Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Problem with unwanted ads
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 04-12-2009, 11:18 AM   #1 (permalink)
Registered User
 
Join Date: Dec 2004
Location: Edinburgh, UK
Posts: 32
OS: XP


Problem with unwanted ads
In the last couple of days, I have started to receive unwanted ads which appear in a new Firefox window (not the one I am browsing). They are mostly for betting sites and for McAffe virus software.

I would be grateful for any help you can give me to get rid of these.

Here is the text from the dds file:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Robin at 16:28:37.25 on 12/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.296 [GMT 1:00]

AV: F-PROT Antivirus for Windows *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\cahoot webcard\CahootWebcard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\robin\local settings\application data\oyqcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Robin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWindow Title = Tiscali Internet Access
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = webcache.blueyonder.co.uk:8080
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: OrbiscomROTBho2 Class: {d81ab57b-7327-4347-b7c7-9ef7ca87ce09} - c:\windows\system32\SlimBho2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [Power2GoExpress]
uRun: [PowerBar]
uRun: [LDM] \Program\BackWeb-8876480.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [oyqcc] "c:\documents and settings\robin\local settings\application data\oyqcc.exe" oyqcc
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [CARPService] carpserv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus1.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CahootWebcard] c:\program files\cahoot webcard\CahootWebcard.exe /dontopenmycards
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [OTB_util] c:\program files\otb_util\OTB_util.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\robin\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\robin\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Subscribe in NewzCrawler - file://c:\program files\newzcrawler\context.htm
IE: {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - c:\program files\newzcrawler\News.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} - hxxp://makeover.ivillage.co.uk/save/makeover.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - hxxp://update.videoegg.com/wintel/VideoEggPublisher.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155911288296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robin\applic~1\mozilla\firefox\profiles\5c0g68v5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.ftp - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\skyhook wireless\loki browser plugin\nploki.dll
FF - plugin: c:\program files\videoegg\loader\2364\npvideoegg-loader.dll

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2007-10-30 592224]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-11 64160]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-2-19 2944]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-4-12 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-12 394952]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2008-4-21 45960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2005-6-11 14095]
S2 gupdate1c9a4a196a17b68;Google Update Service (gupdate1c9a4a196a17b68);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]
S3 cpuz;cpuz;\??\e:\cpuz.sys --> e:\cpuz.sys [?]
S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows\system32\drivers\w900bus.sys --> c:\windows\system32\drivers\w900bus.sys [?]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;c:\windows\system32\drivers\w900mdfl.sys --> c:\windows\system32\drivers\w900mdfl.sys [?]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;c:\windows\system32\drivers\w900mdm.sys --> c:\windows\system32\drivers\w900mdm.sys [?]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;c:\windows\system32\drivers\w900mgmt.sys --> c:\windows\system32\drivers\w900mgmt.sys [?]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w900obex.sys --> c:\windows\system32\drivers\w900obex.sys [?]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-21 89749]

=============== Created Last 30 ================

2009-04-12 09:32 159,776 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-12 09:32 2,516 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-12 09:30 <DIR> --d----- c:\program files\ZoneAlarmSB
2009-04-12 09:28 <DIR> --d----- c:\program files\Zone Labs
2009-04-11 20:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-11 18:57 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-11 18:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-10 11:18 <DIR> --d----- c:\docume~1\robin\applic~1\OTB_util
2009-04-09 14:34 <DIR> --d----- c:\program files\Juice
2009-04-07 18:06 <DIR> --d----- c:\program files\TrackMaker
2009-03-29 18:57 <DIR> --d----- c:\program files\EasyGPS
2009-03-28 16:44 <DIR> --d----- c:\program files\Skyhook Wireless
2009-03-21 15:20 <DIR> --d----- c:\docume~1\robin\applic~1\GPS Utility
2009-03-21 15:19 <DIR> --d----- c:\program files\GPS Utility

==================== Find3M ====================

2009-04-12 15:48 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-04-12 09:30 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-04-02 20:42 1,132 -------- c:\docume~1\robin\applic~1\wklnhst.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-09-16 10:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat

============= FINISH: 16:29:46.15 ===============

and I have attached the zipped file with the attach and ark files. Thank you.
Attached Files
File Type: zip ark.zip (4.4 KB, 3 views)
RobCarr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-16-2009, 12:12 AM   #2 (permalink)
Registered User
 
Join Date: Dec 2004
Location: Edinburgh, UK
Posts: 32
OS: XP


Re: Problem with unwanted ads
BUMP, please.
RobCarr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-18-2009, 05:49 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Problem with unwanted ads
Hello RobCarr,

Please move dds.scr to your desktop, then run another scan with dds.scr as such:

Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

"%userprofile%\desktop\dds.scr" /ihatewhitelists

Post the dds.txt in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-21-2009, 02:06 AM   #4 (permalink)
Registered User
 
Join Date: Dec 2004
Location: Edinburgh, UK
Posts: 32
OS: XP


Re: Problem with unwanted ads
OK, thanks. Here's the dds text file..


DDS (Ver_09-03-16.01) - NTFSx86
Run by Robin at 9:02:28.56 on 21/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.268 [GMT 1:00]

AV: F-PROT Antivirus for Windows *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\cahoot webcard\CahootWebcard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\robin\local settings\application data\oyqcc.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Robin\desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWindow Title = Tiscali Internet Access
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = webcache.blueyonder.co.uk:8080
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: OrbiscomROTBho2 Class: {d81ab57b-7327-4347-b7c7-9ef7ca87ce09} - c:\windows\system32\SlimBho2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [Power2GoExpress]
uRun: [PowerBar]
uRun: [LDM] \Program\BackWeb-8876480.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [oyqcc] "c:\documents and settings\robin\local settings\application data\oyqcc.exe" oyqcc
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [CARPService] carpserv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus1.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CahootWebcard] c:\program files\cahoot webcard\CahootWebcard.exe /dontopenmycards
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [OTB_util] c:\program files\otb_util\OTB_util.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\robin\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\robin\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Subscribe in NewzCrawler - file://c:\program files\newzcrawler\context.htm
IE: {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - c:\program files\newzcrawler\News.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} - hxxp://makeover.ivillage.co.uk/save/makeover.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - hxxp://update.videoegg.com/wintel/VideoEggPublisher.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155911288296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robin\applic~1\mozilla\firefox\profiles\5c0g68v5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.ftp - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\skyhook wireless\loki browser plugin\nploki.dll
FF - plugin: c:\program files\videoegg\loader\2364\npvideoegg-loader.dll

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2007-10-30 592224]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-11 64160]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-2-19 2944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-12 353672]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2008-4-21 45960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2005-6-11 14095]
S2 gupdate1c9a4a196a17b68;Google Update Service (gupdate1c9a4a196a17b68);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]
S3 cpuz;cpuz;\??\e:\cpuz.sys --> e:\cpuz.sys [?]
S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows\system32\drivers\w900bus.sys --> c:\windows\system32\drivers\w900bus.sys [?]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;c:\windows\system32\drivers\w900mdfl.sys --> c:\windows\system32\drivers\w900mdfl.sys [?]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;c:\windows\system32\drivers\w900mdm.sys --> c:\windows\system32\drivers\w900mdm.sys [?]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;c:\windows\system32\drivers\w900mgmt.sys --> c:\windows\system32\drivers\w900mgmt.sys [?]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w900obex.sys --> c:\windows\system32\drivers\w900obex.sys [?]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-21 89749]

=============== Created Last 30 ================

2009-04-16 18:07 <DIR> --d----- c:\program files\AskBarDis
2009-04-16 18:06 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-04-15 11:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Memory-Map-License
2009-04-15 11:38 <DIR> --d----- c:\program files\Memory-Map
2009-04-15 11:38 597 a------- c:\windows\{55E24696-B7D5-498B-8F6A-DF2161859303}_WiseFW.ini
2009-04-15 11:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-15 08:15 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:15 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:15 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 08:15 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:15 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:15 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:15 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:15 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:15 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:14 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 08:14 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 08:14 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-12 09:30 <DIR> --d----- c:\program files\ZoneAlarmSB
2009-04-12 09:28 75,248 a------- c:\windows\zllsputility.exe
2009-04-12 09:28 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-04-12 09:28 <DIR> --d----- c:\program files\Zone Labs
2009-04-12 09:28 350,191 a------- c:\windows\system32\vsconfig.xml
2009-04-11 20:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-11 18:57 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-11 18:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-10 11:18 <DIR> --d----- c:\docume~1\robin\applic~1\OTB_util
2009-04-09 14:34 <DIR> --d----- c:\program files\Juice
2009-04-07 18:06 <DIR> --d----- c:\program files\TrackMaker
2009-03-29 18:57 <DIR> --d----- c:\program files\EasyGPS
2009-03-28 16:44 <DIR> --d----- c:\program files\Skyhook Wireless

==================== Find3M ====================

2009-04-16 18:06 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-12 15:48 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-04-02 20:42 1,132 -------- c:\docume~1\robin\applic~1\wklnhst.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll
2008-09-16 10:44 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat

============= FINISH: 9:03:20.15 ===============
RobCarr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-21-2009, 09:42 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Problem with unwanted ads
Thanks RobCarr,


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review, along with an update on system behavior.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-22-2009, 11:13 AM   #6 (permalink)
Registered User
 
Join Date: Dec 2004
Location: Edinburgh, UK
Posts: 32
OS: XP


Re: Problem with unwanted ads
Hi again,

I have downloaded ComboFix. Just a couple of questions before I start, though.

I run FProt antivirus software. I closed this down prior to running ComboFix, but got a message up saying that it was still being detected and could affect the results. Any thoughts?

Also, I received a warning message from ComboFix saying that I shouldn't use it in an unsupervised environment as it would automatically removes malware and this could have an adverse effect on my computer.

Anyway, I cancelled out at that point to check with you first.

Thanks.
RobCarr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-22-2009, 02:32 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Problem with unwanted ads
Hi RobCarr,

Some sort of active protection is still enabled in F-Prot if you're getting that message. Have you tried the steps listed at F-Prot? If so, then please forge ahead and run ComboFix anyway.

As far as the Disclaimer - 'I' am your supervised environment.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-27-2009, 11:36 AM   #8 (permalink)
Registered User
 
Join Date: Dec 2004
Location: Edinburgh, UK
Posts: 32
OS: XP


Re: Problem with unwanted ads
Hi Ried,

Sorry for delat replying - I've been out of time. I'm attaching the ComboFix log. So far, no repeat of unwanted ads, but since they're unpredictable, it's a bit too early to tell for sure.

Thanks for your continued help and support. I really appreciate it.

Rob


ComboFix 09-04-27.02 - Robin 27/04/2009 18:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.579 [GMT 1:00]
Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robin\Local Settings\Application Data\ikaksgo.dat
c:\documents and settings\Robin\Local Settings\Application Data\ikaksgo.exe
c:\documents and settings\Robin\Local Settings\Application Data\ikaksgo_nav.dat
c:\documents and settings\Robin\Local Settings\Application Data\ikaksgo_navps.dat

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-16 17:07 . 2009-04-16 17:07 -------- d-----w c:\program files\AskBarDis
2009-04-16 17:06 . 2009-02-15 23:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-04-15 10:39 . 2009-04-15 10:39 -------- d-----w c:\documents and settings\All Users\Application Data\Memory-Map-License
2009-04-15 10:39 . 2009-04-15 11:01 -------- d-----w c:\documents and settings\Robin\Local Settings\Application Data\Memory-Map-License
2009-04-15 10:38 . 2009-04-15 10:38 -------- d-----w c:\program files\Memory-Map
2009-04-15 10:37 . 2009-04-15 10:37 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-15 07:15 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 07:15 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 07:15 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 07:15 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 07:15 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 07:15 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 07:15 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 07:15 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 07:15 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 07:14 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 07:14 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 17:41 . 2009-04-13 17:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-12 08:30 . 2009-04-12 08:30 -------- d-----w c:\program files\ZoneAlarmSB
2009-04-12 08:28 . 2008-07-09 08:05 75248 ----a-w c:\windows\zllsputility.exe
2009-04-12 08:28 . 2009-04-16 17:08 -------- d-----w c:\windows\system32\ZoneLabs
2009-04-12 08:28 . 2009-04-12 08:28 -------- d-----w c:\program files\Zone Labs
2009-04-11 19:03 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-11 17:57 . 2009-04-25 17:57 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-11 17:56 . 2009-04-11 17:56 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-11 17:56 . 2009-04-11 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-10 10:18 . 2009-04-10 10:18 -------- d-----w c:\documents and settings\Robin\Application Data\OTB_util
2009-04-09 13:34 . 2009-04-09 13:36 -------- d-----w c:\program files\Juice
2009-04-07 17:06 . 2009-04-07 17:10 -------- d-----w c:\program files\TrackMaker
2009-04-07 17:05 . 2009-04-07 17:05 -------- d-----w c:\documents and settings\Robin\Local Settings\Application Data\Downloaded Installations
2009-03-29 17:57 . 2009-03-29 17:57 -------- d-----w c:\documents and settings\Robin\Local Settings\Application Data\TopoGrafix
2009-03-29 17:57 . 2009-03-29 17:57 -------- d-----w c:\program files\EasyGPS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 17:06 . 2005-05-16 13:51 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-12 14:48 . 2008-05-03 07:47 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-04-11 17:56 . 2005-05-27 18:23 -------- d-----w c:\program files\Lavasoft
2009-04-11 17:12 . 2005-05-27 18:18 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-11 17:11 . 2005-05-27 18:34 -------- d-----w c:\program files\SpywareGuard
2009-04-09 13:35 . 2005-07-25 19:03 -------- d-----w c:\program files\iPodder
2009-04-02 19:42 . 2005-05-27 16:49 1132 ------w c:\documents and settings\Robin\Application Data\wklnhst.dat
2009-04-01 19:59 . 2004-08-21 15:25 -------- d-----w c:\program files\Java
2009-03-28 15:44 . 2009-03-28 15:44 -------- d-----w c:\program files\Skyhook Wireless
2009-03-21 14:19 . 2009-03-21 14:19 -------- d-----w c:\program files\GPS Utility
2009-03-14 12:38 . 2005-08-21 08:16 -------- d-----w c:\program files\Google
2009-03-09 04:19 . 2008-12-13 10:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-21 22:40 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-21 22:40 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-21 22:40 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-21 22:40 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-21 22:40 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-21 22:40 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-21 22:40 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-08-21 22:40 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-21 22:40 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-21 22:40 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-21 22:40 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-21 22:40 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2005-01-14 110744]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="c:\program files\CyberLink\PowerBackup\PBKScheduler.exe" [2004-06-08 69721]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-13 180269]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus1.exe" [2006-04-16 190024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"CahootWebcard"="c:\program files\cahoot webcard\CahootWebcard.exe" [2001-12-19 159744]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"F-PROT Antivirus Tray application"="c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-25 516440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Ptipbmf"="ptipbmf.dll" - c:\windows\system32\ptipbmf.dll [2003-06-20 118784]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-01-08 4608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-02-24 1495040]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-02-23 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]

c:\documents and settings\Robin\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-9-9 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-9-20 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\TrackMaker\\trackmaker.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\mm3d.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\MMNav.exe"=
"c:\\Program Files\\Memory-Map\\OS-5\\showmmcrypt.exe"=

R2 gupdate1c9a4a196a17b68;Google Update Service (gupdate1c9a4a196a17b68);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
R3 cpuz;cpuz; [x]
R3 w900bus;Sony Ericsson 900i driver (WDM); [x]
R3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter; [x]
R3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers; [x]
R3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers; [x]
R3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers; [x]
R4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2003-05-09 89749]
S0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2008-03-28 592224]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160]
S1 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2008-02-19 2944]
S2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2008-04-21 45960]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-25 953168]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2004-03-03 14095]

.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:57]

2009-04-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-23 18:51]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 12:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LDM - \Program\BackWeb-8876480.exe
HKCU-Run-ikaksgo - c:\documents and settings\robin\local settings\application data\ikaksgo.exe
HKCU-Run-Power2GoExpress - (no file)
HKCU-Run-PowerBar - (no file)
HKLM-Run-OTB_util - c:\program files\OTB_util\OTB_util.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mWindow Title = Tiscali Internet Access
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = webcache.blueyonder.co.uk:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Subscribe in NewzCrawler - file://c:\program files\NewzCrawler\context.htm
IE: **{CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - c:\program files\NewzCrawler\News.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Robin\Application Data\Mozilla\Firefox\Profiles\5c0g68v5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.ftp - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.blueyonder.co.uk
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll
FF - plugin: c:\program files\VideoEgg\Loader\2364\npvideoegg-loader.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 18:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????<???D??sh??????w????h???Z??w(???*??w??@?|?@???g???????????????????????????2????????????????????w????g??w0??w????*??w???w????D??s???????????w????|?@????????w??????@?x?g?????????|?@?|?@????????w??????@?????|?@?H?@?|?@?3??s????????????????????H?@?_??sH?@?H?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-27 18:27
ComboFix-quarantined-files.txt 2009-04-27 17:27
ComboFix2.txt 2008-04-04 10:57

Pre-Run: 199,648,755,712 bytes free
Post-Run: 200,410,497,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

248 --- E O F --- 2009-04-15 12:23
Attached Files
File Type: txt ComboFix.txt (17.2 KB, 2 views)
Last edited by Ried; 04-27-2009 at 08:39 PM.
RobCarr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-27-2009, 08:45 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Problem with unwanted ads
Hi Rob,

ComboFix removed the main culprit. It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-29-2009, 06:32 AM   #10 (permalink)
Registered User
 
Join Date: Dec 2004
Location: Edinburgh, UK
Posts: 32
OS: XP


Re: Problem with unwanted ads
Hi again, Ried. Here's the report.

Cheers,

Rob
Attached Files
File Type: txt kaspersky.txt (1.5 KB, 2 views)
RobCarr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-29-2009, 06:34 AM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Problem with unwanted ads
Glad to hear that Rob.

Please empty your Outlook Express Deleted Items folder. To do so:
  • Open Outlook Express
  • Right click on Deleted Items
  • Select 'Empty Deleted Items folder'.
  • Click 'Yes' at the next popup box to succesfully empty the Deleted Items folder.

=================================

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.



To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-29-2009, 07:50 AM   #12 (permalink)
Registered User
 
Join Date: Dec 2004
Location: Edinburgh, UK
Posts: 32
OS: XP


Re: Problem with unwanted ads
Hi Ried,

That's brilliant! Thank you so much for your help. Everything seems to be resolved. I am very grateful.

Rob
RobCarr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-29-2009, 03:37 PM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: Problem with unwanted ads
You're welcome, Rob. Take care.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:53 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85