Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

internet explorer has period popups and associated audio

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

internet explorer has period popups and associated audio

Unread postby nuworldman » January 4th, 2012, 11:51 pm

description: for the past week, my xp machine has been firing off a series of popup windows via internet explorer. they will appear in a group of 10-15 and then be closed after several minutes. the "congratulations, you've won" audio seems to be the main theme of the popups. i have removed internet explorer 8 in an attempt to alleviate, however, the gift keeps giving. I have not noticed any error messages.

logs as directed:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Run by nwa at 10:37:30 on 2012-01-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.788 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Xobni\XobniService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\nwa\LOCALS~1\Temp\ncdgdnx\svchost.exe --kk
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\KGE12Y~1.COM
C:\WINDOWS\system32\kge12YFvM.com
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\KGE12Y~1.COM
c:\program files\real\realplayer\RealPlay.exe
C:\Documents and Settings\nwa\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\nwa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [DevconDefaultDB] c:\windows\READREG /PSCONV={NO}
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [mslivemsn] c:\docume~1\nwa\locals~1\temp\ncdgdnx\svchost.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: mdhcp32 - mdhcp32.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nwa\application data\mozilla\firefox\profiles\0365egoz.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\nwa\application data\mozilla\firefox\profiles\0365egoz.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\nwa\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\nwa\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-10-7 2002728]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2280312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-6-30 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-01-04 15:34:06 388096 ----a-r- c:\documents and settings\nwa\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-04 15:33:46 -------- d-----w- c:\program files\Trend Micro
2012-01-04 10:32:00 79872 ----a-w- c:\windows\system32\kge12YFvM.com
2011-12-29 07:09:22 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-12-27 15:25:16 -------- d-----w- c:\documents and settings\nwa\local settings\application data\PCHealth
2011-12-27 15:23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-26 05:05:06 296232 ----a-w- c:\windows\system32\shimg.dll
2011-12-26 05:05:03 50688 ----a-w- c:\windows\system32\mdhcp32.dll
2011-12-24 15:17:31 79872 ----a-w- c:\windows\system32\kge12YFvM.com_
2011-12-23 16:02:43 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-23 16:02:43 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-12-25 06:53:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k(2)(2).sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet(2)(2).dll
2011-11-04 19:20:51 2000384 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2011-11-04 19:20:51 1212416 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2011-11-04 19:20:51 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2011-11-04 19:20:50 11081728 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2011-11-01 20:35:20 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35:20 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32(2)(2).dll
2011-11-01 15:02:49 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv(2)(2).dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 10:40:51.59 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/26/2010 3:38:39 PM
System Uptime: 1/4/2012 3:22:16 AM (7 hours ago)
.
Motherboard: Hewlett-Packard | | 09F0h
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2791/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 1397 GiB total, 1132.943 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&EDE93E0&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&EDE93E0&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&EDE93E0&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&EDE93E0&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP382: 10/3/2011 8:37:14 AM - System Checkpoint
RP383: 10/4/2011 1:57:32 PM - System Checkpoint
RP384: 10/5/2011 2:28:08 PM - System Checkpoint
RP385: 10/8/2011 2:03:47 PM - System Checkpoint
RP386: 10/14/2011 1:15:23 AM - System Checkpoint
RP387: 10/14/2011 3:00:14 AM - Software Distribution Service 3.0
RP388: 10/15/2011 3:15:08 AM - System Checkpoint
RP389: 10/16/2011 4:39:08 AM - System Checkpoint
RP390: 10/25/2011 5:35:28 PM - System Checkpoint
RP391: 10/26/2011 7:53:04 PM - System Checkpoint
RP392: 10/27/2011 9:03:51 PM - System Checkpoint
RP393: 10/28/2011 10:41:05 PM - System Checkpoint
RP394: 10/29/2011 11:29:04 PM - System Checkpoint
RP395: 10/31/2011 12:29:04 AM - System Checkpoint
RP396: 11/1/2011 1:08:52 AM - System Checkpoint
RP397: 11/2/2011 2:28:33 AM - System Checkpoint
RP398: 11/3/2011 3:16:28 AM - System Checkpoint
RP399: 11/4/2011 5:16:29 AM - System Checkpoint
RP400: 11/5/2011 7:03:16 AM - System Checkpoint
RP401: 11/6/2011 6:52:29 AM - System Checkpoint
RP402: 11/7/2011 7:11:17 AM - System Checkpoint
RP403: 11/8/2011 8:55:16 AM - System Checkpoint
RP404: 11/8/2011 1:29:56 PM - Software Distribution Service 3.0
RP405: 11/9/2011 3:00:14 AM - Software Distribution Service 3.0
RP406: 11/10/2011 3:28:29 AM - System Checkpoint
RP407: 11/11/2011 3:00:14 AM - Software Distribution Service 3.0
RP408: 11/12/2011 3:20:16 AM - System Checkpoint
RP409: 11/13/2011 4:56:16 AM - System Checkpoint
RP410: 11/14/2011 6:40:42 AM - System Checkpoint
RP411: 11/15/2011 8:13:42 AM - System Checkpoint
RP412: 11/16/2011 8:20:16 AM - System Checkpoint
RP413: 11/17/2011 8:21:21 AM - System Checkpoint
RP414: 11/18/2011 10:19:47 AM - System Checkpoint
RP415: 11/19/2011 10:51:35 AM - System Checkpoint
RP416: 11/20/2011 6:25:56 PM - System Checkpoint
RP417: 11/21/2011 1:50:27 PM - Restore Operation
RP418: 11/22/2011 3:00:14 AM - Software Distribution Service 3.0
RP419: 11/23/2011 4:40:06 AM - System Checkpoint
RP420: 11/24/2011 4:50:18 AM - System Checkpoint
RP421: 11/25/2011 5:50:18 AM - System Checkpoint
RP422: 11/26/2011 6:38:18 AM - System Checkpoint
RP423: 11/27/2011 7:05:58 AM - System Checkpoint
RP424: 11/28/2011 8:02:00 AM - System Checkpoint
RP425: 11/29/2011 8:37:58 AM - System Checkpoint
RP426: 11/30/2011 10:01:58 AM - System Checkpoint
RP427: 12/1/2011 10:53:41 AM - System Checkpoint
RP428: 12/2/2011 11:47:52 AM - System Checkpoint
RP429: 12/3/2011 12:27:08 PM - System Checkpoint
RP430: 12/4/2011 1:30:06 PM - System Checkpoint
RP431: 12/5/2011 6:00:14 PM - System Checkpoint
RP432: 12/6/2011 6:19:09 PM - System Checkpoint
RP433: 12/7/2011 7:17:45 PM - System Checkpoint
RP434: 12/8/2011 7:36:44 PM - System Checkpoint
RP435: 12/9/2011 6:13:15 PM - Software Distribution Service 3.0
RP436: 12/10/2011 8:41:14 PM - System Checkpoint
RP437: 12/11/2011 9:40:19 PM - System Checkpoint
RP438: 12/12/2011 11:26:38 PM - System Checkpoint
RP439: 12/14/2011 12:27:38 AM - System Checkpoint
RP440: 12/14/2011 3:00:15 AM - Software Distribution Service 3.0
RP441: 12/15/2011 8:10:40 PM - System Checkpoint
RP442: 12/16/2011 10:19:07 PM - System Checkpoint
RP443: 12/17/2011 10:23:27 PM - System Checkpoint
RP444: 12/18/2011 10:39:06 PM - System Checkpoint
RP445: 12/19/2011 3:57:10 PM - Restore Operation
RP446: 12/20/2011 3:00:19 AM - Software Distribution Service 3.0
RP447: 12/23/2011 9:57:31 AM - Restore Operation
RP448: 12/24/2011 3:00:15 AM - Software Distribution Service 3.0
RP449: 12/27/2011 9:24:45 AM - Installed Windows Internet Explorer 8.
RP450: 12/27/2011 9:25:27 AM - Software Distribution Service 3.0
RP451: 12/28/2011 3:00:15 AM - Software Distribution Service 3.0
RP452: 12/29/2011 3:00:19 AM - Software Distribution Service 3.0
RP453: 12/30/2011 11:04:14 PM - System Checkpoint
RP454: 1/1/2012 12:00:03 AM - System Checkpoint
RP455: 1/4/2012 9:29:28 AM - Installed HiJackThis
.
==== Hosts File Hijack ======================
.
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Adobe Acrobat 4.0
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 9.4.7
Adobe Shockwave Player 11.6
Apple Application Support
Clone Wars
Compatibility Pack for the 2007 Office system
Creative Driver
Disney Pirates of the Caribbean Online
DivX Setup
Google Chrome
Google Desktop
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP LaserJet 2200 Uninstaller
InCD
InCD EasyWrite Reader
Intel Audio Studio
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
LeapFrog Connect
LeapFrog Leapster2 Plugin
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero OEM
NETGEAR Print Server Software
Nikon File Uploader 2
Nikon Message Center 2
NOOK for PC
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
PDF Settings CS5
Picture Control Utility
PokerStars.net
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Snagit 9.1.3
Spotify
Spybot - Search & Destroy
swMSM
TeamViewer 5
TeamViewer 6
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
VC80CRTRedist - 8.0.50727.4053
Vegas Pro 10.0
ViewNX 2
WebFldrs XP
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.00 (32-bit)
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
12/28/2011 11:47:31 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/4/2012 4:32:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
1/3/2012 5:32:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
1/1/2012 12:32:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================
nuworldman
Active Member
 
Posts: 2
Joined: January 4th, 2012, 12:34 pm
Advertisement
Register to Remove

Re: internet explorer has period popups and associated audio

Unread postby mambass » January 5th, 2012, 11:49 am

Hi nuworldman, :)

Welcome to the forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Only reply to this thread. Do not start another thread.
  10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  13. The logs I request can take a while to research so please be patient.
  14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.

Because of this I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

I am currently reviewing your log and will return as soon as possible with additional instructions.

Thanks,

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: internet explorer has period popups and associated audio

Unread postby mambass » January 7th, 2012, 4:58 am

Hi nuworldman, :)

  1. Rootkit Warning
    Your computer has a rootkit infection.
    A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

    The rootkit in question is named Zero Access and can be dificult to remove, sometimes needing a reformat.

    You are strongly advised to do the following:
    1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
    2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
      If you don't mind the hassle, change all your account numbers.
    3. From a clean computer, change all your passwords
      (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
      Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
    4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

    Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
    Many experts in the security community believe that once infected with this type of trojan, the best course of action would be to do a reformat and re-installation of the operating system (OS).
    This decision will have to be made by you.

    To help you understand more, please take some time to read the following articles:
    When should I re-format and reinstall my OS
    What are Remote Access Trojans and why are they dangerous
    How do I respond to a possible identity theft and how do I prevent it
    Back up and restore: frequently asked questions
    Restoring your Vista-W7 backups ... Restoring your XP backups

    Please let me know how you wish to proceed.

  2. Question related to use of computer
    What do you use this computer for?


Please include in your reply:
  1. An indication as to how you would like to proceed given the presence of a rootkit infection.
  2. An indication of what the computer is used for.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: internet explorer has period popups and associated audio

Unread postby mambass » January 9th, 2012, 9:16 pm

Hi nuworldman ,

It's approaching 72 hours since I posted my instructions. I just wanted to remind you that, per Forum policy here, this thread may be closed if no reply is received within 72 hours.

Could you please let me know if you still need help and, if so, if you require additional time to perform the requested tasks?

Thank you. :)

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: internet explorer has period popups and associated audio

Unread postby Jack&Jill » January 11th, 2012, 8:18 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 313 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware