Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIndows 8, fake flash popups and "Setup.exe" download, popup ads/vids over pages


  • Please log in to reply
11 replies to this topic

#1 mrmackenzie

mrmackenzie

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 13 May 2014 - 09:49 AM

Hello,

I was given this relatively new computer used one month ago. The problems have been around since then, but I do not know how long before that the problems existed. I have Windows 8 and mainly use Chrome. I originally noticed a lot of fake Flash update popups which seem to be getting more common. Now I'm getting a lot of other ad popups (the one I'm seeing right now has this link. Also a lot of AdChoice popups that I'm not sure if they are legitimate or not but I don't get them on my other computer like I do on this one. Chrome does not show any extensions as being installed.

 

I've got WIndows Defender running and nothing else. When I did a scan using Defender nothing was found. 

 

 

The flash popup redirects me to this page (http://www.vplayer.us/download/Player/F/CA/auload.html?installer=Video_Player_for_Other_Browsers&browser_type=KHTML&dualoffer=false) and also downloads a file Setup.exe

 

These are some links from the popups I'm getting. 

 

http://www.medtech-itsupport.com/rp/?aff_id=www.bleepingcomputer.com

 

http://www.clicktrack.eu/affiliate/referral.asp?site=prospl&url=vcc/en/sp12usd/default.asp&aff_id=3213_11484_13934_56215_4_249_3-www.bleepingcomputer.com|TSCP

 

http://clicks.eyereturn.com/?tokenID=806182&click=http%3A//as.chango.com/links/click1399992305.28%3Facid%3D12045%26adid%3D299776%26atid%3D56463%26wh%3D300%26ht%3D250%26stid%3Dzdnet.com%26url%3Dhttp%253A%252F%252Fwww.zdnet.com%252F%26dom%3Dzdnet.com%26ibs%3DTrue%26mw%3D1.0%26poo%3Dp%26kwid%3D28171304%26kwtp%3D12072016%26eid%3DAppNexus%26cid%3D27307%26agid%3D46628%26sid%3D2bc5f8d0-daad-11e3-96aa-00259035cc68%26pid%3D0%26anid%3D0%26dc%3D1ZuVurvY%26datc%3Dsan+jose%26da%3D11507%26st%3Dmeta%26bm%3D1.99%26wp%3D0.309412%26kw%3D0aaVq4Whn3h0%26uf%3D0%26uiof%3D0%26kf%3D70955%26atype%3DHISTORIC%26test%3D0%26adpos%3D2%26bidder%3Dbidder13-sj%26ioi%3D18230%26ts%3D1399992305014%26sig%3De2a040ece269d3d8b1efd19fe8966767%26cu%3D%26dsi%3DNone%26oad%3Ddefault-20120719%253A0%252C0%252C0.0000%26iad%3D%26meta%3D326%26cy%3DCA%26rg%3DAB%26ct%3DCALGARY%26dma%3D0%26pc%3DT2P%26psa%3D0%26ic%3DFalse%26va%3D-1%26vat%3D-1%26tkn%3D149bf360-b8e0-11e3-9c38-0025900cda4c%26new%3D2%26clickURL%3D&iid=62d640f2d550f9ec27140229f178e5cc&oid=0&cn=0



BC AdBot (Login to Remove)

 


m

#2 mrmackenzie

mrmackenzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 13 May 2014 - 09:50 AM

Any help is appreciated.

Thanks,

Mrmac



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 AM

Posted 13 May 2014 - 12:57 PM

MrMac

Please run these next.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download RogueKiller from one of the following links and save it to your desktop:
    • Link 1
    • Link 2
      • Close all programs and disconnect any USB or external drives before running the tool.
      • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
      • Once the Prescan has finished, click Scan.
      • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
      • Copy and paste the report that opens into your next reply.
        • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
        • The highest number of [X], is the most recent Scan

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 mrmackenzie

mrmackenzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 13 May 2014 - 02:28 PM

Thanks for the reply boopme,

 

Results of MiniToolbox:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Mike (administrator) on 13-05-2014 at 13:14:27
Running from "C:\Users\Mike\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Intel® Dual Band Wireless-N 7260 = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Mike-pc
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 0C-8B-FD-9C-4F-74
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 0C-8B-FD-9C-4F-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-N 7260
   Physical Address. . . . . . . . . : 0C-8B-FD-9C-4F-73
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 78-45-C4-CA-99-80
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a1ad:2070:3cdf:411e%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.24(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, May 9, 2014 1:06:00 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 20, 2014 1:02:16 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 259540420
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-05-C3-07-78-45-C4-CA-99-80
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:340b:1c3f:3f57:ffe7(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::340b:1c3f:3f57:ffe7%19(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{10914E91-DD25-40FE-9C76-B0944C7F5985}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:400a:804::1009
 173.194.33.130
 173.194.33.128
 173.194.33.142
 173.194.33.136
 173.194.33.131
 173.194.33.135
 173.194.33.132
 173.194.33.134
 173.194.33.129
 173.194.33.137
 173.194.33.133
 
 
Pinging google.com [173.194.33.133] with 32 bytes of data:
Reply from 173.194.33.133: bytes=32 time=30ms TTL=56
Reply from 173.194.33.133: bytes=32 time=30ms TTL=56
 
Ping statistics for 173.194.33.133:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 30ms, Average = 30ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=35ms TTL=54
Reply from 206.190.36.45: bytes=32 time=84ms TTL=54
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 35ms, Maximum = 84ms, Average = 59ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...0c 8b fd 9c 4f 74 ......Microsoft Wi-Fi Direct Virtual Adapter
 14...0c 8b fd 9c 4f 77 ......Bluetooth Device (Personal Area Network)
 13...0c 8b fd 9c 4f 73 ......Intel® Dual Band Wireless-N 7260
 12...78 45 c4 ca 99 80 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.24     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.24    266
     192.168.0.24  255.255.255.255         On-link      192.168.0.24    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.24    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.24    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.24    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 19    306 2001::/32                On-link
 19    306 2001:0:5ef5:79fd:340b:1c3f:3f57:ffe7/128
                                    On-link
 12    266 fe80::/64                On-link
 19    306 fe80::/64                On-link
 19    306 fe80::340b:1c3f:3f57:ffe7/128
                                    On-link
 12    266 fe80::a1ad:2070:3cdf:411e/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/12/2014 09:01:03 AM) (Source: SPP) (User: )
Description: Writer COM+ REGDB Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP) (User: )
Description: Writer WMI Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP) (User: )
Description: Writer MSSearch Service Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP) (User: )
Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP) (User: )
Description: Writer Registry Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP) (User: )
Description: Writer System Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (05/09/2014 08:45:50 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (05/09/2014 08:17:34 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
 
System errors:
=============
Error: (05/13/2014 07:21:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (05/12/2014 08:33:00 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (05/09/2014 08:07:01 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (05/09/2014 08:06:31 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (05/09/2014 08:06:01 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (05/09/2014 08:05:31 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (05/09/2014 08:05:01 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (05/09/2014 08:04:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (05/08/2014 04:42:07 PM) (Source: DCOM) (User: Mike-pc)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (05/08/2014 09:18:59 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/12/2014 09:01:03 AM) (Source: SPP)(User: )
Description: COM+ REGDB WriterThe writer's timeout expired between the Freeze and Thaw events. (0x800423F2)
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP)(User: )
Description: WMI WriterThe writer's timeout expired between the Freeze and Thaw events. (0x800423F2)
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP)(User: )
Description: MSSearch Service WriterThe writer's timeout expired between the Freeze and Thaw events. (0x800423F2)
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP)(User: )
Description: Shadow Copy Optimization WriterThe writer's timeout expired between the Freeze and Thaw events. (0x800423F2)
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP)(User: )
Description: Registry WriterThe writer's timeout expired between the Freeze and Thaw events. (0x800423F2)
 
Error: (05/12/2014 09:01:03 AM) (Source: SPP)(User: )
Description: System WriterThe writer's timeout expired between the Freeze and Thaw events. (0x800423F2)
 
Error: (05/09/2014 08:45:50 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (05/09/2014 08:17:34 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 (Version: 6.5.6.11)
CyberLink LabelPrint 2.5 (Version: 2.5.5415)
CyberLink Media Suite 10 (Version: 10.0.1.2417)
CyberLink Media Suite Essentials (Version: 10.0)
CyberLink Power2Go 8 (Version: 8.0.0.2126)
CyberLink PowerDirector 10 (Version: 10.0.1.2413)
CyberLink PowerDVD 10 (Version: 10.0.4828.52)
Dell Backup and Recovery - Support Software (Version: 1.5.0.0)
Dell Backup and Recovery (Version: 1.5.0.0)
Dell Touchpad (Version: 16.6.4.13)
DriveHQ FileManager 5.2 (Version: 5.2.0.924)
FileParade bundle uninstaller (Version: 2.0.0.3)
Google Chrome (Version: 34.0.1847.131)
Google Update Helper (Version: 1.3.24.7)
Intel® Management Engine Components (Version: 9.5.3.1520)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577)
Intel® Processor Graphics (Version: 10.18.10.3412)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 3.1.1306.0354)
Intel® Rapid Storage Technology (Version: 12.6.0.1033)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 3.0.0.66956)
Intel® Update Manager (Version: 2.3.1338)
Intel® WiDi (Version: 4.1.17.0)
Intel® PROSet/Wireless Software (Version: 16.1.5)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269)
Intel® Trusted Connect Service Client (Version: 1.28.487.1)
Java 7 Update 51 (64-bit) (Version: 7.0.510)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office Home and Business 2013 - en-us (Version: 15.0.4605.1003)
Microsoft OneDrive (Version: 17.0.4023.1211)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65)
NVIDIA Control Panel 331.65 (Version: 331.65)
NVIDIA Graphics Driver 331.65 (Version: 331.65)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA Optimus 1.15.2 (Version: 1.15.2)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165)
NVIDIA Update 1.15.2 (Version: 1.15.2)
NVIDIA Update Components (Version: 1.15.2)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4605.1003)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003)
Office 15 Click-to-Run Localization Component (Version: 15.0.4605.1003)
Realtek High Definition Audio Driver (Version: 6.0.1.6971)
Realtek PCIE Card Reader (Version: 6.2.9200.21220)
Search Protect (Version: 2.13.1.47)
Shared C Run-time for x64 (Version: 10.0.0)
SHARP MX/DX Series PCL/PS Printer Driver (Version: 1.00.000)
Websteroids (Version: 2.6.71)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 24%
Total physical RAM: 16282.57 MB
Available physical RAM: 12257.71 MB
Total Pagefile: 18586.57 MB
Available Pagefile: 13436.1 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.3 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:915.49 GB) (Free:850.8 GB) NTFS
3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.59 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\MIKE-PC
 
