Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post "Congratulations, you won" &am ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Go to first new post Family Cyber Removal
Go to first new post System Check problem
Go to first new post hijack this log ......
Go to first new post Trojan virus
Go to first new post "svchost application error 0x6fe217 ...
Go to first new post Cannot access any google sites - youtube ...
Go to first new post My computer is slowly dying
Go to first new post Trojan Hider
Go to first new post We Got System Checked :-(
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Incredibar Removal - Support Pls!
Go to first new post need help regarding malware/spyware
Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Internet Explorer/Popup ads running in background (New)

Reply  
Thread Tools
codycharris's Avatar
Junior Member with 3 posts.
  
Join Date: Sep 2008
26-Sep-2008, 09:55 PM #1
Popup ads running in background (annoying voice mentioning free ipod nano)
My computer has been fine for a long time. Just a few days ago, not long after I installed the newest update for Java...I began having problems with popup ads. Usually if I'm using the computer they'll popup in the background and disappear, but when I get back on my computer after it hasn't been used for a while, I will see ads on the screen. For some reason IEXPLORE.EXE is running at all times in the background. I use Firefox and very rarely will use IE. When I try to remove the process, it disappears and then starts running again just seconds later.

I'm not sure if this is related, but I did get an error about a file called "UPNP.exe"

Here is my HijackThis log:

---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:09 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\IEInspector\HTTPAnalyzerFullV3\InjectWinSockServiceV3.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\grasssoft\mouserecorder\MacroService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\grasssoft\mouserecorder\MacroServiceWnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wS16383S.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\W4vmipu4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: IE HTTPAnalyzer V3 - {3B28142E-6D05-47AB-A263-0556C785EBB4} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL
O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V3 - {3B28142E-6D05-47AB-A263-0556C785EBB4} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HttpAnalyzerV3 CodeHook service (HttpAnalyzerV3 DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerFullV3\InjectWinSockServiceV3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macro Expert - Grass Software - c:\program files\grasssoft\mouserecorder\MacroService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11085 bytes

Thanks
Last edited by codycharris; 27-Sep-2008 at 05:22 PM..
Register for free to hide this ad!
codycharris's Avatar
Junior Member with 3 posts.
  
Join Date: Sep 2008
27-Sep-2008, 12:33 AM #2
I also ran ComboFix. Here is my ComboFix log:

