Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pop ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pop ups

Unread postby lmtis » October 27th, 2013, 10:08 am

I normally use Firefox as my browser. Lately I have been getting tons of pop up ads. Also the PC will freeze for minutes at a time.

I hope this gives you some useful info.

Jim



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19475
Run by Pete at 8:57:35 on 2013-10-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.154 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Users\Browser\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT32896 ... ADD136658D
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInt0.dll
mURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInt0.dll
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInt0.dll
BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\browser\appdata\local\toparcadehits\Toparcadehits.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInt0.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SearchProtect] c:\users\pete\appdata\roaming\searchprotect\bin\cltmng.exe
uRunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Skytel] Skytel.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 172.16.0.1 192.168.1.1
TCP: Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{70241AD0-90E2-4701-BE08-5ABF1B02DC92} : DHCPNameServer = 172.16.0.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - InternetHelper3.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT32896 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 90&UM=2&q=
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\plugins\np-mswmp.dll
FF - plugin: c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\extensions\{e4c3a8b6-7724-45d1-a629-17b69118ebcd}\plugins\np-mswmp.dll
FF - plugin: c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\extensions\{e4c3a8b6-7724-45d1-a629-17b69118ebcd}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: 2013-09-05 07:37; addon@defaulttab.com; c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-09-28 00:34; firefox@luckyleap.net; c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\extensions\firefox@luckyleap.net.xpi
FF - ExtSQL: 2013-09-28 11:22; {7e8a1050-cf67-4575-92df-dcc60e7d952d}; c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
FF - ExtSQL: 2013-09-28 12:44; {906000a4-88d9-4d52-b209-7a772970d91f}; c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
FF - ExtSQL: !HIDDEN! 2009-09-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-06-30 14:48; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-10-20 17:58:47 -------- d-----w- C:\SearchProtect
2013-10-09 22:49:00 21527448 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-10-09 22:49:00 107416 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-10-08 23:37:12 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-10-08 23:35:49 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-02 01:39:22 -------- d-----w- c:\program files\SearchProtect
2013-10-02 01:36:19 -------- d-----w- c:\program files\Conduit
2013-10-02 01:36:16 -------- d-----w- c:\programdata\Conduit
2013-10-02 01:36:15 -------- d-----w- c:\users\pete\appdata\local\Conduit
2013-10-02 01:36:15 -------- d-----w- c:\program files\InternetHelper3.1
2013-10-02 01:35:59 -------- d-----w- c:\users\pete\appdata\roaming\SearchProtect
2013-10-02 01:35:05 -------- d-----w- c:\program files\ZipDownloader
2013-10-02 01:14:26 -------- d-----w- C:\AdwCleaner
2013-09-28 16:47:11 -------- d-----w- c:\program files\LSoft Technologies
.
==================== Find3M ====================
.
2013-10-08 20:15:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 20:15:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 12:57:49 916992 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 12:51:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 12:51:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 12:51:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-23 12:51:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-09-23 12:49:22 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 11:14:03 385024 ----a-w- c:\windows\system32\html.iec
2013-09-23 09:29:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-23 09:27:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-01 03:16:32 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-08-01 02:49:15 37376 ----a-w- c:\windows\system32\cdd.dll
.
============= FINISH: 9:05:41.71 ===============
lmtis
Member+
 
Posts: 34
Joined: January 14th, 2010, 11:43 pm
Advertisement
Register to Remove

Re: Pop ups

Unread postby deltalima » October 27th, 2013, 4:34 pm

checking your post - back later.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Pop ups

Unread postby deltalima » October 28th, 2013, 3:59 pm

This is not the first time you have posted for help on our forum.
Your topic is being closed for one (or more) of the following reasons:

  • Repeated use of P2P software, despite warnings of their use and requests for removal.
  • Repeated use of cracked, illegal or pirated software.
  • Use of outdated or unpatched versions of Windows, after previously agreeing to update as a condition for receiving help on our forum.
  • Returning for help with no Anti-virus software installed, despite being advised to install.
  • Continued practice of unsafe surfing.
  • Posting for help for many different computers, repair tech.
  • Continuing to post in multiple malware removal forums, for the same computer issue.
  • Repeatedly failing to reply to your topic within the necessary time frames.
  • Repeatedly posting without the required information.

This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware