0

Hello, so I get the weirdest thing when I open my internet explorer (I only use it on occasion, usually it's firefox). I have a pic of what comes up, which I've posted below. I know it's related to whatever virus I have, but it's something of a software download box that asks if I'd like to download or cancel

?

Also, my speakers make a lot of static when they are in use. My sister said it means my computer is dying (the motherboard that is) but I want to believe it's just from the virus!

I've googled and searched the forum, but nothing.

Desperation mode.

BABY.D <3's DANIWEB

Attachments virusss.JPG 27.32 KB
3
Contributors
12
Replies
13
Views
6 Years
Discussion Span
Last Post by gerbil
0

Hello, Baby.D... it is not likely to be malware etc that is the cause of your problem. Looking at that run window, the file is from google canada, it is a Firefox file trying to run in IE... hard to say what it could be. Anyway, try this... it will give us some basic information as well as scan your sys for any malware or pestware [most folks have some.. :)]
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
==Hijackthis: You have a choice of versions, installable program or stand-alone executable; in action they are fundamentally identical; on their own they make no alterations, merely scan vulnerable locations and report. I prefer ii).

i] -download hijackthis: http://www.majorgeeks.com/download5554.html or http://www.filehippo.com/download_hijackthis/
-dclick that .msi file to install Hijackthis as a program. Else...
ii] - download the executable file from: http://www.bleepingcomputer.com/files/hijackthis.php
- unzip if necessary; copy hijackthis.exe to a new FOLDER placed either alongside your program files or on your desktop.
Start Hijackthis via the desktop icon or by dclicking hijackthis.exe.
- CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
- click the Scan and Save a Logfile button. Post the log here.

0

I luv you gerbil. I'll be following your instructions after school today and I'll keep your posted.

Thank you!

0

:).
The weird noises... it is possible that you have set an active desktop that is not functioning all that well? Set either by yourself or by malware. It may be trying to play sounds from a website; to disable it [or at least to check] go Start > Control Panel > Display, Desktop tab > customise button, Web tab. There you should place a checkmark beside any unknown entries and choose Delete.
Let me know.

0

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6253

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

03/04/2011 11:25:16 AM
mbam-log-2011-04-03 (11-25-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 325788
Time elapsed: 7 hour(s), 7 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{0f60396b-0f5e-4e50-b649-25d2d5e11e35}\RP108\A0010281.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Baby D\Desktop\firefox-update.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

0

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:39 PM, on 10/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Baby D\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Baby D\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BackupNowEZtray] "C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Baby D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Baby D\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192310113968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8652 bytes

0

The sound is only evident when music is being played or sound is played by the speakers, it's a static-type noise.

I did what you said gerbil, I got a My Home Page listed and the delete button was not activated so I couldn't delete it. Is this normal?

Edited by Baby.D: n/a

0

Baby D, the Home Page entry in the display's Web tab listing is fine.
Has that popup gone now?
Static while playing. Could be a driver issue, they do go bad occasionally. You could check the website of the manufacturer of your motherboard to see if there are updated drivers you could install [tedious, and it is not really necessary to update what once was working satisfactorily], or you could uninstall the drivers you have and reinstall them...
Let's try that... I don't know how savvy you are about your computer's makeup, so first go Start, and enter...
msinfo32
Expand Components, select Sound Device. After a moment you should see your audio devices listed; note the entry [entries] beside Name. Done with that.
Again go Start, > Control Panel > System, then choose Hardware, Device Manager.
Expand Sound, video etc controllers; dclick the entry corresponding to that you saw earlier at Name. In the window that opens choose the Driver tab, press the Update Driver button.
In the Wizard window choose No, not this time, and press Next; then Install from a list..., and Next; finally Don't Search..., and Next. Select the audio service as listed before at Name, and click Next.
Repeat for any other audio services that appeared beside Name in the info window.
Play some music. Beiber, if you really must.

0

The explorer pop-up is still there :( and somehow I got MS Removal Tool on my computer now too. It won't even let me run mbam.exe as it says it is infectious.

I will follow your instructions about the speaker after I've dealt with the above annoyinggg issues. Is that alrite?

0

Msinfo32 doesn't work, simply nothing opens up at all when I put it in Run. Could it be that cause I'm using XP?

0

Baby D., msinfo32.exe is part of XP's Help & Support. Try that [via Start button if you show it there], go to Pick a Task, and then to inline Tools link, finally Advanced Sys Info.
Failing that, post the entries you have under Device Mgr, Sound and Video Controllers

Edited by gerbil: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.