ComboFix 08-09-26.01 - Administrator 2008-09-26 20:54:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.492 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ADMINI~1.SHA\LOCALS~1\Temp\tmp1.tmp
C:\DOCUME~1\ADMINI~1.SHA\LOCALS~1\Temp\tmp2.tmp
C:\Documents and Settings\NetworkService\Cookies\system@azjmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\WINDOWS\system32\W4vmipu4.dll
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-26 19:02 . 2008-09-26 19:02 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Viewpoint
2008-09-26 18:39 . 2008-09-26 18:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-25 18:15 . 2008-09-26 02:31 39,426 --a------ C:\WINDOWS\system32\wS16383S.exe_
2008-09-25 18:15 . 2008-09-26 20:11 39,426 --a------ C:\WINDOWS\system32\wS16383S.exe
2008-09-25 17:48 . 2008-02-05 20:20 628,760 -ra------ C:\WINDOWS\system32\drivers\lvrs.sys
2008-09-25 17:48 . 2008-02-05 19:40 25,056 -ra------ C:\WINDOWS\system32\Repository.reg
2008-09-25 17:47 . 2008-02-05 20:21 4,658,456 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys
2008-09-25 17:47 . 2008-02-05 20:21 490,008 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-09-25 17:47 . 2008-02-05 20:21 465,432 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-25 17:47 . 2008-02-05 20:18 416,280 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-09-25 17:47 . 2008-02-05 20:18 195,096 -ra------ C:\WINDOWS\system32\lvci11701196.dll
2008-09-25 17:47 . 2008-02-05 19:37 66,482 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-09-25 17:47 . 2008-02-05 20:21 41,752 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-09-25 17:47 . 2008-02-05 20:21 23,832 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-09-25 17:47 . 2008-09-26 17:45 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2008-09-25 17:47 . 2008-09-26 17:45 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad
2008-09-25 17:39 . 2008-09-25 17:39 <DIR> d-------- C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\Leadertech
2008-09-25 17:38 . 2008-09-25 17:38 <DIR> d-------- C:\Program Files\Logitech
2008-09-25 17:38 . 2008-09-25 17:47 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-09-25 17:38 . 2008-09-25 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-25 17:38 . 2008-09-25 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-09-25 17:30 . 2005-07-29 20:01 121,856 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2008-09-25 17:30 . 2005-07-29 20:01 121,856 --a--c--- C:\WINDOWS\system32\dllcache\usbvideo.sys
2008-09-25 17:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-25 17:30 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-24 23:18 . 2008-09-26 17:50 <DIR> d-------- C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\skypePM
2008-09-24 23:18 . 2008-09-24 23:18 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-24 23:16 . 2008-09-26 20:50 <DIR> d-------- C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\Skype
2008-09-24 23:14 . 2008-09-24 23:14 <DIR> d-------- C:\Program Files\Skype
2008-09-24 23:14 . 2008-09-24 23:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-24 23:14 . 2008-09-24 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-09-23 15:00 . 2008-09-23 15:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-23 15:00 . 2008-09-23 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 18:24 . 2008-09-20 18:24 0 --a------ C:\WINDOWS\system32\wS16383S.exe.a_a
2008-09-20 16:09 . 2008-09-20 16:09 30,272 --a------ C:\WINDOWS\system32\X84VYT3S.exe
2008-09-20 16:09 . 2008-09-20 16:09 0 --a------ C:\WINDOWS\system32\X84VYT3S.exe.a_a
2008-09-13 14:24 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-13 14:24 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-13 14:22 . 2008-09-13 14:24 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 14:22 . 2008-09-13 14:22 <DIR> d-------- C:\Program Files\iPod
2008-09-13 14:22 . 2008-09-13 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 14:17 . 2008-09-13 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-13 14:10 . 2008-09-13 14:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-13 14:08 . 2008-09-13 14:08 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-07 18:24 . 2008-09-07 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 20:38 --------- d-----w C:\Program Files\BitComet
2008-09-26 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-26 07:55 --------- d-----w C:\Program Files\Zoom Player
2008-09-24 01:21 --------- d-----w C:\Program Files\DAEMON Tools
2008-09-23 21:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 21:52 --------- d-----w C:\Program Files\Java
2008-09-13 20:21 --------- d-----w C:\Program Files\Bonjour
2008-09-13 20:19 --------- d-----w C:\Program Files\QuickTime
2008-09-12 03:15 --------- d-----w C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\Move Networks
2008-09-06 08:24 --------- d-----w C:\Program Files\LogMeIn
2008-08-24 23:35 --------- d-----w C:\Program Files\DivX
2008-08-24 22:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-24 03:41 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-24 03:39 --------- d-----w C:\Program Files\Nero
2008-08-24 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-20 19:56 --------- d-----w C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\MilkShape 3D 1.x.x
2008-08-18 19:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-13 23:39 --------- d-----w C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\uTorrent
2008-08-12 01:06 --------- d-----w C:\Program Files\Morgan
2008-08-12 01:04 --------- d-----w C:\Program Files\eX-Sense PRO
2008-08-09 04:14 --------- d-----w C:\Program Files\Xilisoft
2008-08-09 04:14 --------- d-----w C:\Program Files\WinXMedia
2008-08-09 04:08 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-08-08 04:02 --------- d-----w C:\Program Files\LimeWire
2008-08-08 04:02 --------- d-----w C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\LimeWire
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 04:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 04:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-08-09 20:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 20:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2007-08-19 08:42 12,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"Google Update"="C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 188416]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-03-19 295606]
Adobe Acrobat Synchronizer.lnk - K:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.SHAQ-E15B2E1EF9^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.SHAQ-E15B2E1EF9^Start Menu^Programs^Startup^StarOffice 8.lnk]
path=C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Start Menu\Programs\Startup\StarOffice 8.lnk
backup=C:\WINDOWS\pss\StarOffice 8.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Firefox Preloader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Firefox Preloader.lnk
backup=C:\WINDOWS\pss\Firefox Preloader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-23 00:24 620152 K:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 15:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Macro Manager]
--a------ 2007-04-02 00:53 2080768 C:\Program Files\GrassSoft\MouseRecorder\MacroManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 06:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
--a------ 2007-06-13 03:04 360448 C:\Program Files\AGLOCO Viewbar\ViewBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"27201:TCP"= 27201:TCP:BitComet 27201 TCP
"27201:UDP"= 27201:UDP:BitComet 27201 UDP

R2 aliasdocserver;Alias Documentation Server;C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe [2003-11-07 110592]
R2 HttpAnalyzerV3 DllInjectService;HttpAnalyzerV3 CodeHook service;C:\Program Files\IEInspector\HTTPAnalyzerFullV3\InjectWinSockServiceV3.exe [2008-03-17 535552]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R2 Macro Expert;Macro Expert;c:\program files\grasssoft\mouserecorder\MacroService.exe [2007-01-28 143360]
S3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-02-05 628760]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-MMTray - MMTray.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\Mozilla\Firefox\Profiles\n787zyr8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Application Data\Mozilla\Firefox\Profiles\n787zyr8.default\extensions\LogMeInClient@log mein.com\plugins\npRACtrl.dll
FF -: plugin - C:\Documents and Settings\Administrator.SHAQ-E15B2E1EF9\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.969.23408\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npkanevapatch.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 21:10:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-26 21:12:48
ComboFix-quarantined-files.txt 2008-09-27 03:12:12

Pre-Run: 2,407,178,240 bytes free
Post-Run: 10,808,307,712 bytes free

265
codycharris's Avatar
Junior Member with 3 posts.
  
Join Date: Sep 2008
27-Sep-2008, 05:24 PM #3
Now there is a voice in the background that every few minutes will start to talk saying that I have "won a free iPod nano." It is extremely annoying. I've run adaware, AVG, and Spybot S&D and still this is not fixed. Any help is appreciated!

Thanks
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 05:24 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.