Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying ads in the bottom right and random redirects


  • Please log in to reply
9 replies to this topic

#1 OCTOPODES

OCTOPODES

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 07 April 2012 - 11:53 PM

I have the exact same problem as the user in this thread, but as I am new to these forums, I was unsure whether posting in his thread would merit a reply. Below I have provided the results obtained by following the instructions given in the second post in the above linked thread. Sorry for the long post.

Here is what checkup.txt gave:

\Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting

automatic update.

```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Adobe Flash Player 11.2.202.228
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log```````````` [/quote]




From FSS.txt:
Farbar Service Scanner Version: 01-03-2012
Ran by Nathaniel (administrator) on 07-04-2012 at 21:10:57
Running from "C:\Users\Nathaniel\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default

start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 17:05] - [2011-12-27 20:59] - 0499200 ____A (Microsoft

Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft

Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft

Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 17:36] - [2009-07-13 18:41] - 2418176 ____A (Microsoft

Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****[/quote]

MiniToolBox:

[quote]MiniToolBox by Farbar Version: 18-01-2012
Ran by Nathaniel (administrator) on 07-04-2012 at 21:12:40
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
*******************************************************************

********

========================= IE Proxy Settings:

==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings:

==============================

========================= Hosts content:

=================================

::1 localhost








































































































































































































68.168.222.226 www.google-analytics.com.
68.168.222.226 ad-emea.doubleclick.net.
68.168.222.226 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration:

================================

NVIDIA nForce Networking Controller = Local Area Connection

(Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="ethernet_9" nexthop=5.0.0.1

publish=Yes
set interface interface="ethernet_9" forwarding=disabled

advertise=disabled metric=9000 siteprefixlength=0 nud=disabled

routerdiscovery=disabled managedaddress=disabled

otherstateful=disabled weakhostsend=disabled

weakhostreceive=disabled ignoredefaultroutes=disabled

advertisedrouterlifetime=0 advertisedefaultroute=disabled

currenthoplimit=0 forcearpndwolpattern=disabled

enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nathaniel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking

Controller
Physical Address. . . . . . . . . : 00-24-E8-31-E9-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::79ff:e0f1:f06:2c79%11

(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 07, 2012

5:08:20 PM
Lease Expires . . . . . . . . . . : Sunday, April 08, 2012

7:28:11 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890472
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-A6-94-8A-00-

24-E8-31-E9-46
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{76032462-8CDC-4CC8-B98F-8573554048B8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-

Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . :

2001:0:4137:9e76:3886:39c3:bd15:342b(Preferred)
Link-local IPv6 Address . . . . . : fe80::3886:39c3:bd15:342b

%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.131
74.125.224.132
74.125.224.133
74.125.224.134
74.125.224.135
74.125.224.136
74.125.224.137
74.125.224.142
74.125.224.128
74.125.224.129
74.125.224.130


Pinging google.com [74.125.224.130] with 32 bytes of data:
Reply from 74.125.224.130: bytes=32 time=11ms TTL=57
Reply from 74.125.224.130: bytes=32 time=7ms TTL=57

Ping statistics for 74.125.224.130:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 7ms, Maximum = 11ms, Average = 9ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=31ms TTL=53
Reply from 72.30.38.140: bytes=32 time=24ms TTL=53

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 31ms, Average = 27ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===================================================================

========
Interface List
11...00 24 e8 31 e9 46 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===================================================================

========

IPv4 Route Table
===================================================================

========
Active Routes:
Network Destination Netmask Gateway Interface

Metric
0.0.0.0 0.0.0.0 192.168.1.1

192.168.1.6 20
127.0.0.0 255.0.0.0 On-link

127.0.0.1 306
127.0.0.1 255.255.255.255 On-link

127.0.0.1 306
127.255.255.255 255.255.255.255 On-link

127.0.0.1 306
192.168.1.0 255.255.255.0 On-link

192.168.1.6 276
192.168.1.6 255.255.255.255 On-link

192.168.1.6 276
192.168.1.255 255.255.255.255 On-link

192.168.1.6 276
224.0.0.0 240.0.0.0 On-link

127.0.0.1 306
224.0.0.0 240.0.0.0 On-link

192.168.1.6 276
255.255.255.255 255.255.255.255 On-link

127.0.0.1 306
255.255.255.255 255.255.255.255 On-link

192.168.1.6 276
===================================================================

========
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===================================================================

========

IPv6 Route Table
===================================================================

========
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:3886:39c3:bd15:342b/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3886:39c3:bd15:342b/128
On-link
11 276 fe80::79ff:e0f1:f06:2c79/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===================================================================

========
Persistent Routes:
None
========================= Winsock entries

=====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft

Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft

Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft

Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft

Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft

Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704]

(Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft

Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft

Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft

Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft

Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft

Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft

Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968]

(Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft

Corporation)

========================= Event log errors:

===============================

Application errors:
==================
Error: (04/07/2012 07:13:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11996

Error: (04/07/2012 07:13:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11996

Error: (04/07/2012 07:13:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than

a second

Error: (04/07/2012 07:13:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10998

Error: (04/07/2012 07:13:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10998

Error: (04/07/2012 07:13:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than

a second

Error: (04/07/2012 07:13:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9999

Error: (04/07/2012 07:13:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9999

Error: (04/07/2012 07:13:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than

a second

Error: (04/07/2012 07:13:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001


System errors:
=============
Error: (04/07/2012 07:13:23 PM) (Source: Microsoft-Windows-HAL)

(User: )
Description: The platform firmware has corrupted memory across the

previous system power transition. Please check for updated

firmware for your system.

Error: (04/07/2012 05:08:46 PM) (Source: Microsoft Antimalware)

(User: )
Description: %%860 Real-Time Protection feature has encountered an

error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/07/2012 02:52:26 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/07/2012 09:38:51 AM) (Source: Microsoft Antimalware)

(User: )
Description: %%860 Real-Time Protection feature has encountered an

error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/06/2012 08:56:13 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/06/2012 06:57:56 PM) (Source: Microsoft Antimalware)

(User: )
Description: %%860 Real-Time Protection feature has encountered an

error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/05/2012 10:36:54 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/05/2012 07:28:36 PM) (Source: Microsoft Antimalware)

(User: )
Description: %%860 Real-Time Protection feature has encountered an

error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (04/05/2012 05:23:11 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/05/2012 03:59:12 PM) (Source: Microsoft Antimalware)

(User: )
Description: %%860 Real-Time Protection feature has encountered an

error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842


Microsoft Office Sessions:
=========================
Error: (04/07/2012 07:13:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11996

Error: (04/07/2012 07:13:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11996

Error: (04/07/2012 07:13:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than

a second

Error: (04/07/2012 07:13:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10998

Error: (04/07/2012 07:13:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10998

Error: (04/07/2012 07:13:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than

a second

Error: (04/07/2012 07:13:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9999

Error: (04/07/2012 07:13:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9999

Error: (04/07/2012 07:13:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than

a second

Error: (04/07/2012 07:13:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001


=========================== Installed Programs

============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (Version: 2.7.0.19530)
Adobe Download Assistant (Version: 1.0.2)
Adobe Flash Player 11 Plugin (Version: 11.2.202.228)
Adobe Illustrator CS5.1 (Version: 15.1)
Adobe Photoshop CS5 (Version: 12.0)
AMD APP SDK Runtime (Version: 2.5.684.213)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.60707.2331)
Anki
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft TotalMedia Extreme (Version: 1.0.9.9)
ATI Catalyst Install Manager (Version: 3.0.833.0)
AviSynth 2.5
Bonjour (Version: 3.0.0.10)
Call of Duty 2
Call of Duty® 4 - Modern Warfare™ (Version: 1.6)
Call of Duty® 4 - Modern Warfare™ (Version: 1.7)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version: 1.7)
CameraHelperMsi (Version: 13.25.1010.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0707.2346.40825)
Catalyst Control Center Graphics Previews Common (Version:

2011.0707.2346.40825)
Catalyst Control Center InstallProxy (Version:

2011.0707.2346.40825)
ccc-utility64 (Version: 2011.0707.2346.40825)
CCC Help English (Version: 2011.0707.2345.40825)
CCleaner (Version: 3.12)
Counter-Strike: Source
Dell Resource CD (Version: 1.00.0000)
DivX Setup (Version: 2.6.0.34)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
F.lux
foobar2000 v1.1.7 (Version: 1.1.7)
Foxit Reader 5.0 (Version: 5.0.1.0527)
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Hauppauge HDPVR Scheduler
Hauppauge WinTV Scheduler
IrfanView (remove only) (Version: 4.30)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 (64-bit) (Version: 7.0.0)
Java™ SE Development Kit 7 (64-bit) (Version: 1.7.0.0)
K-Lite Codec Pack 7.9.0 (Standard) (Version: 7.9.0)
Lagarith Lossless Codec (1.3.25)
LibreOffice 3.3 (Version: 3.3.301)
Logitech SetPoint 6.30 (Version: 6.30.43)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.20.1166.0)
LWS Gallery (Version: 13.20.1166.0)
LWS Help_main (Version: 13.25.1016.0)
LWS Launcher (Version: 13.20.1166.0)
LWS Motion Detection (Version: 13.20.1176.0)
LWS Pictures And Video (Version: 13.25.1010.0)
LWS Twitter (Version: 13.20.1166.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (Version: 13.20.1168.0)
LWS WLM Plugin (Version: 1.20.1166.0)
LWS YouTube Plugin (Version: 13.20.1166.0)
LyX 2.0.0-3 (Installed for Current User) (Version: 2.0.0-3)
ManyCam 2.6.55 (remove only) (Version: 2.6.55)
MathType 6 (Version: 6.7)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Games for Windows - LIVE Redistributable (Version:

3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

(Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

(Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

(Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

(Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

(Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

(Version: 10.0.30319)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
osu! (Version: 0.0.0.0)
PDF Settings CS5 (Version: 10.0)
Python 3.2.2 (64-bit) (Version: 3.2.2150)
QuickTime (Version: 7.69.80.9)
Razer Lycosa (Version: 3.02)
Skype™ 5.3 (Version: 5.3.120)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 4.4.26.0)
Team Fortress 2
TI Connect 1.6 (Version: 1.6)
TrackMania Nations Forever
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

(Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

(Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

(Version: 1)
User's Guides (Version: 1.20.0000)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vegas Pro 9.0 (64-bit) (Version: 9.0.1146)
Virtual Audio Cable 4.10
Visual C++ 2008 Runtime (x64) (Version: 1.0.1)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB

(06/11/2009 1.0.0.0) (Version: 06/11/2009 1.0.0.0)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB

(09/02/2009 1.0.0.1) (Version: 09/02/2009 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

========================= Devices: ================================


========================= Memory info:

===================================

Percentage of memory in use: 32%
Total physical RAM: 4093.47 MB
Available physical RAM: 2770.95 MB
Total Pagefile: 8185.09 MB
Available Pagefile: 6290.82 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.8 MB

========================= Partitions:

=====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:277.29 GB) NTFS

========================= Users:

========================================

User accounts for \\NATHANIEL-PC

Administrator Guest Nathaniel




**** End of log ****




From aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 21:31:14
-----------------------------
21:31:14.611 OS Version: Windows x64 6.1.7600
21:31:14.611 Number of processors: 4 586 0x170A
21:31:14.611 ComputerName: NATHANIEL-PC UserName: Nathaniel
21:31:16.639 Initialize success
21:31:59.255 AVAST engine defs: 12040701
21:33:41.086 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device

\0000005e
21:33:41.088 Disk 0 Vendor: ST350041 CC44 Size: 476940MB

BusType: 8
21:33:41.143 Disk 0 MBR read successfully
21:33:41.145 Disk 0 MBR scan
21:33:41.149 Disk 0 Windows 7 default MBR code
21:33:41.215 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS

100 MB offset 2048
21:33:41.277 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS

476838 MB offset 206848
21:33:41.376 Disk 0 scanning C:\Windows\system32\drivers
21:33:57.046 Service scanning
21:34:23.431 Modules scanning
21:34:23.437 Disk 0 trace - called modules:
21:34:23.447 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys

storport.sys hal.dll nvstor.sys
21:34:23.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0

[0xfffffa8004656060]
21:34:23.455 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!

IofCallDriver -> [0xfffffa80039f4d30]
21:34:23.459 5 ACPI.sys[fffff88000f34781] -> nt!IofCallDriver ->

\Device\0000005e[0xfffffa80043ee9c0]
21:34:25.047 AVAST engine scan C:\Windows
21:34:31.382 AVAST engine scan C:\Windows\system32
21:34:37.419 Disk 0 MBR has been saved successfully to "C:

\Users\Nathaniel\Desktop\MBR.dat"
21:34:37.425 The log file has been saved successfully to "C:

\Users\Nathaniel\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 21:31:14
-----------------------------
21:31:14.611 OS Version: Windows x64 6.1.7600
21:31:14.611 Number of processors: 4 586 0x170A
21:31:14.611 ComputerName: NATHANIEL-PC UserName: Nathaniel
21:31:16.639 Initialize success
21:31:59.255 AVAST engine defs: 12040701
21:33:41.086 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device

\0000005e
21:33:41.088 Disk 0 Vendor: ST350041 CC44 Size: 476940MB

BusType: 8
21:33:41.143 Disk 0 MBR read successfully
21:33:41.145 Disk 0 MBR scan
21:33:41.149 Disk 0 Windows 7 default MBR code
21:33:41.215 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS

100 MB offset 2048
21:33:41.277 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS

476838 MB offset 206848
21:33:41.376 Disk 0 scanning C:\Windows\system32\drivers
21:33:57.046 Service scanning
21:34:23.431 Modules scanning
21:34:23.437 Disk 0 trace - called modules:
21:34:23.447 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys

storport.sys hal.dll nvstor.sys
21:34:23.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0

[0xfffffa8004656060]
21:34:23.455 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!

IofCallDriver -> [0xfffffa80039f4d30]
21:34:23.459 5 ACPI.sys[fffff88000f34781] -> nt!IofCallDriver ->

\Device\0000005e[0xfffffa80043ee9c0]
21:34:25.047 AVAST engine scan C:\Windows
21:34:31.382 AVAST engine scan C:\Windows\system32
21:34:37.419 Disk 0 MBR has been saved successfully to "C:

\Users\Nathaniel\Desktop\MBR.dat"
21:34:37.425 The log file has been saved successfully to "C:

\Users\Nathaniel\Desktop\aswMBR.txt"
21:39:19.102 AVAST engine scan C:\Windows\system32\drivers
21:39:32.396 AVAST engine scan C:\Users\Nathaniel
21:44:37.331 AVAST engine scan C:\ProgramData
21:45:52.032 Scan finished successfully
21:47:09.145 Disk 0 MBR has been saved successfully to "C:

\Users\Nathaniel\Desktop\MBR.dat"
21:47:09.202 The log file has been saved successfully to "C:

\Users\Nathaniel\Desktop\aswMBR.txt"



Malwarebytes:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Nathaniel :: NATHANIEL-PC [administrator]

4/7/2012 9:19:49 PM
mbam-log-2012-04-07 (21-19-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193092
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Nathaniel\Local Settings\Temporary Internet Files\Content.IE5\KQJHDG19\Testbundle23w_1254[1].exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)

Edited by boopme, 13 April 2012 - 04:03 PM.


BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:01:55 AM

Posted 08 April 2012 - 12:39 AM

Try running a full scan with Malwarebytes. I think we missed something, though I can't be sure.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 OCTOPODES

OCTOPODES
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 08 April 2012 - 12:00 PM

Results from the full scan:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Nathaniel :: NATHANIEL-PC [administrator]

4/7/2012 11:39:02 PM
mbam-log-2012-04-07 (23-39-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 403672
Time elapsed: 53 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\Sony\Vegas Pro 9.0\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Nathaniel\Documents\Sony Vegas Pro 9.0e - mashem\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

(end)


A screenshot of the problem:

Posted Image

#4 chromebuster

chromebuster

  • Members
  • 880 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:01:55 AM

Posted 08 April 2012 - 12:47 PM

After that was removed, have the ads stopped? I ask because most often, running keygens is asking for infection. Some of them are even meant to look like keygens, but their only purpose is to infect your computer. if not, then run Super Antispyware free and then post the log. And my recommendation, if you want a piece of software, buy it, don't crack it!

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#5 OCTOPODES

OCTOPODES
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 08 April 2012 - 02:05 PM

The ads were still present earlier this morning when I first turned on my computer. I got rid of a shady PDF and then restarted my computer. I have not seen any more ads, but I would like to be sure that no infection remains.

Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/08/2012 at 12:03 PM

Application Version : 5.0.1146

Core Rules Database Version : 8424
Trace Rules Database Version: 6236

Scan type : Complete Scan
Total Scan Time : 00:47:20

Operating System Information
Windows 7 Ultimate 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 701
Memory threats detected : 0
Registry items scanned : 65501
Registry threats detected : 0
File items scanned : 104697
File threats detected : 6

Adware.Tracking Cookie
C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Cookies\IDR5IMC1.txt [ /c.atdmt.com ]
C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Cookies\G22L3A2D.txt [ /atdmt.com ]
C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Cookies\R4B39U60.txt [ /doubleclick.net ]
C:\USERS\NATHANIEL\Cookies\IDR5IMC1.txt [ Cookie:nathaniel@c.atdmt.com/ ]
C:\USERS\NATHANIEL\Cookies\G22L3A2D.txt [ Cookie:nathaniel@atdmt.com/ ]

Heur.Agent/Gen-WhiteBox
C:\USERS\NATHANIEL\DOWNLOADS\TUNESUP-FOR-SKYPE-2-0-0-74-BETA-EN.EXE


Also, thank you for the advice, but the keygen is much, much older than my ad problem and I don't think it would stay dormant for almost a year to suddenly start attacking me.

EDIT: I just saw the ad appear a few times and I was redirected once more. Grrr.

Edited by OCTOPODES, 08 April 2012 - 11:29 PM.


#6 OCTOPODES

OCTOPODES
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 09 April 2012 - 10:19 AM

I was just redirected after middle-clicking (to open in a new tab) the link with the text "Pinkyracer" in this blog post. The redirected website showed up in the same tab, while the actual website I wanted showed up in a new one. If I try to do this again, the intended website appears in both the original tab and a new one. Here is a screenshot of the redirected website:

Posted Image

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 13 April 2012 - 04:06 PM

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#8 Charly72

Charly72

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 21 April 2012 - 05:14 PM

Hi,

I was pretty annoyed with this "ads"
I installed noscript addon in firefox to block this sh**, try it, it works.
http://noscript.net/

also check your HOST file
Delete this part if you have it

188.119.151.111 www.google-analytics.com.
188.119.151.111 ad-emea.doubleclick.net.
188.119.151.111 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

Best Regards

Edited by Charly72, 21 April 2012 - 05:47 PM.


#9 frnskm

frnskm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 09 May 2012 - 05:30 AM

OCTOPODES, have you found a solution?

im having the exactly same problem as you.

check these two print screen, showing the annoying ads on the bottom right of my browser. sometimes its a small rectangle, and sometimes an iphone.

ive scanned with AVG, SPYWARE DR, and AVIRA. Also tryied the TDSKILLER sugested by BOOPME. couldnt use the NONSCRIPT posted by CHARLY72 because i use IE9 and not firefox.

anyone has any idea? the only solution i can think of is formating the computer...

thanks in advance

Posted Image

Posted Image

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 09 May 2012 - 11:41 AM

@ frnskm

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users