Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio playing in background, script error notifs pop up repeatedly, Google redirect virus.


  • Please log in to reply
8 replies to this topic

#1 ayambakar

ayambakar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 10 May 2011 - 10:45 PM

I got this problem about 2 months ago.
Might as well repair everything. I run Windows XP Home edition on a laptop.

Problems that still exist:
1. Commercials, in audio form, starts playing after computer start-up. No application was open.
2. Google search redirects, on Mozilla only. I use Chrome, and this used to happen on Chrome too, but I renamed Chrome.exe). Redirects to Tazinga!, Lycos page, Mevio, etc.
3. Notifications pop-ups. One type is the Internet Explorer Script Error, containing "Line, Char, Error, Code, URL" infos, and the option is Yes/No.
The other type is Adobe update, asking whether do I want to install it or not. Both will interrupt whatever application is on the top (including full-screen games!).

Also, I can't run TDSSKiller, but for some reason able to run SuperAntiSpyware. Scanned with Avira AntiVir, nothing. Scanned with that SAS, found a lot of cache memories, deleted, reboot computer, problems still there. Scanned with Stinger, can't do anything.

Hope this supplies enough info to start.
I need this laptop for college, and I have too much precious music and software (I'm a musician) to be re-formatted.
Pro help will be hugely appreciated.

Ayam

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:53 AM

Posted 14 May 2011 - 03:40 PM

What do you mean when you say you can't do anything?

Can you post the logs from Super Anti-Spyware?

#3 ayambakar

ayambakar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 14 May 2011 - 10:29 PM

What do you mean when you say you can't do anything?

Can you post the logs from Super Anti-Spyware?


I meant the Stinger didn't do anything.

I'm scanning my computer with SAS right now. Complete scan.

#4 ayambakar

ayambakar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 14 May 2011 - 11:27 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2011 at 08:42 PM

Application Version : 4.52.1000

Core Rules Database Version : 7029
Trace Rules Database Version: 4841

Scan type : Complete Scan
Total Scan Time : 01:12:39

Memory items scanned : 560
Memory threats detected : 0
Registry items scanned : 6855
Registry threats detected : 0
File items scanned : 26653
File threats detected : 83

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@imrworldwide[2].txt
C:\Documents and Settings\User\Cookies\user@content.yieldmanager[3].txt
C:\Documents and Settings\User\Cookies\user@mediabrandsww[1].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\User\Cookies\user@content.yieldmanager[1].txt
secure-us.imrworldwide.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\M4HNT9PR ]
www.burstbeacon.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.solvemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.solvemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
dc.tremormedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.yadro.ru [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.jscount.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.jscount.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
s02.flagcounter.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.free-counter-web.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.toplist.cz [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www8.addfreestats.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ox-d.w00tmedia.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cracked.com [ C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Trojan.Dropper/Gen-PHP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\846TWTAK\LOAD[1].PHP

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:53 AM

Posted 14 May 2011 - 11:34 PM

Try rerunning mbam again.

#6 ayambakar

ayambakar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 15 May 2011 - 12:32 AM

Ok, updating database now. Will post log after full scan.

#7 ayambakar

ayambakar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 15 May 2011 - 02:08 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6582

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2011 12:08:17 AM
mbam-log-2011-05-15 (00-08-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 308068
Time elapsed: 1 hour(s), 32 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\User\application data\thinstall\program data\4000003800002i\multikill.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{17eb37b8-bff4-4577-8d55-88439094b737}\RP179\A0043663.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{17eb37b8-bff4-4577-8d55-88439094b737}\RP179\A0043664.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\srsf.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\User\my documents\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:53 AM

Posted 15 May 2011 - 02:23 AM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#9 ayambakar

ayambakar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 15 May 2011 - 03:17 AM

Posted Image

okay.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users