ----a-r- c:\documents and settings\keracz\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-07-31 20:24:01 -------- d-----w- c:\program files\Trend Micro
    2011-07-31 20:18:16 24983 ----a-w- c:\windows\system32\20181653141.dll
    2011-07-31 18:45:42 -------- d-----w- c:\documents and settings\keracz\application data\TrojanHunter
    2011-07-29 00:07:54 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-07-29 00:07:54 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-07-28 05:46:26 -------- d--h--w- C:\$AVG
    2011-07-28 05:22:38 -------- d-----w- c:\documents and settings\keracz\application data\AVG10
    2011-07-28 05:22:07 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-07-28 05:20:45 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-07-28 05:20:45 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-07-28 05:19:58 -------- d-----w- c:\program files\AVG
    2011-07-28 05:16:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-07-28 05:14:39 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-07-27 04:58:45 -------- d-----w- c:\documents and settings\keracz\application data\SUPERAntiSpyware.com
    2011-07-27 04:58:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-07-27 04:58:38 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-07-16 01:23:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-07-16 01:23:05 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-07-15 02:21:39 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-12 00:59:34 -------- d-----w- c:\documents and settings\keracz\application data\BDlot
    2011-07-11 03:00:47 -------- d-----w- c:\program files\common files\Data
    2011-07-11 02:58:42 197632 ----a-w- c:\program files\common files\OnlineFilesManager.dll
    2011-07-11 01:59:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-11 01:54:27 -------- d-----w- c:\program files\iPod
    2011-07-11 01:54:24 -------- d-----w- c:\program files\iTunes
    2011-07-11 01:51:25 -------- d-----w- c:\program files\Bonjour
    .
    ==================== Find3M ====================
    .
    2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-15 00:09:10 87608 ----a-w- c:\documents and settings\keracz\application data\inst.exe
    2011-06-15 00:09:09 47360 ----a-w- c:\documents and settings\keracz\application data\pcouffin.sys
    2011-06-09 21:05:11 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    ============= FINISH: 16:57:17.12 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.