Administrator            Guest                    Mike                     
UpdatusUser              
 
 
**** End of log ****
 

 

Results of RogueKiller:

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Scan -- Date : 05/13/2014 13:25:10
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] WebsteroidsService.exe -- C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe [7] -> KILLED [TermProc]
[SUSP PATH] Websteroids.exe -- C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe [7] -> KILLED [TermProc]
[SUSP PATH] Websteroids64.exe -- C:\ProgramData\Websteroids\up\2.6.80\Websteroids64.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 14297318ab0020aac1a3bc900da18b59
[BSP] b60bb14cf7fa9ca725e9fb763225b150 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_05132014_132510.txt >>


#5 mrmackenzie

mrmackenzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 13 May 2014 - 02:32 PM

Btw, I thought I read that this group is not to be used for posting logs, so sorry if I've made a mistake



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 AM

Posted 13 May 2014 - 02:44 PM

No ,no HJT or DDS logs,but anything I ask for is OK.

Next ..
  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", this time click the Delete button.
  • Copy and paste the report that opens into your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete
Now...
Uninstall these thru Control Panel
Java 7 Update 51 (64-bit) (Version: 7.0.510)

Java 7 Update 51 (Version: 7.0.510)

Java Auto Updater (Version: 2.1.9.8)

Reboot

How is it running now/
Do you need a free Antivirus as I did not see one installed?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mrmackenzie

mrmackenzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 13 May 2014 - 02:55 PM

FIrst Log:

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software

 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Scan -- Date : 05/13/2014 13:50:59
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 14297318ab0020aac1a3bc900da18b59
[BSP] b60bb14cf7fa9ca725e9fb763225b150 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_05132014_135059.txt >>
RKreport[0]_S_05132014_132510.txt
 
 
Delete Log
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Remove -- Date : 05/13/2014 13:51:28
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (0) -> REPLACED ()
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (0) -> REPLACED ()
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 14297318ab0020aac1a3bc900da18b59
[BSP] b60bb14cf7fa9ca725e9fb763225b150 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_05132014_135128.txt >>
RKreport[0]_S_05132014_132510.txt;RKreport[0]_S_05132014_135059.txt
 
 
Antivirus
It's your opinion I'd be better off with one? I run AVG on one of my personal computers and avast on the other. This is a work computer and the IT guy told me I'd be OK with Windows Defender (obviously not). I don't know him or his work too well so I'm open to hearing a different opinion.


#8 mrmackenzie

mrmackenzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 13 May 2014 - 03:11 PM

I uninstalled Java 7 Update 51 (64-bit) (Version: 7.0.510) and Java 7 Update 51 (Version: 7.0.510) but the Auto Update one was not found. Then I rebooted.

 

Chrome seemed to be running fine before I uninstalled those and rebooted, but as soon as I opened it again the problems are back. First try at opening a page redirected me to wantitdating .com and their fake Flash update.

 

Thanks for your ongoing help 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 AM

Posted 13 May 2014 - 03:11 PM

How is it running now?
You may not be allowed to install a different AV,,, but if so you have t remove those to install. ◾Avira Antivir


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 AM

Posted 13 May 2014 - 03:15 PM

We may have an add on in Chrome.. We can try disabling them one at a time and see.
 
Disable Individual Plug-ins in Google Chrome


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 mrmackenzie

mrmackenzie
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 13 May 2014 - 03:58 PM

the link you provided opens as howtogeek.com but immediately redirects to cleanPC365 .com 

I checked the plugins and none look suspicious. I also disabled them all and restarted Chrome - same issues. I couldn't do what your link recommends bc I wasn't able to read the page.

Also, an old problem has restarted... when I open new tabs, it goes to a bing search bar with ads below it, even though new tabs are suppose to open to google. THis happened a few weeks ago, but I fiddled with my defaults and it seemed to be under control. Since disabling plugins and restarting chrome, the new tabs are opening to google like they should, but that will probably not last.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 AM

Posted 13 May 2014 - 04:04 PM

This means it's protected an we need a deeper look. Have to start a new topic to find it with stronger tools.
Geek had a good explanation , so I use that.
 
 
 
 Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users