Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pop-ups of ib.adnxs.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pop-ups of ib.adnxs.com

Unread postby sunbinglo12 » October 1st, 2012, 5:41 am

Hello. I have encountered pop-ups of ib.adnxs.com when using firefox for a few days and the problem is still not solved after performing a complete scan by Malwarebytes. The list below is the logs generated by DDS. Many thanks for help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Ho at 17:32:44 on 2012-10-01
Microsoft Windows 7 Ultimate 6.1.7601.1.936.86.3076.18.3582.2214 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\EPSON\MyEpson Portal\mepService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\vmnetdhcp.exe
D:\Program Files\VMware Player\vmware-authd.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.hk/
uWindow Title = Windows Internet Explorer
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\programs\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: 捃濘狟婥盓厥: {889d2feb-5411-4565-8998-1dd2c5261283} - d:\thunder network\bho\XunleiBHO7.1.4.2104.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - ZoneAlarm Security Engine Registrar
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - e:\program files\flashget\fgiebar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [EPSON ME 570 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihac.exe /fu "c:\users\ho\appdata\local\temp\E_SA2BC.tmp" /EF "HKCU"
uRun: [Epson ME OFFICE 570(網路)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihac.exe /fu "c:\users\ho\appdata\local\temp\E_S3EBC.tmp" /EF "HKCU"
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - e:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - e:\program files\flashget\jc_link.htm
IE: &使用115优蛋下载 - c:\users\ho\appdata\roaming\115\udown\getUrl.htm
IE: &使用115优蛋下载全部链接 - c:\users\ho\appdata\roaming\115\udown\getAllUrl.htm
IE: 使用电驴下载
IE: 使用迅雷下载 - d:\thunder network\bho\geturl.htm
IE: 使用迅雷下载全部链接 - d:\thunder network\bho\GetAllUrl.htm
IE: 匯出至 Microsoft Excel(&X) - e:\programs\office12\EXCEL.EXE/3000
IE: 添加为阿里旺旺表情 - d:\阿里旺旺\7.00.15c\AddNewEmotion.htm
IE: 透過Mipony下載 - file://g:\temp1\mipony\browser\IEContext.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\programs\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\programs\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: taobao.com
Trusted Zone: webscache.com
DPF: HighSpeedDownloadIE - hxxp://st1.dbank.com/netdisk/plugin/DBa ... plugin.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - hxxp://p3p.sogou.com/new_MMCShell.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} - hxxps://download.alipay.com/aliedit/ali ... liedit.cab
DPF: {3C284567-929B-4ED8-A155-A42D00746B25} - hxxp://imgs.zhangmen.baidu.com/p2pplugi ... icCtrl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2 ... .2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cntv.cn/ieocx/CCTVUpdateInstall.dll
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-4445535400AC} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplit ... nsetup.cab
TCP: DhcpNameServer = 192.168.1.1 203.185.0.34
TCP: Interfaces\{5C11A8E5-DC62-4385-908B-180FB04E3898} : DhcpNameServer = 192.168.1.1 203.185.0.34
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\programs\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\programs\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ho\appdata\roaming\mozilla\firefox\profiles\1u63qjw0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.hk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111015 ... 0ca819d&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.37\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(146).dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\program files\windows media player\np-mswmp.dll
FF - plugin: c:\users\ho\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\ho\appdata\roaming\alipay\cf\npalicdo.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npaliedit\1.3.0.6\npaliedit.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: d:\闃块噷鏃烘椇\7.00.15c\npwangwang.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwangwang.dll
FF - plugin: e:\programs\real alternative\browser\plugins\nppl3260.dll
FF - plugin: e:\programs\real alternative\browser\plugins\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 6cb15ffc00000000000020cf30ca819d
FF - user.js: extensions.BabylonToolbar_i.hardId - 6cb15ffc00000000000020cf30ca819d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15456
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:31:14
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-8-13 89728]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/18 19:19:06];e:\program files\cyberlink\powerdvd10\powerdvd10\navfilter\000.fcl [2010-11-17 87536]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-28 217600]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MyEpson Portal Service;MyEpson Portal Service;c:\program files\epson\myepson portal\mepService.exe [2011-11-28 703584]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-2-4 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-2-4 451960]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-7-28 8758784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-7-28 296448]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-29 232512]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-1-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-1-22 139648]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-18 167936]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-18 1086976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;"c:\program files\checkpoint\zaforcefield\iswsvc.exe" --> c:\program files\checkpoint\zaforcefield\IswSvc.exe [?]
