Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Needing Help, to stop Questionmarket.com


  • This topic is locked This topic is locked
13 replies to this topic

#1 DrakeDNeedingHelp

DrakeDNeedingHelp

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 13 June 2013 - 04:59 AM

I'm having a problem with Questionmarket.com randomly poping up.

 

I tried completely reinstalling windows 7, but that didn't stop it, i'm even using Firefox with Noscript.

 

It's gotten to the point where i've been considering buying an entire new harddrive and windows disc.

 

Can someone please help, i haven't installed any toolbars, or any windows live stuff.

 

If i can get help, i won't install anything unless directly told to.

 

Below is the DDS log.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618
Run by Adams at 5:50:31 on 2013-06-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8151.5713 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_m5811&r=17360613m906p03d5v1l5w49m1u25q
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_m5811&r=17360613m906p03d5v1l5w49m1u25q
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{D6F4EECB-EE29-4744-AB87-868B9E96DB61} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adams\AppData\Roaming\Mozilla\Firefox\Profiles\ra85yx2u.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-06-10 08:53; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn
FF - ExtSQL: 2013-06-10 08:54; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn
FF - ExtSQL: 2013-06-10 08:59; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Adams\AppData\Roaming\Mozilla\Firefox\Profiles\ra85yx2u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1403010.016\SymDS64.sys [2013-6-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1403010.016\SymEFA64.sys [2013-6-10 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1403010.016\ccSetx64.sys [2013-6-10 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130612.001\IDSviA64.sys [2013-6-12 513184]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1403010.016\Ironx64.sys [2013-6-10 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys [2013-6-10 432800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2013/06/10 06:10:04];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-6 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2013-6-10 144520]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-12 62208]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-10 2314240]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-12-1 240160]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-12-1 283824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-6-10 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-1 56344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-2-25 2426672]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-5-16 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-12 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-12 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-10 1255736]
.
=============== Created Last 30 ================
.
2013-06-12 23:42:08    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-06-12 23:42:08    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-12 09:17:00    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-06-12 09:17:00    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-06-12 09:17:00    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-06-12 09:17:00    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-06-12 09:17:00    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-06-12 09:17:00    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-06-12 09:17:00    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-06-12 09:16:58    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2013-06-12 09:16:58    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2013-06-12 07:06:24    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 02:55:31    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-12 02:54:43    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-11 14:02:27    --------    d-----w-    C:\Windows\System32\SPReview
2013-06-11 14:02:07    --------    d-----w-    C:\Windows\System32\EventProviders
2013-06-11 08:42:03    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2013-06-11 08:42:03    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2013-06-11 08:40:58    80384    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2013-06-11 08:39:59    350208    ----a-w-    C:\Windows\System32\drivers\HdAudio.sys
2013-06-11 08:23:47    98816    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-06-10 14:16:29    --------    d-----w-    C:\Users\Adams\AppData\Local\Razer
2013-06-10 14:01:45    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-06-10 14:01:44    --------    d-----w-    C:\Program Files (x86)\Steam
2013-06-10 13:57:45    --------    d-----w-    C:\Program Files (x86)\Bloons TD 5 Deluxe
2013-06-10 13:47:55    --------    d-----w-    C:\Windows\NAPP_Dism_Log
2013-06-10 13:37:51    --------    d-----w-    C:\Users\Adams\AppData\Local\Macromedia
2013-06-10 13:37:24    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-10 13:37:24    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-10 13:36:44    --------    d-----w-    C:\Users\Adams\AppData\Local\Adobe
2013-06-10 13:03:04    --------    d-----r-    C:\Program Files (x86)\Skype
2013-06-10 12:47:01    432800    ----a-r-    C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys
2013-06-10 12:47:01    23448    ----a-r-    C:\Windows\System32\drivers\N360x64\1403010.016\SymELAM.sys
2013-06-10 12:47:00    796248    ----a-r-    C:\Windows\System32\drivers\N360x64\1403010.016\srtsp64.sys
2013-06-10 12:47:00    493656    ----a-r-    C:\Windows\System32\drivers\N360x64\1403010.016\SymDS64.sys
2013-06-10 12:47:00    36952    ----a-r-    C:\Windows\System32\drivers\N360x64\1403010.016\srtspx64.sys
2013-06-10 12:47:00    224416    ----a-r-    C:\Windows\System32\drivers\N360x64\1403010.016\Ironx64.sys
2013-06-10 12:47:00    168096    ----a-r-    C:\Windows\System32\drivers\N360x64\1403010.016\ccSetx64.sys
2013-06-10 12:47:00    1139800    ----a-r-    C:\Windows\System32\drivers\N360x64\1403010.016\SymEFA64.sys
2013-06-10 12:46:54    --------    d-----w-    C:\Windows\System32\drivers\N360x64\1403010.016
2013-06-10 12:43:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2013-06-10 12:40:48    --------    d-----w-    C:\Program Files\Microsoft LifeCam
2013-06-10 12:40:48    --------    d-----w-    C:\Program Files (x86)\Microsoft LifeCam
2013-06-10 12:40:44    1974616    ----a-w-    C:\Windows\SysWow64\D3DCompiler_42.dll
2013-06-10 12:40:44    1892184    ----a-w-    C:\Windows\SysWow64\D3DX9_42.dll
2013-06-10 12:31:26    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-06-10 12:31:05    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-06-10 12:31:04    --------    d-----w-    C:\Windows\System32\Wat
2013-06-10 11:40:07    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-06-10 11:40:07    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-06-10 11:40:07    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-06-10 11:40:07    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-10 11:12:44    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-06-10 11:12:44    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-06-10 11:12:44    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-06-10 11:12:44    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-06-10 11:12:44    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-06-10 11:12:44    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-06-10 11:11:50    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-06-10 11:11:50    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-06-10 11:11:50    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-06-10 11:11:50    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-06-10 11:11:50    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-06-10 11:11:50    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-06-10 11:11:50    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-06-10 11:08:57    --------    d-----w-    C:\Users\Adams\AppData\Local\Microsoft Help
2013-06-10 11:08:26    --------    d-----w-    C:\Windows\PCHEALTH
2013-06-10 11:05:11    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-06-10 11:05:10    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-06-10 11:05:10    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-06-10 11:05:10    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-06-10 11:05:10    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-06-10 10:59:58    46592    ----a-w-    C:\Windows\SysWow64\fpb.rs
2013-06-10 10:58:58    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-06-10 10:57:55    715776    ----a-w-    C:\Windows\System32\kerberos.dll
2013-06-10 10:56:59    94208    ----a-w-    C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2013-06-10 10:55:58    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-06-10 10:54:59    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2013-06-10 10:54:59    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
2013-06-10 10:54:55    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-06-10 10:54:50    503808    ----a-w-    C:\Windows\System32\srcore.dll
2013-06-10 10:54:50    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2013-06-10 10:54:50    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2013-06-10 10:54:48    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-06-10 10:54:45    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-06-10 10:54:44    67072    ----a-w-    C:\Windows\splwow64.exe
2013-06-10 10:54:43    974336    ----a-w-    C:\Windows\System32\WFS.exe
2013-06-10 10:54:43    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2013-06-10 10:45:24    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-06-10 10:45:24    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-06-10 10:35:36    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-06-10 10:33:39    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-06-10 10:33:39    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-06-10 10:33:39    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-06-10 10:28:01    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-06-10 10:27:53    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-06-10 10:27:46    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-06-10 10:27:46    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-06-10 10:16:05    177312    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-10 10:16:05    --------    d-----w-    C:\Program Files\Symantec
2013-06-10 10:16:05    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2013-06-10 10:15:50    --------    d-----w-    C:\Windows\System32\drivers\N360x64
2013-06-10 10:15:49    --------    d-----w-    C:\Program Files (x86)\Norton 360
2013-06-10 10:15:48    --------    d-----w-    C:\ProgramData\Norton
2013-06-10 10:13:31    --------    d-----w-    C:\ProgramData\NortonInstaller
2013-06-10 10:13:31    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2013-06-10 10:12:23    4398360    ----a-w-    C:\Windows\System32\d3dx9_32.dll
2013-06-10 10:12:23    3426072    ----a-w-    C:\Windows\SysWow64\d3dx9_32.dll
2013-06-10 10:11:42    --------    d-----w-    C:\Program Files (x86)\Microsoft
2013-06-10 10:10:52    74520    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\c9a3b2d11ce65c2\DSETUP.dll
2013-06-10 10:10:52    484632    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\c9a3b2d11ce65c2\DXSETUP.exe
2013-06-10 10:10:52    1670936    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\c9a3b2d11ce65c2\dsetup32.dll
2013-06-10 10:10:22    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2013-06-10 10:10:00    --------    d-----w-    C:\Program Files (x86)\Common Files\CyberLink
2013-06-10 10:09:32    505128    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-06-10 10:09:32    353576    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-06-10 10:09:32    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2013-06-10 10:04:19    --------    d-----w-    C:\Program Files (x86)\Common Files\postureAgent
2013-06-10 10:04:03    --------    d-----w-    C:\ProgramData\McQcModifier-5c47-a7b0
2013-06-10 10:04:01    --------    d---a-w-    C:\book
2013-06-10 10:04:01    --------    d-----w-    C:\Users\Adams\AppData\Local\EgisTec
2013-06-10 10:03:34    --------    d-----w-    C:\Users\Adams\AppData\Local\VirtualStore
2013-06-10 09:56:34    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2013-06-10 09:55:19    540192    ----a-w-    C:\Windows\System32\NVUNINST.EXE
2013-06-10 09:54:11    --------    d-----w-    C:\Program Files\ATI
2013-06-10 09:53:11    409624    ----a-w-    C:\Windows\System32\drivers\iaStor.sys
2013-05-17 03:17:30    126464    ----a-w-    C:\Windows\System32\drivers\rzudd.sys
2013-05-17 03:14:34    56832    ----a-w-    C:\Windows\SysWow64\rzdevinfo.dll
2013-05-17 03:14:34    154112    ----a-w-    C:\Windows\SysWow64\rztouchdll.dll
2013-05-17 03:14:30    766976    ----a-w-    C:\Windows\SysWow64\rzdevicedll.dll
2013-05-17 03:14:30    117248    ----a-w-    C:\Windows\SysWow64\rzdisplaydll.dll
2013-05-17 03:14:28    296448    ----a-w-    C:\Windows\SysWow64\rzaudiodll.dll
.
==================== Find3M  ====================
.
2013-06-12 07:06:24    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-11 14:28:15    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-06-11 14:28:15    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2013-06-10 09:58:19    6    ----a-w-    C:\Windows\System32\PLD_Framework.cmd
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
.
============= FINISH:  5:51:01.95 ===============

 

 

 

 

 

 

 

 

 

 

 

 

 

Just adding that this is the link that randomly pops up.

 

http://amch.questionmarket.com/adscgen/invite.php?survey_num=1042175&site=3&code=1047216&pic=gif&creativename=opinion2-350x300-1l-eng-nul&secs_up=60&type=popup

 

NO ONE SHOULD CLICK THE LINK.

 

just thought it'd be helpful if i supply the popup link.

 

 

212 844 3722  This is the number to the Company that controls this Adware/Spyware/Malware.

 

I think it would be very helpful, for someone from Bleeping computers to contact them.

 

I contacted them, they admited to being the owners of these pop-ups that hijack the browser, and i told them if they didn't remove the malicious coding, i'd press charges.

Attached Files


Edited by DrakeDNeedingHelp, 13 June 2013 - 10:46 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 13 June 2013 - 03:25 PM

Good evening. :)

How long have you been having these pop-ups?


So long, and thanks for all the fish.

 

 


#3 DrakeDNeedingHelp

DrakeDNeedingHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 13 June 2013 - 03:39 PM

I've been having them for about a week now.

 

as stated, i did completely wipe my harddrive, and reinstall windows, however, that had not helped.

 

I am fairly certain i found what it has infected, however, i do not know how to get rid of it.

 

Anytime i open my Skype window, then navigate over to my firefox, it hijacks my firefox, and force opens the pop-up.



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 13 June 2013 - 04:17 PM

Do you have the same issues if you don't have Skype open?


So long, and thanks for all the fish.

 

 


#5 DrakeDNeedingHelp

DrakeDNeedingHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 13 June 2013 - 05:04 PM

i did before i reinstalled windows.



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 13 June 2013 - 05:47 PM

And now it's only when you have Skype active?


So long, and thanks for all the fish.

 

 


#7 DrakeDNeedingHelp

DrakeDNeedingHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 13 June 2013 - 05:49 PM

that would be correct.

---------------------------------------

Edit

---------------------------------------

It is now doing it without even having skype active.


Edited by DrakeDNeedingHelp, 14 June 2013 - 04:01 AM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 14 June 2013 - 03:13 PM

Good evening. :)

Can you uninstall Skype for a little while and see if the problem persists. I suspect that it came with Skype and i'd like to see if it leaves that way too.


So long, and thanks for all the fish.

 

 


#9 DrakeDNeedingHelp

DrakeDNeedingHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 14 June 2013 - 04:32 PM

Yes, i did try this already, before i formatted my computer, so i know it is coming from Skype.

 

I've also called Microsoft, and told them about this, since Skype is now owned by Microsoft, and they did apologize for their overlooking this, and they are going to investigate the "company."

 

I can with all confidence say it comes from Skype.

 

If there is a way to prevent this from happening, while using Skype, i'd love to know, or hear suggestions, as Skype is the only Messenger software i use, that my family and friends use also, with such a good Video-to-video and high-quality calling system in it.

 

If  Bleepingcomputers.com could highly recommend another program similar, with the same quality, i'd LOVE to take the suggestion, as this program has made it very hard for me to even use the program.

 

I typically only use software that i know Bleepingcomputer.com says is secure or recommends, i highly value your opinions and professionalism.



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 15 June 2013 - 02:44 PM

Good evening.

 

Yes, i did try this already, before i formatted my computer, so i know it is coming from Skype.

In that case it would have been helpful to have included that in your original post as it would have saved me bothering to look into the cause. You have two options as far as I can tell, try to block the ads or replace the software.

Although I don't know anything about Voip if I had to go with one that i'd trust to not be adware infected i'd take a look at http://www.ekiga.org/ - it's open source so it will be clean. If it meets your requirements then that's a solution.

You may be able to block the servers that are feeding your PC the ads if you can identify the IP addresses that are being used, but that will require you to monitor the connections that are being made from your pc and then find out which ones need to be blocked.


So long, and thanks for all the fish.

 

 


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 15 June 2013 - 03:19 PM

Also, can you tell me what version of Skype you are using.


So long, and thanks for all the fish.

 

 


#12 DrakeDNeedingHelp

DrakeDNeedingHelp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 15 June 2013 - 04:50 PM

I am using the most up to date version of Skype.

 

------

Edit

-----

 

While http://www.ekiga.org/ looks very good, it seems to be far more complicated than the common messenger, and more similar to services like Ventrillo or Mumble.

-------------------

 

Though i am still hoping for a solution for this Skype issue, since more and more people seem to be having the same problem.


Edited by DrakeDNeedingHelp, 15 June 2013 - 04:59 PM.


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 16 June 2013 - 02:32 PM

Good evening. :)

Taken from Skype's Privacy Policy:


5. YOUR ADVERTISING CHOICES

5.1 Third Party Advertisements

Some Skype software clients may enable third-party advertisements provided by Microsoft Advertising. In order to provide ads of greater interest to you, these ads may be targeted based on non-personally identifiable Skype profile information (including profile information from linked LiveID accounts), such as age, gender, country of residence, and language preference, as well as other information Microsoft Advertising collects outside the Skype software client. For instance, Microsoft Advertising may utilize the same browser cookies set by Microsoft websites to enhance targeting within the Skype software client.

Except for the modern Skype client running on Windows 8, you may opt-out of Microsoft targeted ads in any Skype software client that enables targeted ads by visiting the privacy menu in the Skype software client toolbar. If you opt-out, you will still receive advertisements based on your country of residence, language preference, and IP address location, but other targeting information will not be used. For the modern Skype client running on Windows 8, you may opt-out of receiving targeted ads from Microsoft Advertising through your browser by visiting http://choice.live.com/advertisementchoice, or the NAI or DAA sites described below. For more information about how Microsoft Advertising collects and uses information, please see the Microsoft Advertising Privacy Supplement.

In some instances, Microsoft Advertising may facilitate the placement of advertisements in Skype software client by other online advertising networks. These companies currently include, but are not limited to: 24/7 Real Media, aCerno,Inc, AdBlade, AdConion, AdFusion, Advertising.com, AppNexus, Bane Media, Brand.net, CasaleMedia, Collective Media, Fox Interactive, Interclick, Millennial, ROI Media, Social Media, SpecificMedia, Tribal Fusion, ValueClick, Yahoo!, YuMe and Zumobi. If you have opted-out of targeted ads in the Skype client as outlined above, Skype will not pass any profile information to such advertising providers with the ad request. However, because these third parties may place cookies on your computer that facilitate their own targeting, the Skype opt-out mechanism described above will not necessarily prevent ad targeting by these companies. These companies may offer you a way to opt-out of ad targeting based on their cookies. You may find more information by clicking on the company names above and following the links to the Web sites of each company. Many of them are also members of the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA), which each provide a simple way to opt-out of ad targeting from participating companies.

 

If you installed it, you accepted it, that and all the other stuff that is in there that most people don't bother to read - myself included. Assuming that Questionmarket.com is Skype-approved, you may well have to live with how the "free" software is being funded as it wouldn't be a surprise if they had coded a way to block the program running if they don't display properly. You may be able to avoid this by rolling back to an earlier verion of Skype, but it may not work correctly or it may just update itself the first chance it gets and undo the change.

 

As to replacing Skype, you will need to make use of another part of this forum as this issue doesn't appear to be an infection as such.

 

 


So long, and thanks for all the fish.

 

 


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:43 PM

Posted 21 June 2013 - 01:38 PM

As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users