Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Plays Random Invisible Ads


  • This topic is locked This topic is locked
4 replies to this topic

#1 lordj

lordj

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 21 October 2013 - 08:07 PM

I have no idea what my Dell is infected with. I have read some previous posts about similar problems with random ads playing in the background during computer usage. I tried a few of the removal techniques but none have worked for me.

 

I have a Dell Inspiron and I am running on Windows XP. Whenever I get on my computer and my volume is turned on I hear random commercials and advertisments playing in the background. I cannot see any other windows open other than the ones I am using and I cannot find anything in my task manager either. This has been  a problem I've been dealing with for a while, thanks in advance for helping me solve it!

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by Junia at 20:31:56 on 2013-10-21
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Junia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Users\Junia\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Program Files\ATT-SST\pcBrowser.exe
C:\Program Files\ATT-SST\pcBrowser.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
uProxyOverride = <local>;*.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CodecC Class: {D9A2FCE6-CB6B-4926-850C-327A30CC7C82} - c:\programdata\codecc\bhoclass.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Spotify] "c:\users\junia\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\users\junia\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BC441GM05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [uTorrent] "c:\users\junia\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [SearchProtection] "c:\users\junia\appdata\roaming\search protection\SearchProtection.EXE" /autostart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: $talisma_url$
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{52DA1261-2FCB-46EF-93FB-E1DB6075BD84} : DHCPNameServer = 192.168.0.1 8.8.8.8
TCP: Interfaces\{D80B13C5-9408-4BEA-B435-8535F1C6A441} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\junia\appdata\roaming\mozilla\firefox\profiles\t2q8j7hh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&CUI=UN39172071392586262&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2009-09-23 11:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 18df2b18-cd11-4a53-b2fa-fd9f89e300a7
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R? AESTFilters;Andrea ST Filters Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DockLoginService;Dock Login Service
R? McComponentHostService;McAfee Security Scan Component Host Service
R? PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver
R? SBSDWSCService;SBSD Security Center Service
R? SftService;SoftThinks Agent Service
R? SkypeUpdate;Skype Updater
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? cbfs3;EldoS Callback File System driver v3
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? MpNWMon;Microsoft Malware Protection Network Driver
S? Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher
S? OA009Ufd;Creative Camera OA009 Upper Filter Driver
S? OA009Vid;Creative Camera OA009 Function Driver
S? PCCUJobMgr;Common Client Job Manager Service
S? pcServiceHost;pcServiceHost
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? yksvc;Marvell Yukon Service
.
=============== Created Last 30 ================
.
2013-10-18 22:47:12    7796464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{456863c4-0d7d-446c-a48d-822df12f3fd4}\mpengine.dll
2013-10-16 14:02:50    4096000    ----a-w-    c:\program files\GUTF81B.tmp
2013-10-16 14:02:50    --------    d-----w-    c:\users\junia\appdata\roaming\SUPERAntiSpyware.com
2013-10-16 14:02:50    --------    d-----w-    c:\program files\GUMF81A.tmp
2013-10-16 14:02:32    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-10-16 14:02:32    --------    d-----w-    c:\program files\SUPERAntiSpyware
.
==================== Find3M  ====================
.
2013-10-09 05:18:42    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-09 05:18:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:47:12.33 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 22 October 2013 - 01:12 AM

Hello  lordj,

4fromtea.jpg

Sorry for the delay.

 

Please download TDSSKiller from here: http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

 

Let it run, and if there is anything found, click "cure", then reboot your computer. Please post the report it gives you in your reply.

 

Please also let me know how your comouter is running now. :)

 

Thanks,

tea


Edited by teacup61, 22 October 2013 - 01:16 AM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 lordj

lordj
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 22 October 2013 - 10:47 PM

Hey Tea,

 

I can't get the Report to post for some reason but thank you! My computer is running fine now with no ads playing behind the display.

 

Thank you very much!



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 22 October 2013 - 10:59 PM

You're most welcome :)

 

Have a scan with your MBAM, and make sure all your security is up to date. I'll leave this thread open for a couple of days, just in case. ;)

 

Take care,

tea


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:34 PM

Posted 26 October 2013 - 05:02 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users