S2 XLDoctor Services;XLDoctor Services;d:\thunder network\program\dctser.exe --> d:\thunder network\program\DctSer.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-29 80824]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-31 15872]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-29 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-5-5 52224]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-2-4 10752]
S3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-18 1343400]
S3 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost -k doctorservice --> c:\windows\system32\svchost -k DoctorService [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-10-01 07:56:08 -------- d-----w- c:\users\ho\appdata\roaming\Malwarebytes
2012-10-01 07:55:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-01 07:55:58 -------- d-----w- c:\programdata\Malwarebytes
2012-09-30 17:57:40 -------- d-----w- c:\users\ho\appdata\roaming\LavasoftStatistics
2012-09-30 17:57:22 -------- d-----w- c:\users\ho\appdata\roaming\Ad-Aware Antivirus
2012-09-26 14:25:38 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 13:33:56 -------- d-----w- c:\windows\ko-KR
2012-09-26 13:33:52 -------- d-----w- c:\windows\system32\drivers\umdf\ko-KR
2012-09-26 13:33:52 -------- d-----w- c:\windows\system32\drivers\ko-KR
2012-09-26 13:33:31 -------- d-----w- c:\windows\system32\ko
2012-09-26 13:33:25 -------- d-----w- c:\windows\system32\wbem\ko-KR
2012-09-26 13:33:02 -------- d-----w- c:\windows\fr-FR
2012-09-26 13:32:31 -------- d-----w- c:\windows\system32\040C
2012-09-26 13:32:30 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2012-09-26 13:32:30 -------- d-----w- c:\windows\system32\drivers\fr-FR
2012-09-26 13:32:29 -------- d-----w- c:\windows\system32\fr
2012-09-26 13:32:17 -------- d-----w- c:\windows\system32\wbem\fr-FR
2012-09-26 04:01:54 2594632 ----a-r- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2012-09-26 02:36:58 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ko-kr\LXKPTPRC.DLL.mui
2012-09-26 02:36:46 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkor.dll
2012-09-26 02:36:46 13579776 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkorr.dll
2012-09-26 02:19:40 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\fr-fr\LXKPTPRC.DLL.mui
2012-09-26 02:10:51 41984 ----a-w- c:\windows\system32\browcli.dll
2012-09-26 02:10:51 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-26 02:10:49 769024 ----a-w- c:\windows\system32\localspl.dll
2012-09-08 15:01:07 -------- d-----w- c:\program files\OpenApp
2012-09-07 16:02:32 -------- d-----w- c:\users\ho\appdata\local\Tudou
2012-09-07 16:02:32 -------- d-----w- c:\users\ho\appdata\local\iTudou_V3
2012-09-07 16:02:25 -------- d-----w- c:\program files\Tudou
.
==================== Find3M ====================
.
2012-09-30 10:39:32 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 10:39:32 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-28 04:09:16 5538984 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-28 04:06:48 8758784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43:04 58880 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50:10 20546560 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-28 02:10:40 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10:10 469504 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09:30 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08:12 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-28 02:08:02 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-28 01:35:08 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-28 01:35:00 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-28 01:32:32 4751872 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- c:\windows\system32\aticaldd.dll
2012-07-28 01:15:20 368640 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15:08 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:14:56 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-28 01:14:22 296448 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13:48 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-28 01:13:32 83456 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08:36 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 16:37:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-09 16:37:00 161792 ----a-w- c:\windows\system32\msls31.dll
2012-07-04 19:45:31 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
.
============= FINISH: 17:33:12.09 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 18/12/2010 0:15:55
System Uptime: 1/10/2012 17:05:47 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D-E LX
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz | LGA1156 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 47.962 GiB free.
D: is FIXED (NTFS) - 391 GiB total, 82.166 GiB free.
E: is FIXED (NTFS) - 342 GiB total, 60.587 GiB free.
F: is FIXED (NTFS) - 59 GiB total, 58.495 GiB free.
G: is FIXED (NTFS) - 43 GiB total, 36.682 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ZoneAlarm Toolbar ISWKL
Device ID: ROOT\LEGACY_ISWKL\0000
Manufacturer:
Name: ZoneAlarm Toolbar ISWKL
PNP Device ID: ROOT\LEGACY_ISWKL\0000
Service: ISWKL
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: prvdisk
Device ID: ROOT\LEGACY_PRVDISK\0000
Manufacturer:
Name: prvdisk
PNP Device ID: ROOT\LEGACY_PRVDISK\0000
Service: prvdisk
.
==== System Restore Points ===================
.
RP233: 26/9/2012 4:53:37 - 排定的檢查點
RP234: 26/9/2012 10:17:07 - Windows Update
RP235: 26/9/2012 12:04:03 - Windows Update
RP236: 26/9/2012 21:45:35 - Windows Update
RP237: 26/9/2012 21:52:08 - Windows Update
RP238: 26/9/2012 22:25:44 - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 9.0 Sprint
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Chinese Traditional
Adobe Shockwave Player 11.6
AMD Catalyst Install Manager
ArcSoft TotalMedia Theatre 3
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
AVG 2011
AVG 2012
Bamboo
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCTV Player Uninstall
Chinese Simplified Fonts Support For Adobe Reader X
Core Temp version 0.99.8
CutePDF Writer 2.7
CyberLink PowerDVD 10
DAEMON Tools Pro
DirectVobSub (remove only)
Epson Easy Photo Print 2
Epson Event Manager
EPSON ME 570 Series Printer Uninstall
EPSON Scan
EpsonNet Print
ffdshow v1.1.3721 [2011-01-07]
FileZilla Client 3.5.3
FlashGet 1.81
Google Chrome
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Update
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 7 Update 4
JMicron JMB36X Driver
Logitech SetPoint
Malwarebytes Anti-Malware 版本 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Choice Guard
Microsoft Office Access Developer Extensions (Chinese (Simplified)) 2007
Microsoft Office Access Developer Extensions (Chinese (Traditional)) 2007
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Access Runtime (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 設計工具繁體中文
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - cht
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WSE 3.0 Runtime
MiPony 1.6.3
Mozilla Firefox (3.6.24)
Mozilla Firefox 11.0 (x86 zh-TW)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MyEpson Portal
NEC Electronics USB 3.0 Host Controller Driver
Nero 8 Lite
Platform
Real Alternative 2.0.2
Realtek 8136 8168 8169 Ethernet Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Share EX2 Multilanguage Edition
SQL Server System CLR Types
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
VC 9.0 Runtime
VIA 平台裝置管理員
VmciSockets
VMware Player
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Messenger
WinRAR archiver
ZoneAlarm
μTorrent
支付宝安全插件 1.3.0.6
支付宝数字证书组件 2.0.0.1
迅雷7
阿里旺旺2011正式版SP2
進階使用說明 EPSON ME 570 Series
網路使用說明 EPSON ME 570 Series
模擬市民3
模擬市民3 夜店人生
.
==== Event Viewer Messages From Past Week ========
.
26/9/2012 22:31:05, Error: Service Control Manager [7034] - The 主动防御 service terminated unexpectedly. It has done this 1 time(s).
26/9/2012 21:37:01, Error: Service Control Manager [7023] - The XLDoctor Service service terminated with the following error: The specified module could not be found.
26/9/2012 21:30:13, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: Access is denied.
26/9/2012 17:09:21, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
26/9/2012 12:20:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: KB2744842:Windows 安全性更新.
26/9/2012 12:03:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
26/9/2012 12:03:37, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2012 17:06:34, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prvdisk
1/10/2012 17:06:24, Error: Service Control Manager [7000] - The XLDoctor Services service failed to start due to the following error: The system cannot find the file specified.
1/10/2012 17:06:20, Error: Service Control Manager [7001] - The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar ISWKL service which failed to start because of the following error: The system cannot find the file specified.
1/10/2012 17:06:20, Error: Service Control Manager [7000] - The ZoneAlarm Toolbar ISWKL service failed to start due to the following error: The system cannot find the file specified.
1/10/2012 17:06:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x00000074, 0xac667bd4, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100112-23899-01.
.
==== End Of File ===========================
sunbinglo12
Active Member
 
Posts: 1
Joined: October 1st, 2012, 5:28 am
Advertisement
Register to Remove

Re: Pop-ups of ib.adnxs.com

Unread postby askey127 » October 2nd, 2012, 8:07 am

Since you have Microsoft Office Enterprise and AutoCad installed, we must conclude this computer is used for Business.
(Office Enterprise is licensed to businesses only).

Please see our policy here: http://malwareremoval.com/forum/viewtop ... 09#p531109

Sorry we will not be able to provide help.
This thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware