Thread: Issue with ADWare...Please help
View Single Post
Old 08-03-2008, 09:15 AM   #1 (permalink)
mpkthecpa
Registered User
 
Join Date: Feb 2005
Posts: 58
OS: XP


Issue with ADWare...Please help
recently, i have been getting the same annoying ad popping up on various sites that i visit frequently (so not isolated to one site in particular).

the ad says "Congratulations!!! You've won a free prize. Click 2 Claim". also, the ad makes an annoying beeping noise over and over and doesn't stop unless i leave the site.

i have followed the 5 step process and performed a DSS scan. Below is my main txt results, and i have attached the extra txt file. Any help would be appreciated. Thanks.

Deckard's System Scanner v20071014.68
Run by Matt on 2008-08-03 10:59:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2008-08-03 14:59:28 UTC - RP572 - Deckard's System Scanner Restore Point
92: 2008-08-03 08:21:21 UTC - RP571 - System Checkpoint
91: 2008-08-02 07:20:48 UTC - RP570 - System Checkpoint
90: 2008-08-01 07:01:06 UTC - RP569 - Software Distribution Service 3.0
89: 2008-07-31 16:53:18 UTC - RP568 - System Checkpoint


-- First Restore Point --
1: 2008-05-05 23:28:08 UTC - RP480 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.05 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-03 11:02:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54CFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matt\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/html - {927b7047-ff60-4bdd-9444-c983928e3e2f} - C:\WINDOWS\system32\iehlpr32.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 7735 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 OMCI (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 mrtRate - c:\windows\system32\drivers\mrtrate.sys <Not Verified; Marimba, Inc.; Rate Sensing Manager>
R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\stac97.sys <Not Verified; SigmaTel, Inc.; AC'97 Audio Controller with SigmaTel CODEC device driver.>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
S3 xlink (XLink Driver (xlink.sys)) - c:\windows\system32\drivers\xlink.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NICSer_WPC54GS - c:\program files\linksys\wireless-g notebook adapter with speedbooster\nicserv.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2315C81394FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2315C81394FC000
Service: NIC1394

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: BCM V.92 56K Modem
Device ID: PCI\VEN_8086&DEV_24D6&SUBSYS_4D6414E4&REV_02\3&61AAA01&0&FE
Manufacturer: Broadcom Corporation
Name: BCM V.92 56K Modem
PNP Device ID: PCI\VEN_8086&DEV_24D6&SUBSYS_4D6414E4&REV_02\3&61AAA01&0&FE
Service: Modem

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems SSL VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems SSL VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CSVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 20:04:03 280 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 10:49:59 0 d-------- C:\Program Files\ZonedOut
2008-08-03 10:48:05 0 d-------- C:\Program Files\ie-spyad_zo
2008-08-03 10:40:42 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 10:40:30 0 d-------- C:\Program Files\SpywareBlaster
2008-07-30 22:30:12 0 d-------- C:\Program Files\Common
2008-07-16 07:13:58 0 d-------- C:\Documents and Settings\Matt\Application Data\WinRAR
2008-07-04 1039 0 d-------- C:\Program Files\DivX


-- Find3M Report ---------------------------------------------------------------

2008-07-19 10:14:42 0 d-------- C:\Documents and Settings\Matt\Application Data\U3
2008-07-17 15:35:13 0 d-------- C:\Program Files\Java
2008-06-18 21:43:24 7192 --a------ C:\WINDOWS\system32\iehlpr32.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
07/30/2008 10:30 PM 278540 --a------ C:\Program Files\Common\helper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 06:59 AM C:\WINDOWS\BCMSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 05:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/22/2003 05:15 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/06/2003 02:04 AM]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 02:01 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 04:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [04/29/2003 11:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [1/20/2007 7:28:28 PM]
Wireless-G Notebook Adapter with SpeedBooster Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe [2/7/2007 8:20:36 PM]




-- End of Deckard's System Scanner: finished at 2008-08-03 11:03:42 ------------
Attached Files
File Type: txt extra.txt (22.6 KB, 1 views)
mpkthecpa is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here