Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Audio Advertisements Playing on Computer


  • Please log in to reply
9 replies to this topic

#1 UnknownPower

UnknownPower

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 10 July 2012 - 09:57 PM

Hello, all~ To be truthful, I've been holding off on posting on various forums due to the lucrative processes involved in cleaning out a computer. It's had smaller problems before, all of which went away very easily at the sight of a typical virus scan. However, I've recently downloaded Google Chrome onto my computer and since this occurrence, my computer has been playing random audio advertisements at pretty much all hours of the day. After some research and snooping around on the internet, I've come to realize that the most likely cause of these ads would be malware, or some sort of other virus. I've deleted Google Chrome and I've run various scans with both Norton Security Suite and MalwareBytes Anti-Malware over the course of the past couple days. However, none of the scans have stopped the ads from playing on my computer. While the volume of the ads has dropped from near-constant playtime to a sort of "rarity" they still persist on my computer and act as not only a nuisance to my typical activities on this computer, but also as a parasite which is eating away at what little my computer has left to run on.

Currently, I am running on a Windows XP, Service Pack 3. For security, I've used Norton Security Suite and MalwareBytes Anti-Malware. If anyone is able to help me with my problem, then that is greatly appreciated. If anymore information is needed regarding my computer or the situation itself, please feel free to ask me, but please try not to make it overly complicated. I'm not the most computer-savvy person in the world. While I do know quite a bit, I don't know enough to get rid of this problem on my own, so any assistance is greatly appreciated. Thank you in advance for your time and help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 AM

Posted 10 July 2012 - 10:41 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 UnknownPower

UnknownPower
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 11 July 2012 - 01:10 PM

Alright, so, I completed the scans and I have the logs ready for you. Here's what I found.

00:11:54.0968 1576 Detected object count: 2
00:11:54.0968 1576 Actual detected object count: 2
00:12:33.0265 1576 \Device\Harddisk0\DR0\# - copied to quarantine
00:12:33.0265 1576 \Device\Harddisk0\DR0 - copied to quarantine
00:12:33.0296 1576 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
00:12:33.0328 1576 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
00:12:33.0343 1576 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
00:12:33.0359 1576 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
00:12:33.0375 1576 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
00:12:33.0375 1576 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
00:12:33.0375 1576 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:12:33.0500 1576 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
00:12:33.0500 1576 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
00:12:33.0515 1576 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
00:12:33.0546 1576 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
00:12:33.0546 1576 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
00:12:33.0578 1576 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:12:33.0718 1576 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
00:12:33.0750 1576 \Device\Harddisk0\DR0 - ok
00:12:40.0671 1576 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
00:12:40.0687 1576 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:12:40.0687 1576 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-11 00:15:42
-----------------------------
00:15:42.609 OS Version: Windows 5.1.2600 Service Pack 3
00:15:42.609 Number of processors: 1 586 0x209
00:15:42.609 ComputerName: HOME-29W4H2Q5X7 UserName: Owner
00:16:04.843 Initialize success
00:18:29.078 AVAST engine defs: 12071001
00:19:02.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:19:02.328 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
00:19:02.328 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000070
00:19:02.343 Disk 1 Vendor: Size: 38166MB BusType: 0
00:19:02.343 Device \Driver\atapi -> DriverStartIo 86bf02e2
00:19:02.343 Disk 0 MBR read successfully
00:19:02.343 Disk 0 MBR scan
00:19:02.406 Disk 0 Windows XP default MBR code
00:19:02.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38130 MB offset 64260
00:19:02.437 Disk 0 scanning sectors +78156225
00:19:02.578 Disk 0 scanning C:\WINDOWS\system32\drivers
00:19:23.046 Service scanning
00:19:57.328 Modules scanning
00:20:17.328 Disk 0 trace - called modules:
00:20:17.328 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f1fad8]<<
00:20:17.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873a1ab8]
00:20:17.343 3 CLASSPNP.SYS[f77b5fd7] -> nt!IofCallDriver -> [0x86fae030]
00:20:17.343 \Driver\atapi[0x870b8c88] -> IRP_MJ_CREATE -> 0x86bf04b1
00:20:20.640 AVAST engine scan C:\WINDOWS
00:21:31.843 AVAST engine scan C:\WINDOWS\system32
00:29:19.625 AVAST engine scan C:\WINDOWS\system32\drivers
00:29:51.218 AVAST engine scan C:\Documents and Settings\Owner.HOME-29W4H2Q5X7
00:43:18.546 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
01:00:03.625 Scan finished successfully
01:30:25.312 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
01:30:25.312 The log file has been saved successfully to "C:\aswMBR.txt"

C:\Documents and Settings\DONNA\Local Settings\Temporary Internet Files\Content.IE5\NO9HJPK9\top4_flash_sb[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\DONNA\Local Settings\Temporary Internet Files\Content.IE5\S1YPANO5\mybusinessanalyst[1].htm JS/TrojanDownloader.Iframe.NJT trojan cleaned by deleting - quarantined
C:\Documents and Settings\DONNA\Local Settings\Temporary Internet Files\Content.IE5\WXKNOLYD\index145[1].htm JS/Tivso.Gen trojan cleaned by deleting - quarantined
C:\Program Files\Common Files\imkz\imkzd\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.07.2012_00.09.50\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.07.2012_00.09.50\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.07.2012_00.09.50\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.07.2012_00.09.50\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.07.2012_00.09.50\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.07.2012_00.09.50\mbr0000\tdlfs0000\tsk0012.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

Sadly, I did some of the scanning and such in the middle of the night, hoping to get this completed as quickly as possible, and some contents may have backfired on me. However, I'm sure you'll be able to make heads or tails of it all. Good luck and thank you~

EDIT: It had occurred to me that what I posted may or may not have been correct according to instruction/forum rules. As a result, I edited out the part that may have seemed unruly and/or unnecessary. If any of the log reports are missing anything, please let me know and I'll look into it. Thank you again for your time~

Edited by UnknownPower, 11 July 2012 - 01:12 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 AM

Posted 11 July 2012 - 01:20 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#5 UnknownPower

UnknownPower
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 12 July 2012 - 02:00 PM

Sorry if this took pretty long. My computer was rather sluggish with the full scan in MBAM. Took me about a whole day to complete. Anyways, here's the results:

MiniToolBox by Farbar Version: 25-06-2012
Ran by Owner (administrator) on 12-07-2012 at 14:50:08
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : home-29w4h2q5x7

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0D-56-55-AB-FB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::20d:56ff:fe55:abfb%4

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Thursday, July 12, 2012 1:30:31 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-FB-3E-BB-D2-0D-BC

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 2001:0:4137:9e76:0:fb3e:bbd2:dbc

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-02-05

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.5%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 173.194.43.5, 173.194.43.0, 173.194.43.1, 173.194.43.9
173.194.43.6, 173.194.43.7, 173.194.43.8, 173.194.43.14, 173.194.43.3
173.194.43.4, 173.194.43.2



Pinging google.com [74.125.226.195] with 32 bytes of data:



Reply from 74.125.226.195: bytes=32 time=40ms TTL=54

Reply from 74.125.226.195: bytes=32 time=36ms TTL=54



Ping statistics for 74.125.226.195:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 40ms, Average = 38ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=53ms TTL=49

Reply from 209.191.122.70: bytes=32 time=48ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 53ms, Average = 50ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 55 ab fb ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.5 192.168.2.5 30
192.168.2.0 255.255.255.0 192.168.2.5 192.168.2.5 20
192.168.2.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.5 192.168.2.5 20
224.0.0.0 240.0.0.0 192.168.2.5 192.168.2.5 20
255.255.255.255 255.255.255.255 192.168.2.5 192.168.2.5 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/10/2012 09:24:42 PM) (Source: WmiAdapter) (User: BUILTIN)BUILTIN
Description: Open of service failed.

Error: (07/10/2012 09:23:19 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (07/09/2012 09:34:22 PM) (Source: WmiAdapter) (User: BUILTIN)BUILTIN
Description: Open of service failed.

Error: (07/09/2012 09:33:44 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (07/09/2012 01:45:53 PM) (Source: WmiAdapter) (User: BUILTIN)BUILTIN
Description: Open of service failed.

Error: (07/09/2012 03:24:58 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/09/2012 02:27:07 AM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (07/08/2012 05:52:20 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 20.0.1132.47, faulting module chrome.dll, version 20.0.1132.47, fault address 0x005156b1.
Processing media-specific event for [chrome.exe!ws!]

Error: (07/07/2012 10:36:24 PM) (Source: WmiAdapter) (User: BUILTIN)BUILTIN
Description: Open of service failed.

Error: (07/05/2012 03:51:37 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/12/2012 01:31:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (07/12/2012 01:31:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/11/2012 02:45:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/11/2012 02:19:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/10/2012 09:24:38 PM) (Source: Service Control Manager) (User: )
Description: The WMI Performance Adapter service failed to start due to the following error:
%%1053

Error: (07/10/2012 09:24:38 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.

Error: (07/10/2012 09:23:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (07/10/2012 09:23:56 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/09/2012 02:41:13 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error:
%%1053

Error: (07/09/2012 02:41:13 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the MBAMService service to connect.


Microsoft Office Sessions:
=========================
Error: (07/10/2012 09:24:42 PM) (Source: WmiAdapter)(User: BUILTIN)BUILTIN
Description:

Error: (07/10/2012 09:23:19 PM) (Source: PerfNet)(User: )
Description:

Error: (07/09/2012 09:34:22 PM) (Source: WmiAdapter)(User: BUILTIN)BUILTIN
Description:

Error: (07/09/2012 09:33:44 PM) (Source: WinMgmt)(User: )
Description:

Error: (07/09/2012 01:45:53 PM) (Source: WmiAdapter)(User: BUILTIN)BUILTIN
Description:

Error: (07/09/2012 03:24:58 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.187020.0.0.000000000

Error: (07/09/2012 02:27:07 AM) (Source: PerfNet)(User: )
Description:

Error: (07/08/2012 05:52:20 PM) (Source: Application Error)(User: )
Description: chrome.exe20.0.1132.47chrome.dll20.0.1132.47005156b1

Error: (07/07/2012 10:36:24 PM) (Source: WmiAdapter)(User: BUILTIN)BUILTIN
Description:

Error: (07/05/2012 03:51:37 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
ABBYY FineReader 5.0 Sprint Plus (Version: 5.0.0.3501)
Adobe AIR (Version: 2.7.1.19610)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash CS3 Professional (Version: 9.0.0)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe Setup (Version: 1.0)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
AIO_Scan (Version: 82.0.203.000)
Akamai NetSession Interface
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update (Version: 2.0.2.92)
ArcSoft Software Suite
ArtistScope Plugin IE 42 (Version: 4.2.0.0)
Audacity 2.0
BCM V.92 56K Modem
Bonjour (Version: 1.0.104)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29)
BufferChm (Version: 82.0.173.000)
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Comcast High-Speed Internet Install Wizard
Copy (Version: 82.0.188.000)
Coupon Printer for Windows (Version: 4.0)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Media Experience
Dell ResourceCD
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_ProductContext (Version: 82.0.203.000)
DJ_AIO_Software (Version: 82.0.203.000)
DJ_AIO_Software_min (Version: 82.0.203.000)
eSupportQFolder (Version: 1.00.0000)
F4100 (Version: 82.0.203.000)
F4100_Help (Version: 82.0.203.000)
Google Desktop Plugin - oCalendar (Version: 1.0.4)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet All-In-One Software 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photo Creations (Version: 1.0.0.3912)
HP Photosmart Essential (Version: 1.12.0.46)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 4.000.005.006)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Intel® Extreme Graphics Driver
InterVideo MediaOne Gallery
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 3 (Version: 1.5.0.30)
Jasc Paint Shop Photo Album (Version: 4.0.3)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 21 (Version: 6.0.210)
Junk Mail filter update (Version: 14.0.8117.416)
LAME v3.99.3 (for Windows)
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Shockwave Player (Version: 10.1.0.11)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MapleStory
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser (Version: 8.20.8730.4)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nexon Game Manager
Norton Security Suite (Version: 5.2.1.3)
Notepad++ (Version: 6.1.2)
NVIDIA Drivers
OpenOffice.org 3.1 (Version: 3.1.9399)
PDF Settings (Version: 1.0)
PhoTags Express (Version: )
PowerDVD
PreviewIt for GoogleDesktop 0.1a
PriceGong 1.5.0 (Version: 1.5.0)
PunkBuster Services (Version: 0.987)
QuickTime (Version: 7.4.5.67)
Sandlot Games Client Services
Scan (Version: 8.1.0.0)
ScanToWeb
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 6.0.10297)
Skype™ 5.10 (Version: 5.10.115)
SolutionCenter (Version: 82.0.188.000)
Sonic DLA (Version: 4.50)
Sonic RecordNow! (Version: 6.5.0)
Sonic Update Manager (Version: 2.80)
SoundMAX
Speakonia (Version: 1.0.3.5)
Status (Version: 82.0.173.000)
The Fairly OddParents (Version: 1.00.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
Triscape FxFoto
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.2163)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.5108)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0219)
TurboTax 2010 wnjiper (Version: 010.000.1431)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0495)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax Basic 2006
TurboTax Basic 2007
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
UnloadSupport (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB968220) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 82.0.173.000)
WexTech AnswerWorks (Version: 1.00.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 86%
Total physical RAM: 1022 MB
Available physical RAM: 140.08 MB
Total Pagefile: 1436.67 MB
Available Pagefile: 348.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.33 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.24 GB) (Free:2 GB) NTFS
5 Drive f: () (Removable) (Total:0.94 GB) (Free:0.87 GB) FAT

========================= Users: ========================================

User accounts for \\HOME-29W4H2Q5X7

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0


**** End of log ****

Farbar Service Scanner Version: 08-07-2012
Ran by Owner (administrator) on 12-07-2012 at 14:56:11
Running from "C:\Documents and Settings\Owner.HOME-29W4H2Q5X7\Local Settings\Temporary Internet Files\Content.IE5\ZUNFFK0J"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(11) Tcpip(4) Tcpip6(8)
0x0B00000005000000010000000200000003000000040000000B0000000A00000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

Hope this helps~

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 AM

Posted 12 July 2012 - 02:04 PM

MBAM log?

#7 UnknownPower

UnknownPower
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 12 July 2012 - 02:46 PM

Well, this seems to be a bit of an awkward situation. I'm afraid that after checking around in my computer that I lost the MBAM report for that scan I did yesterday. I can tell you, however, that nothing came up with the scan. Regardless, if you do want an actual log, I can always scan the computer again and give you that report. The scans run rather sluggishly, so it'll take a whole day for the report to come in. However, I leave this decision up to you. I know nothing came up with MBAM, but if you really need the log, I can re-scan the computer. Let me know when you get the chance.

Also, any other feedback regarding my situation is appreciated. Any assistance you can give me is helpful to my cause~

Edited by UnknownPower, 12 July 2012 - 02:48 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 AM

Posted 12 July 2012 - 03:14 PM

Any current issues?

#9 UnknownPower

UnknownPower
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 12 July 2012 - 03:41 PM

I can't say for sure. I've had my headphones on for the previous 2 hours and no audio ads have come up. I believe that whatever may have caused the problems has been eradicated somehow. However, if anything else comes up in these regards, I'll let you know. I'll be here all day, so I'll be able to know if any problems continue to occur. Like I said, there were no problems caught by MBAM, so odds are whatever may have caused the problem is gone. However, I still believe that something may be on the computer that could make it continue to happen. I'll let you know if anything of this sort comes up. If a problem does occur, I'll send you another MBAM log at the soonest possibility. If not, I'll let you know the problem is over. Whatever the case may be, I appreciate all of the help you've given me and my computer seems to be running better because of it~

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 AM

Posted 12 July 2012 - 03:50 PM

I can't say for sure. I've had my headphones on for the previous 2 hours and no audio ads have come up. I believe that whatever may have caused the problems has been eradicated somehow. However, if anything else comes up in these regards, I'll let you know. I'll be here all day, so I'll be able to know if any problems continue to occur. Like I said, there were no problems caught by MBAM, so odds are whatever may have caused the problem is gone. However, I still believe that something may be on the computer that could make it continue to happen


We were able to remove the rootkit causing the ads

Download

shared access
wscsvc

Launch the keys,click YES

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users