Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Random pop-up ads in browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Random pop-up ads in browser

Unread postby jay.zzee » May 31st, 2012, 3:02 pm

Hi,

I am having trouble with my IE as well as Mozilla browswers. I am geting random pop ups in the lower right hand corner of the browswer. Also whenever I click any links in my browser it redirects to some random site. Could you please help me?

Thanks,
Jay


PLEASE FIND DDS LOGS BELOW
__________________________

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Jthirumalai at 14:59:55 on 2012-05-31
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.8151.2552 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Citrix\Receiver\PrivService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Cobian Backup 10\cbService.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
c:\oracle\product\111~1.1\oracle~1\ccr\bin\nmz.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\pgAgent\bin\pgagent.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PostgresPlus\9.0SS\bin\postgres.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Lumension\Patch Agent\GravitixService.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\SPEnroll.exe
C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\MIT\Kerberos\bin\netidmgr.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\MIT\Kerberos\bin\krbcc64s.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\jthirumalai\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mcomm.exe
C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lumension\LEMSSAgent\epui\epui.exe
C:\Program Files (x86)\Lumension\Patch Agent\NotificationManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\oracle\sqldeveloper\sqldeveloper.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Mentat Technologies\DreamCoder\DreamCoder.exe
C:\Windows\system32\notepad.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 10.1.200.10
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120202205223.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "C:\Users\jthirumalai\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\jthirumalai\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\JTHIRU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\jthirumalai\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Program Files (x86)\MIT\Kerberos\bin\netidmgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: MaxGPOScriptWait = 120 (0x78)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: citrite.net\access
Trusted Zone: citrixonline.com\remote
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C4866628-AD07-4309-B3AB-DB6A8627FEAD} - hxxp://evunity-1.gol1/ciscopca/controls/MediaMasENU.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 10.1.80.20 10.1.80.21
TCP: Interfaces\{8B73B763-EED8-45A3-9B6A-3F44144CEF5E} : NameServer = 10.1.80.20,10.1.90.19
TCP: Interfaces\{8B73B763-EED8-45A3-9B6A-3F44144CEF5E} : DhcpNameServer = 10.1.80.20 10.1.80.21
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120202205223.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Hosts: 176.9.75.3 http://www.google-analytics.com.
Hosts: 176.9.75.3 ad-emea.doubleclick.net.
Hosts: 176.9.75.3 http://www.statcounter.com.
Hosts: 108.163.215.51 http://www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jthirumalai\AppData\Roaming\Mozilla\Firefox\Profiles\6mlsaafu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&install_date=20110810
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form ... 0110810&q=
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jthirumalai\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\jthirumalai\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\jthirumalai\AppData\Roaming\Mozilla\Firefox\Profiles\6mlsaafu.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 EPS;EPS;C:\Windows\system32\drivers\eps.sys --> C:\Windows\system32\drivers\eps.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-16 98208]
R2 ARPriv;Citrix Receiver Install Helper Service;C:\Program Files (x86)\Citrix\Receiver\PrivService.exe [2010-1-22 238872]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2012-4-20 67584]
