Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

POP-UP Coupon


  • Please log in to reply
10 replies to this topic

#1 mhoss49

mhoss49

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Breese, Il.
  • Local time:03:51 AM

Posted 18 June 2012 - 08:47 PM

This is the posting I moved here: pop-up coupon from Amazon is not blocked, why?
Naturally I have pop-up blocker functional but there is a new and really, really annoying "coupon" pop-up that is always on Amazon but also on other sites. Close the coupon window and it pops up every time I navigate to look at any product. It really is bad and vexingly doesn't even offer anything that the Amazon template doesn't already offer ("free shipping" above a certain expenditure on some items etc.). It has a distinctive green border and appears on other sites as well. How did they get around your software? How can I make this stop? I think they are from a company named Viscom Media
Thanks mhoss49
I did mini toolbox and fine. They thought could be a virus. I have run malwarebytes and ccleaner. AVG is not detecting anything. It is not malicious as I can tell.....just annoying. It actually shows as 2 side by side and only the left half on both is seen. There is know way to even click and activate the coupon pop-up. It does not make any difference which browser I activate: Exployer, Firefox or Chrome. I have 2 other computers and this is the victim. Curious mhoss49
Wanted to copy and paste from other forem...Pop-up blocks are turned on. I updated Firefox and that seemed too help. The coupons do fade out after a while. I also noticed that only left half of 2 identical coupons is seen. The activation side is missing.I have run malwarebytes and ccleaner. I guess it is just more of a nuisance than anything

Edited by mhoss49, 18 June 2012 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:51 AM

Posted 28 June 2012 - 01:39 PM

Please Download SAS (SuperAntiSpyware)

Allow it to update
Select complete scan
Select Scan your Computer...
Select your main drive (usually c:\) Uncheck other drives
Select Start Complete Scan>
Post the results

#3 mhoss49

mhoss49
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Breese, Il.
  • Local time:03:51 AM

Posted 28 June 2012 - 04:07 PM

Jimbob85 ran and showed some things and had program fix. It did not. It actually wanted me to buy and unless the problem affects performance I won't purchase. It is an annoyance and I guess I will live with it. I have other computers with windows7 and have more than likely been in the same areas as this laptop (Vista). I think it is just the system and maybe a weakness.
Question: I don't keep anything personal in this laptop or have any programs installed I don't have the installers. What happens if I would download and run a program....such as heidi.ie (an eraser)would that accomplish anything?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 AM

Posted 28 June 2012 - 07:52 PM

Hello,

I did mini toolbox and fine. They thought could be a virus.

I am unclear on this as Mini doesnt find malware.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



In response to your Eraser question.

Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

Assumimg XP,The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke
Eraser

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech
Windows XP: Clean Install

Edited by boopme, 28 June 2012 - 07:59 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mhoss49

mhoss49
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Breese, Il.
  • Local time:03:51 AM

Posted 29 June 2012 - 08:41 AM

Jimbob85 I ran TFC, MBAM, and SpyBot Search and Destroy as administrator.....no problems.
Downloaded MiniToolBox as admin. and postinf results:
Also ran Ccleaner as admin.

MiniToolBox by Farbar Version: 25-06-2012
Ran by Mike (administrator) on 29-06-2012 at 08:16:44
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FA-E6-E1-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5da9:5da2:cdda:5e59%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.149(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 29, 2012 7:49:21 AM
Lease Expires . . . . . . . . . . : Saturday, June 30, 2012 7:49:20 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 24.217.0.5
24.217.201.67
24.247.15.53
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-C4-FC-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{22BD4165-94C0-43B9-9728-AD289441637B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E72FFA0C-E74E-4824-816C-A497892BB172}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:289b:3f13:3f57:fe6a(Preferred)
Link-local IPv6 Address . . . . . : fe80::289b:3f13:3f57:fe6a%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: google.com
Addresses: 2607:f8b0:4009:802::1009
74.125.225.68
74.125.225.66
74.125.225.78
74.125.225.67
74.125.225.71
74.125.225.72
74.125.225.69
74.125.225.64
74.125.225.73
74.125.225.70
74.125.225.65



Pinging google.com [74.125.225.40] with 32 bytes of data:

Reply from 74.125.225.40: bytes=32 time=18ms TTL=54

Reply from 74.125.225.40: bytes=32 time=17ms TTL=54



Ping statistics for 74.125.225.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 18ms, Average = 17ms

Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=34ms TTL=54

Reply from 209.191.122.70: bytes=32 time=34ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 34ms, Average = 34ms

Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 22 fa e6 e1 32 ...... Intel® WiFi Link 5100 AGN
8 ...00 1e 33 c4 fc dd ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{22BD4165-94C0-43B9-9728-AD289441637B}
14 ...00 00 00 00 00 00 00 e0 isatap.{E72FFA0C-E74E-4824-816C-A497892BB172}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.149 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.149 281
192.168.1.149 255.255.255.255 On-link 192.168.1.149 281
192.168.1.255 255.255.255.255 On-link 192.168.1.149 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.149 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.149 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:5ef5:79fb:289b:3f13:3f57:fe6a/128
On-link
9 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::289b:3f13:3f57:fe6a/128
On-link
9 281 fe80::5da9:5da2:cdda:5e59/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)
Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)
Catalog9 03 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)
Catalog9 04 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)
Catalog9 05 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)
Catalog9 06 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)
Catalog9 07 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)
Catalog9 08 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [168136] (SpeedBit)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/28/2012 03:46:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:46:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:46:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:06:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:06:38 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:06:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:06:31 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:05:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:05:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/28/2012 03:05:54 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (06/29/2012 08:01:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.129.688.0){579DC9FD-3118-4821-8B76-C7F13873394B}100

Error: (06/29/2012 08:00:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/29/2012 08:00:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/29/2012 08:00:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/29/2012 08:00:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/29/2012 08:00:04 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version: 1.129.688.0

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY15

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/29/2012 08:00:04 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version: 1.129.688.0

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY15

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/29/2012 07:59:53 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/29/2012 07:59:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version: 1.129.688.0

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY15

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/29/2012 07:59:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version: 1.129.688.0

Previous Signature Version: 1.129.21.0

Update Source: %NT AUTHORITY15

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 6.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
AIO_Scan (Version: 90.0.200.000)
Atheros Driver Installation Program (Version: 7.7)
ATI Catalyst Install Manager (Version: 3.0.723.0)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2176)
AVG 2012 (Version: 12.0.2178)
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2180)
Bluetooth Monitor 4 (Version: 4.02.000)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
C309g-m (Version: 140.0.690.000)
C4200 (Version: 90.0.200.000)
C4200_doccd (Version: 90.0.200.000)
c4200_Help (Version: 90.0.200.000)
CCleaner (Version: 3.17)
Cisco Connect (Version: 1.4.11299.0)
Coupon Printer for Windows (Version: 5.0.0.0)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DocProc (Version: 9.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Garmin Lifetime Updater (Version: 2.1.7)
Google Chrome (Version: 19.0.1084.56)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GPBaseService2 (Version: 140.0.211.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
ImgBurn (Version: 2.5.6.0)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 140.0.212.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
PS_AIO_06_C309g-m_SW_Min (Version: 140.0.690.000)
PS_AIO_ProductContext (Version: 90.0.200.000)
PS_AIO_Software (Version: 90.0.200.000)
PS_AIO_Software_min (Version: 90.0.200.000)
PSSWCORE (Version: 2.01.0000)
QuickTransfer (Version: 140.0.98.000)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0004)
Realtek High Definition Audio Driver (Version: 6.0.1.5809)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20130)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
SIW version 2011.10.29 (Version: 2011.10.29)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
SpeedBit Video Accelerator (Version: 3226(build_2079))
Status (Version: 140.0.212.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 12.2.10.0)
Toolbox (Version: 140.0.428.000)
TOSHIBA ConfigFree (Version: 7.4.9)
TOSHIBA DVD PLAYER (Version: 3.00.1.04-A)
TOSHIBA PC Health Monitor (Version: 1.3.1.0)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Web Camera Application (Version: 1.0.1.8)
TrayApp (Version: 140.0.212.000)
UnloadSupport (Version: 9.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01 (Version: 90.0.146.000)
VLC media player 2.0.1 (Version: 2.0.1)
WebReg (Version: 140.0.212.017)
Xvid Video Codec (Version: 1.3.2)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader Toolbar v5.9 (Version: 5.9)
YTD YouTube Downloader & Converter 3.6

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2939.24 MB
Available physical RAM: 1633.46 MB
Total Pagefile: 6086.77 MB
Available Pagefile: 4420.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.11 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:231.42 GB) (Free:156.68 GB) NTFS

========================= Users: ========================================

User accounts for \\LAPTOP

Administrator Guest Mike


**** End of log ****

Edited by mhoss49, 29 June 2012 - 08:42 AM.


#6 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:51 AM

Posted 29 June 2012 - 02:44 PM

Please post your SAS and MBAM logs for review. I see that your system time and date are off. Please correct this as well. If you don't know how or if it won't stay set correctly please let me know.

Edited by Jimbob85, 29 June 2012 - 03:42 PM.


#7 mhoss49

mhoss49
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Breese, Il.
  • Local time:03:51 AM

Posted 30 June 2012 - 08:55 AM

Jimbob85 I am not sure what time and date you are referring too. If it is the actual computer settings I view on my taskbar, they are correct.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Mike :: LAPTOP [administrator]

6/30/2012 7:49:30 AM
mbam-log-2012-06-30 (07-49-30).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280191
Time elapsed: 54 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2012 at 07:30 AM

Application Version : 5.5.1006

Core Rules Database Version : 8826
Trace Rules Database Version: 6638

Scan type : Complete Scan
Total Scan Time : 00:41:58

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Administrator

Memory items scanned : 733
Memory threats detected : 0
Registry items scanned : 35095
Registry threats detected : 0
File items scanned : 31348
File threats detected : 11

Adware.Tracking Cookie
C:\USERS\MIKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike@sales.liveperson[2].txt [ Cookie:mike@sales.liveperson.net/ ]
C:\USERS\MIKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike@questionmarket[1].txt [ Cookie:mike@questionmarket.com/ ]
C:\USERS\MIKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike@mediaplex[1].txt [ Cookie:mike@mediaplex.com/ ]
C:\USERS\MIKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike@eset.122.2o7[1].txt [ Cookie:mike@eset.122.2o7.net/ ]
C:\USERS\MIKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike@revsci[2].txt [ Cookie:mike@revsci.net/ ]
C:\USERS\MIKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike@apmebf[2].txt [ Cookie:mike@apmebf.com/ ]
C:\USERS\MIKE\AppData\Roaming\Microsoft\Windows\Cookies\Low\mike@ads.pointroll[2].txt [ Cookie:mike@ads.pointroll.com/ ]
C:\USERS\MIKE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKE@ADS.BLEEPINGCOMPUTER[1].TXT [ /ADS.BLEEPINGCOMPUTER ]
C:\USERS\MIKE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKE@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
C:\USERS\MIKE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKE@KONTERA[1].TXT [ /KONTERA ]
C:\USERS\MIKE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKE@LIVEPERSON[2].TXT [ /LIVEPERSON ]
I ran the fix and SAS indicated file threats were deleted.

#8 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:51 AM

Posted 02 July 2012 - 09:43 AM

So far I don't see anything bad on your machine. I do want to see a log from Spybot yet.

Please go to Ninite and check the box for Spybot, also check the box for other programs or browsers on your computer as this will make sure they are up to date. Check things like Java and any Adobe apps you have installed for sure!

Once Spybot is installed please open the program
Go to the update tab and update the program from one of the USA sites.
Select Immunize, then select the green + to preform an immunize. (This adds info to your Hosts file to help keep you safe)
Select Search & Destroy
Remove any threats
Post log

#9 mhoss49

mhoss49
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Breese, Il.
  • Local time:03:51 AM

Posted 02 July 2012 - 05:09 PM

Jimbob85 I think we have it solved. Ran Ninite.....everything updated. Ran Spybot>Immunized>Ran I am not posting results, because the only way I could find results was to print.....and that is 4 pages. Things I removed and have removed before is or was located in HKEY. NOTE: I could not find any of the SBI or alpha numeral assigned codes in REGEDIT.
1. CouponBar HKEY_ROOT\CLSID\***********
2. CouponBar HKEY_LOCAL_MACHINE\Classes\cpbrkpie.coupon6Ctrl.1
3. CouponBar HKEY_CLASSES_ROOT\Interface
This couponbar is something I removed quite a while back.

Another is Widgi.Toolbar.......which I am sure came with you tube downloader.

Another is W3LIQS.fraud......related to Freeze.com> Don't know how this one got here.

I can not locate any of these in c/drive or regedit. None are toolbars on my home page hidden or not!!

The partial coupon only pops up on one login page and does not stay on screen after leaving that page or site. Before doing what we have done (when at this site} I had to reboot to remove even from my desktop.When we first started this was popping up on several sites. I have another computer and I will try to remember to login with the other computer. If I forget, at least I don't have to reboot anymore.Two full scans with Spybot showed cleaned ....for now. Thanks Jimbob85. I am happy with this progress: so if you are pleased we can Bump this post. Thanks again to you and Bleeping Computer.

#10 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:51 AM

Posted 03 July 2012 - 07:54 AM

I am glad that I could help! I understand that things are back to normal now?
One side note: Spybot needs to be run on every active user on the computer, that is having issues.
It doesn't "fix" all the users only the one that has run the app.

Just for another check it wouldn't hurt to fun one more scan.


Download

ESET online scanner

Install it

Click on START, it should download the virus definitions
When scan completes, click on LIST of found threats

Export the list to desktop, copy the contents of the text file in your reply
You may not get a listing if nothing is found

Edited by Jimbob85, 03 July 2012 - 07:59 AM.


#11 mhoss49

mhoss49
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Breese, Il.
  • Local time:03:51 AM

Posted 03 July 2012 - 11:07 AM

Jimbob85 I ran ESET online scanner and the results were: No Threats Found Thanks again!!! mhoss49




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users