Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DownloadnSave Malware Creating Browser Hyperlinks


  • Please log in to reply
15 replies to this topic

#1 TastyPastry

TastyPastry

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 31 October 2012 - 12:18 PM

Hello,

Windows 7, 64

Noticed it started about a week ago. I made a rare mistake of downloading some software that I didn't investigate properly. Removed all software that I had installed in the last week. Ran scans using MalwareBytes, Sophos, and Avast. While this caught some things, I still have some annoying Malware that is called "DownloadnSave".

Here is a link from imageshack of a screenshot I took showing the issue:
http://imageshack.us/photo/my-images/259/malwarescreenshot.png/

It basically makes random hyperlinks appear in text that show pop-up ads when highlighted (and would obviously take me to some sketchy website if I were to click on them). Happens in both Google Chrome and Firefox. Screenshot is from the former.

I've run multiple scans of the previously mentioned software trying to find this last bit and they have not found anything.

It seems this webpage has a description of the malware:
http://forums.techguy.org/virus-other-malware-removal/1063233-trojan-dropper-services-exe-constant-2.html

But it implies Malware Bytes was able to find it, which mine has not been able to.

I'm not computer inept by any means, but I'm no guru either, so please keep that in mind when replying.

Any help would be appreciated.

Thank you,

Steve

Edited by TastyPastry, 31 October 2012 - 12:20 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:44 PM

Posted 31 October 2012 - 08:38 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 TastyPastry

TastyPastry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 31 October 2012 - 10:15 PM

Hello,

Here are the contents of that notepad document:
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 6 Update 31
Java 7 Update 9
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Here is the Farbar:

Farbar Service Scanner Version: 27-10-2012
Ran by Donut (administrator) on 31-10-2012 at 21:47:55
Running from "D:"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

And MiniToolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Donut (administrator) on 31-10-2012 at 21:49:12
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 172.17.1.1:8080

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Dell Wireless 1520 Wireless-N WLAN Mini-Card = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Donut-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : neb.rr.com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : neb.rr.com
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-55-B6-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : neb.rr.com
Description . . . . . . . . . . . : Dell Wireless 1520 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : C4-17-FE-C3-95-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4c54:9062:1234:dc86:f90c:aec2:7120(Preferred)
Temporary IPv6 Address. . . . . . : 2002:4c54:9062:1234:edc7:3397:5fc:52d7(Preferred)
Link-local IPv6 Address . . . . . : fe80::dc86:f90c:aec2:7120%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 31, 2012 8:14:32 PM
Lease Expires . . . . . . . . . . : Thursday, November 01, 2012 8:14:33 PM
Default Gateway . . . . . . . . . : fe80::200:ff:fe00:0%10
192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 197400574
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-2C-5C-19-B8-AC-6F-55-B6-29
DNS Servers . . . . . . . . . . . : 192.168.2.1
209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.neb.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : neb.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3cf4:3296:3f57:fd99(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cf4:3296:3f57:fd99%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: 192.168.2.1
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:4009:801::100e
74.125.225.34
74.125.225.35
74.125.225.36
74.125.225.37
74.125.225.38
74.125.225.39
74.125.225.40
74.125.225.41
74.125.225.46
74.125.225.32
74.125.225.33


Pinging google.com [74.125.225.32] with 32 bytes of data:
Reply from 74.125.225.32: bytes=32 time=26ms TTL=54
Reply from 74.125.225.32: bytes=32 time=27ms TTL=54

Ping statistics for 74.125.225.32:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server: 192.168.2.1
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=191ms TTL=48
Reply from 98.138.253.109: bytes=32 time=121ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 121ms, Maximum = 191ms, Average = 156ms
Server: 192.168.2.1
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...b8 ac 6f 55 b6 29 ......Realtek PCIe FE Family Controller
10...c4 17 fe c3 95 c2 ......Dell Wireless 1520 Wireless-N WLAN Mini-Card
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.102 281
192.168.2.102 255.255.255.255 On-link 192.168.2.102 281
192.168.2.255 255.255.255.255 On-link 192.168.2.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 281 ::/0 fe80::200:ff:fe00:0
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:953c:3cf4:3296:3f57:fd99/128
On-link
10 33 2002:4c54:9062:1234::/64 On-link
10 281 2002:4c54:9062:1234:dc86:f90c:aec2:7120/128
On-link
10 281 2002:4c54:9062:1234:edc7:3397:5fc:52d7/128
On-link
10 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3cf4:3296:3f57:fd99/128
On-link
10 281 fe80::dc86:f90c:aec2:7120/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/31/2012 09:22:29 PM) (Source: MsiInstaller) (User: Donut-PC)Donut-PC
Description: Product: BPDSoftware -- Error 1706. An installation package for the product BPDSoftware cannot be found. Try the installation again using a valid copy of the installation package 'BPDSoftware.msi'.

Error: (10/31/2012 08:21:56 PM) (Source: MsiInstaller) (User: Donut-PC)Donut-PC
Description: Product: BPDSoftware -- Error 1706. An installation package for the product BPDSoftware cannot be found. Try the installation again using a valid copy of the installation package 'BPDSoftware.msi'.

Error: (10/31/2012 08:14:18 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (10/31/2012 08:14:18 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (10/31/2012 08:14:18 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (10/31/2012 06:01:13 PM) (Source: MsiInstaller) (User: Donut-PC)Donut-PC
Description: Product: BPDSoftware -- Error 1706. An installation package for the product BPDSoftware cannot be found. Try the installation again using a valid copy of the installation package 'BPDSoftware.msi'.

Error: (10/31/2012 05:58:09 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (10/31/2012 05:58:09 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (10/31/2012 05:58:09 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (10/31/2012 05:45:02 PM) (Source: MsiInstaller) (User: Donut-PC)Donut-PC
Description: Product: BPDSoftware -- Error 1706. An installation package for the product BPDSoftware cannot be found. Try the installation again using a valid copy of the installation package 'BPDSoftware.msi'.


System errors:
=============
Error: (10/31/2012 08:14:45 PM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (10/31/2012 08:14:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (10/31/2012 05:58:23 PM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (10/31/2012 05:58:23 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (10/31/2012 05:40:27 PM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (10/31/2012 05:40:27 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (10/31/2012 09:08:14 AM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Kernel-EventTracing/Admin.

Error: (10/31/2012 09:01:02 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (10/31/2012 09:01:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (10/31/2012 08:37:19 AM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/23/2012 04:23:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34849 seconds with 1080 seconds of active time. This session ended with a crash.

Error: (10/11/2010 05:21:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 7131 seconds with 1020 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
4500_Help (Version: 1.00.0000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Advanced Audio FX Engine (Version: 1.12.05)
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 7.0.1474.0)
Banctec Service Agreement (Version: 2.0.0)
Bejeweled 2 Deluxe
Blacklight - Tango Down (Version: 1.0.0000.130)
Blacklight: Tango Down (Version: 1.0.0003.130)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Complete Care Business Service Agreement (Version: 2.0.0)
Complete Care Consumer Service Agreement (Version: 2.0.0)
Consumer In-Home Service Agreement (Version: 2.0.0)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Online (Version: 1.1.0029)
Dell Dock (Version: 2.0.0)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Home Systems Service Agreement (Version: 2.0.0)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 7.102.101.303)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Download Updater (AOL LLC)
Fax (Version: 130.0.418.000)
Gizmos and Gadgets!™
Google Chrome (Version: 22.0.1229.94)
Google Talk Plugin (Version: 3.9.1.9832)
GoToAssist 8.0.0.514
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet J4500 Series (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
InfraRecorder
InstallVC90Support (Version: 1.01.0000)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1986)
iTunes (Version: 10.7.0.21)
J4500 (Version: 50.0.165.000)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 16 (64-bit) (Version: 6.0.160)
Java™ 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 5.2.0 (Full) (Version: 5.2.0)
Lexmark S300-S400 Series
Mahjong Wisdom (Version: 1.0.0000.132)
Malwarebytes' Anti-Malware
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 1.2.1)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network Play System (Patching)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
PowerDVD DX (Version: 8.3.5424)
ProductContext (Version: 50.0.165.000)
QualXServ Service Agreement (Version: 2.0.0)
Quickset64 (Version: 9.6.11)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.5951)
RollerCoaster Tycoon 3 Platinum
Roxio Burn (Version: 1.01)
Scan (Version: 13.0.0.0)
Skype™ 5.10 (Version: 5.10.116)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Sophos Virus Removal Tool (Version: 2.2)
Spotify (Version: 0.8.5.1333.g822e0de8)
Sprint SmartView (Version: 2.50.0094.0)
StarCraft II (Version: 1.5.3.23260)
Status (Version: 130.0.469.000)
Steam (Version: 1.0.0.0)
Switch Sound File Converter
Temp File Cleaner (Version: 4.2.0)
The Sims
Tinker (Version: 1.0.0000.131)
Tinker (Version: 1.0.0001.131)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Messenger
Yahoo! Software Update

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 3892.52 MB
Available physical RAM: 1714.04 MB
Total Pagefile: 7783.24 MB
Available Pagefile: 5392.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.08 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:1.82 GB) NTFS
2 Drive d: () (Fixed) (Total:397.3 GB) (Free:219.68 GB) NTFS
3 Drive f: (The_Muppets_USA_DES) (CDROM) (Total:6.58 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\DONUT-PC

Administrator Donut Guest


**** End of log ****

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5085

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/31/2012 9:55:49 PM
mbam-log-2012-10-31 (21-55-49).txt

Scan type: Quick scan
Objects scanned: 148179
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-31 21:58:18
-----------------------------
21:58:18.047 OS Version: Windows x64 6.1.7601 Service Pack 1
21:58:18.047 Number of processors: 4 586 0x2502
21:58:18.048 ComputerName: DONUT-PC UserName: Donut
21:58:19.399 Initialize success
21:58:20.382 AVAST engine defs: 12103101
21:58:32.017 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:58:32.021 Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
21:58:32.041 Disk 0 MBR read successfully
21:58:32.046 Disk 0 MBR scan
21:58:32.052 Disk 0 Windows 7 default MBR code
21:58:32.057 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
21:58:32.075 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
21:58:32.088 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
21:58:32.094 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
21:58:32.129 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896
21:58:32.176 Disk 0 scanning C:\Windows\system32\drivers
21:58:42.608 Service scanning
21:59:19.805 Modules scanning
21:59:20.156 Disk 0 trace - called modules:
21:59:20.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:59:20.213 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be9060]
21:59:20.222 3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049330e0]
21:59:20.593 AVAST engine scan C:\Windows
21:59:22.016 AVAST engine scan C:\Windows\system32
22:02:12.506 AVAST engine scan C:\Windows\system32\drivers
22:02:27.470 AVAST engine scan C:\Users\Donut
22:07:18.480 AVAST engine scan C:\ProgramData
22:12:46.476 Scan finished successfully
22:13:20.292 Disk 0 MBR has been saved successfully to "C:\Users\Donut\Desktop\MBR.dat"
22:13:20.297 The log file has been saved successfully to "C:\Users\Donut\Desktop\aswMBR newest.txt"



Thank you.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:44 PM

Posted 31 October 2012 - 10:18 PM

Those look clean.

The screenshot you provided shows so called "intellitxt" ads.
You need to install some adblocker.
See here: http://ryanblock.com/2007/08/disable-intellitxt-and-keyword-popovers-some-solutions-for-the-end-user/

Then....

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 TastyPastry

TastyPastry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 November 2012 - 01:00 AM

Looks like the scan found some stuff...hopefully that helps...


# AdwCleaner v2.006 - Logfile created 10/31/2012 at 22:33:33
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Donut - DONUT-PC
# Boot Mode : Normal
# Running from : D:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Donut\AppData\Roaming\Mozilla\Firefox\Profiles\z8ry7ojw.default\prefs.js

C:\Users\Donut\AppData\Roaming\Mozilla\Firefox\Profiles\z8ry7ojw.default\user.js ... Deleted !

Deleted : user_pref("extensions.508c3fe651b5b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Donut\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3115 octets] - [31/10/2012 22:33:33]

########## EOF - C:\AdwCleaner[S1].txt - [3175 octets] ##########

And the Scan:

D:\infrarecorder_9741.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
D:\Downloads\dvdstylerfree_8680.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
D:\FastDownload.exe Win32/InstalleRex.A.Gen application cleaned by deleting - quarantined


Thanks!

PS: Issue still exists - though note I have not installed the ad blocker yet. I want to know if it's just blocked or completely gone before I do so and would much rather prefer to eradicate the issue than simply hide it.

Edited by TastyPastry, 01 November 2012 - 09:01 AM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:44 PM

Posted 01 November 2012 - 09:55 AM

Using adblocker is a norm these days.
Install it and the issue will be resolved.
For Firefox install AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

I still need Eset log.

Edited by Broni, 01 November 2012 - 09:56 AM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 TastyPastry

TastyPastry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 November 2012 - 10:43 AM

The Eset Log is at the bottom of the post above:

D:\infrarecorder_9741.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
D:\Downloads\dvdstylerfree_8680.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
D:\FastDownload.exe Win32/InstalleRex.A.Gen application cleaned by deleting - quarantined

Unless I misunderstood. If so I apologize.

I went and installed the ad blocker on Firefox. The issue is still showing up. I checked my add ons and it is enabled (Adblock Plus 2.1.2).

Edited by TastyPastry, 01 November 2012 - 10:48 AM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:44 PM

Posted 01 November 2012 - 11:05 AM

Did you restart Firefox?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 TastyPastry

TastyPastry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 November 2012 - 11:16 AM

Yes.

Have double and triple checked. The add-on is running. Shows both in my active add-ons when going from toolbar dropdown on top and shows icon in bottom left.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:44 PM

Posted 01 November 2012 - 11:33 AM

Uninstall Firefox completely using this guide: http://kb.mozillazine.org/Uninstalling_Firefox
Install fresh copy.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 TastyPastry

TastyPastry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 November 2012 - 12:00 PM

That seems to have fixed it, even without reinstalling the ad blocker.

However, uninstalling Google Chrome and reinstalling it did not fix the issue on that browser.

I can live without Chrome obviously as Firefox works fine, but it still bugs me that it's "there". Any last tips?

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:44 PM

Posted 01 November 2012 - 12:05 PM

Good news :)

Uninstall Chrome completely...

  • Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
  • Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
  • Select the default browser you'd like to use.
  • Click OK in the confirmation prompt.
  • The uninstall process will begin.
Install fresh copy.



My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 TastyPastry

TastyPastry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 November 2012 - 12:10 PM

Have tried uninstalling it including clicking the "also delete browser data" checkbox three different times to no avail. Fresh copy still contains issue.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:44 PM

Posted 01 November 2012 - 01:01 PM

Try AdBlock for Chrome: https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 zipidy66

zipidy66

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 02 November 2012 - 01:26 AM

Hi,

I have the same issue. I found that by disabling "Adobe Shockwave flash object" (active x) add-on stopped the links appearing. this worked for bot firefox and IE.
Don't know if this is the final solution but it certainly is a lot less annoying now.

I think maybe this add-on that is what the adware is using so I'd like to know what and where it is as no addware removal tools detects it. What are your thoughts?

Cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users