R2 CobianBackup10;Cobian Backup Boletus;C:\Program Files (x86)\Cobian Backup 10\cbService.exe [2012-4-20 1125376]
R2 LEMSS Agent;LEMSS Agent;C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe [2011-9-29 594000]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-2-2 199008]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 Oraclec_oracle_product_111~1.1_oracle~1ConfigurationManager;Oraclec_oracle_product_111~1.1_oracle~1ConfigurationManager;c:\oracle\product\111~1.1\oracle~1\ccr\bin\nmz.exe c:\oracle\product\111~1.1\oracle~1\ccr\hosts\jthirumalai2.ad.corp.expertcity.com --> c:\oracle\product\111~1.1\oracle~1\ccr\bin\nmz.exe c:\oracle\product\111~1.1\oracle~1\ccr\hosts\jthirumalai2.ad.corp.expertcity.com [?]
R2 pgAgent;PostgreSQL Scheduling Agent - pgAgent;C:\Program Files (x86)\PostgresPlus\9.0SS\pgAgent\bin\pgagent.exe RUN pgAgent host=localhost port=5432 user=postgres dbname=postgres --> C:\Program Files (x86)\PostgresPlus\9.0SS\pgAgent\bin\pgagent.exe RUN pgAgent host=localhost port=5432 user=postgres dbname=postgres [?]
R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files (x86)/PostgresPlus/9.0SS/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "C:/Program Files (x86)/PostgresPlus/9.0SS/data" -w --> C:/Program Files (x86)/PostgresPlus/9.0SS/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 Patch Agent;Patch Agent;C:\Program Files (x86)\Lumension\Patch Agent\GravitixService.exe [2011-9-20 95584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 pgbouncer;pgbouncer;C:\Program Files (x86)\PostgresPlus\9.0SS\pgbouncer\bin\pgbouncer.exe -service "C:\Program Files (x86)\PostgresPlus\9.0SS\pgbouncer\share\pgbouncer.ini" --> C:\Program Files (x86)\PostgresPlus\9.0SS\pgbouncer\bin\pgbouncer.exe -service C:\Program Files (x86)\PostgresPlus\9.0SS\pgbouncer\share\pgbouncer.ini [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 SmartDeploy;SmartDeploy;C:\Windows\SysWOW64\SmartDeploy.exe [2011-4-1 206832]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=C:\Windows\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-31 17:47:31 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\WinPatrol
2012-05-31 17:47:26 -------- d-----w- C:\ProgramData\InstallMate
2012-05-31 17:47:26 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-05-31 17:45:12 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\FreeFixer
2012-05-31 17:45:12 -------- d-----w- C:\Users\jthirumalai\AppData\Local\FreeFixer
2012-05-31 17:45:07 -------- d-----w- C:\Program Files\FreeFixer
2012-05-31 17:35:08 -------- d-----w- C:\Program Files\HitmanPro
2012-05-31 17:34:23 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-31 16:19:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-31 16:19:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-31 15:57:07 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-31 10:02:58 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{6082143B-A2F6-4E8D-880B-6A741244F548}
2012-05-30 22:02:55 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{DC06C60A-378B-49DA-AD30-6BEC2BB40CB3}
2012-05-30 19:51:23 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\Business Objects
2012-05-30 19:31:46 -------- d-----w- C:\Program Files (x86)\Business Objects
2012-05-30 10:02:52 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{3ABE1A20-D458-490A-902E-84C3CBBF915D}
2012-05-29 22:02:49 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{92B8A6A4-C206-4836-8CC7-28A428BA6065}
2012-05-29 10:02:47 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{BD0ACF74-89C7-49C3-B041-D844971A4F0C}
2012-05-28 22:02:44 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{E9B280F9-12B5-45D1-9FFA-35628C43A89A}
2012-05-28 10:02:42 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{99454ED5-B4B5-48E7-B8B2-D8BB553C1E86}
2012-05-27 22:02:39 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{01E344B3-291E-4A0C-8A03-2F0E7A8E0126}
2012-05-27 10:02:36 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{66CB48A1-5436-4C72-907D-D2C4FA348E68}
2012-05-26 22:02:34 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{7545A71E-4CE4-4564-8DBD-E29215C707C8}
2012-05-26 10:02:31 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{D4D6717A-5E08-4BAD-A544-79D00F3FD654}
