Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is playing audio ad's in the background and redirecting when clicking on a link in google.


  • This topic is locked This topic is locked
2 replies to this topic

#1 EstherMonster

EstherMonster

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 24 July 2012 - 12:20 AM

Hi! I've been having issues with my computer. It happened out of nowhere and I don't remember downloading anything. My computer keeps playing these random audio ad's in the background even when I don't start firefox (I use firefox as my main web browser.) Sometimes my computer will just be showing the desktop without anything opened and the audio starts playing. It plays McDonald ad's, cleaner ad's, sometimes even news about celebrities to Toyota ad's. It happens at random times too. It happens at random times too, 15 minutes, 30 minutes, sometimes even an hour or HOURS. It also redirects anything I click on google. It lets me do a google search but as soon as I want to click on a page that it gives me from the results, it redirects me. It's very annoying. I've tried ctrl+alt+delete because I had this issue once before (6 months ago) which was solved by ending the iexplorer.exe process and using combofix. But this time there is no iexplorer.exe in the windows task manager process menu. This is what I get from the windows task manager process menu.
All I get is:

taskmgr.exe (Compaq User)
firefox.exe (Compaq User)
explorer.exe (Compaq User)
wuauclt.exe (Compaq User)
ASCTray.exe (Compaq User)
ctfmon.exe (Compaq User)
RCHelper.exe (Compaq User)
svchost.exe (LOCAL SERVICE)
alg.exe (LOCAL SERVICE)
spoolsv.exe (SYSTEM)
svchost.exe (NETWORK SERVICE)
WLService.exe (SYSTEM)
wpsscannersvc.exe (SYSTEM)
svchost.exe (SYSTEM)
svchost.exe (SYSTEM)
MsMpEng.exe (SYSTEM)
svchost.exe (Network Service)
svchost.exe (SYSTEM)
ASCService.exe (SYSTEM)
lsass.exe (SYSTEM)
services.exe (SYSTEM)
winlogon.exe (SYSTEM)
csrss.exe (SYSTEM)
smss.exe (SYSTEM)
svchost.exe (SYSTEM)
wscntfy.exe (Compaq User)
jqs.exe (SYSTEM)
System (SYSTEM)
System Idle Process (SYSTEM)


I also downloaded aswMBR.exe to scan my computer and this was the result log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 00:37:05

-----------------------------
00:37:05.718 OS Version: Windows 5.1.2600 Service Pack 3
00:37:05.718 Number of processors: 1 586 0x204
00:37:05.750 ComputerName: COMPAQ-PC UserName:
00:37:19.546 Initialize success
00:37:47.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:37:47.296 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3
00:37:47.296 Device \Driver\atapi -> DriverStartIo 82a962e2
00:37:47.421 Disk 0 MBR read successfully
00:37:47.421 Disk 0 MBR scan
00:37:47.437 Disk 0 Windows XP default MBR code
00:37:47.437 Disk 0 MBR hidden
00:37:47.453 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76316 MB offset 63
00:37:47.656 Disk 0 scanning sectors +156296385
00:37:48.125 Disk 0 scanning C:\WINDOWS\system32\drivers
00:38:51.171 Service scanning
00:39:19.265 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
00:39:26.031 Modules scanning
00:39:45.234 Disk 0 trace - called modules:
00:39:45.265 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82a964b1]<<
00:39:45.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ef9ab8]
00:39:45.296 3 CLASSPNP.SYS[f877dfd7] -> nt!IofCallDriver -> \Device\0000006f[0x82efaf18]
00:39:45.312 5 ACPI.sys[f85df620] -> nt!IofCallDriver -> [0x82f20b58]
00:39:45.312 \Driver\atapi[0x82ab4518] -> IRP_MJ_CREATE -> 0x82a964b1
00:39:45.328 Scan finished successfully
00:40:54.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq User\My Documents\Documents Folder\MBR.dat"
00:40:54.687 The log file has been saved successfully to "C:\Documents and Settings\Compaq User\My Documents\Documents Folder\aswMBRlog.txt"


I would also like to mention that I've only got one error script so far and that my computer has been running very slow since these audio ad's started popping up. PLEASE HELP!!!

Edited by Orange Blossom, 24 July 2012 - 01:36 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:03 AM

Posted 24 July 2012 - 01:18 AM

Hi EstherMonster,

I have requested that this thread be moved into the more appropriate malware removal forum. In the mean time could you please post the log from your ComboFix run, as well as a scan with DDS:
Please run a scan with DDS:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    DDS.scr
    DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.


Information on A/V control HERE

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:03 AM

Posted 20 August 2012 - 04:39 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users