2012-05-25 22:02:27 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{18F0DB74-87B9-4EF2-8666-74531633E550}
2012-05-25 22:02:26 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{FC1BCBA7-42C0-486E-B6BB-92E3E5892308}
2012-05-25 14:02:08 -------- d-----w- C:\ProgramData\GFI Software
2012-05-25 13:52:20 -------- d-----w- C:\Users\jthirumalai\AppData\Local\adawarebp
2012-05-25 10:02:12 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{AD094BC5-9AFB-4014-BC30-E8460A125E3C}
2012-05-25 10:02:12 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{004B42AA-4645-4FA3-A496-2A068BFB989D}
2012-05-24 22:04:12 -------- d-----w- C:\Windows\en
2012-05-24 22:02:34 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-05-24 22:00:55 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b12e56f51cd39f801\DSETUP.dll
2012-05-24 22:00:55 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b12e56f51cd39f801\DXSETUP.exe
2012-05-24 22:00:55 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b12e56f51cd39f801\dsetup32.dll
2012-05-24 22:00:55 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b18406ef1cd39f802\MeshBetaRemover.exe
2012-05-24 21:59:26 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{89CCD42F-0943-477A-A6B9-2B2AB551FA32}
2012-05-24 21:59:23 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{103B97F4-68DC-42A9-BD9C-C460DAE1D1CA}
2012-05-24 21:42:25 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{797D43FC-B3F3-41B5-9C1F-0AD48D685BE3}
2012-05-24 21:42:24 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{DC6A0E99-99EB-4BD7-825A-130D36CB8AB5}
2012-05-24 21:33:20 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\Malwarebytes
2012-05-24 21:33:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-24 21:18:41 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\ShareFile
2012-05-24 21:18:26 -------- d-----w- C:\Users\jthirumalai\AppData\Local\assembly
2012-05-24 21:17:52 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{E2AD4232-2601-4259-AF25-15F1BBE518A7}
2012-05-24 21:17:44 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{82A1DD0C-5CF4-42BB-B1D8-BC530DE8A923}
2012-05-24 21:17:39 -------- dc-h--w- C:\Users\jthirumalai\AppData\Local\{E9DB13C1-B6BE-4DCD-9F30-EF6A37CB7D79}
2012-05-24 21:17:36 -------- d-----w- C:\Program Files (x86)\ShareFile Outlook Plugin
2012-05-24 21:17:19 -------- d-----w- C:\Users\jthirumalai\AppData\Local\PackageAware
2012-05-24 21:01:34 -------- d-----w- C:\Users\jthirumalai\AppData\Roaming\SUPERAntiSpyware.com
2012-05-24 21:01:16 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-24 21:01:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-24 14:22:43 -------- d-----w- C:\Users\jthirumalai\sofastats_recovery
2012-05-24 14:22:42 -------- d-----w- C:\Users\jthirumalai\sofastats
2012-05-24 14:22:34 -------- d-----w- C:\Users\jthirumalai\.matplotlib
2012-05-22 21:38:37 -------- d-----w- C:\Program Files (x86)\sofastats
2012-05-17 22:43:10 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-17 22:35:56 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{5275764A-F167-4DB4-82D3-B6C14A19FF7A}
2012-05-17 22:35:54 -------- d-----w- C:\Users\jthirumalai\AppData\Local\{F1260456-A155-498C-9DD9-AAE159112EE1}
2012-05-09 18:49:50 -------- d-----w- C:\Users\jthirumalai\AppData\Local\Eclipse
2012-05-09 18:49:34 -------- d-----w- C:\Users\jthirumalai\workspace
2012-05-09 17:39:24 -------- d-----w- C:\ProgramData\Tarma Installer
2012-05-03 17:24:33 -------- d-----w- C:\Users\jthirumalai\.businessobjects
.
==================== Find3M ====================
.
2012-05-17 22:43:03 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-17 22:36:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-17 22:36:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-27 12:14:55 60304 ----a-w- C:\Users\jthirumalai\g2mdlhlpx.exe
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 15:00:18.38 ===============
jay.zzee
Active Member
 
Posts: 3
Joined: May 31st, 2012, 2:24 pm
Advertisement
Register to Remove

Re: Random pop-up ads in browser

Unread postby deltalima » May 31st, 2012, 3:07 pm

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 138 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware