Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ads playing in background, Script Errors, and Google Redirect


  • This topic is locked This topic is locked

#1
Dogma Condemned

Dogma Condemned

    Member

  • Member
  • PipPip
  • 17 posts
Can anyone please help? I have tried everything. My computer plays ads in the background randomly for short periods of time and at the same time these script errors keep popping up even though I have no programs open. Also when I search in google I my search results come up but when I click on a link I get redirected so I have the redirect virus. Any help is greatly appreciated I have tried everything and am about to start pulling my hair out from frustration. Here is my combofix log.

ComboFix 11-04-27.03 - Aleq 04/28/2011 9:36.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.398 [GMT -5:00]
Running from: c:\users\Aleq\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-28 14:45 . 2011-04-28 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-27 06:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 05:22 . 2011-04-27 05:22 -------- d-----w- c:\users\Aleq\AppData\Roaming\SUPERAntiSpyware.com
2011-04-27 05:22 . 2011-04-27 05:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-27 05:22 . 2011-04-27 05:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-27 05:16 . 2011-04-27 05:16 -------- d-----w- c:\windows\Downloaded Program Files
2011-04-26 22:24 . 2011-04-27 02:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-26 22:24 . 2011-04-26 22:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-26 21:16 . 2011-04-28 14:45 -------- d-----w- c:\users\Aleq\AppData\Local\Temp
2011-04-26 20:30 . 2011-04-26 20:30 -------- d-----w- c:\users\Aleq\AppData\Roaming\toshiba
2011-04-26 20:25 . 2011-04-26 20:29 -------- d-----w- c:\program files\TOSHIBA
2011-04-26 20:25 . 1999-10-12 23:47 24576 ----a-w- c:\windows\system32\TSCI.dll
2011-04-26 20:25 . 1999-10-12 23:45 24576 ----a-w- c:\windows\system32\THCI.dll
2011-04-26 15:48 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24F71EFA-CCC5-4892-8921-39AC637DFDDA}\mpengine.dll
2011-04-25 20:05 . 2011-04-25 20:05 388096 ----a-r- c:\users\Aleq\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 20:05 . 2011-04-25 20:05 -------- d-----w- c:\program files\Trend Micro
2011-04-25 19:43 . 2011-04-25 19:43 -------- d-----w- c:\programdata\PC Tools
2011-04-25 16:38 . 2011-04-27 03:18 -------- d-----w- c:\program files\Lotoshare Registry Cleaner
2011-04-17 06:50 . 2011-04-17 06:50 -------- d-----w- c:\program files\Marvell
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\users\Aleq\AppData\Roaming\ParetoLogic
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\users\Aleq\AppData\Roaming\DriverCure
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\programdata\ParetoLogic
2011-04-16 00:42 . 2011-04-16 00:42 -------- d-----w- c:\program files\ParetoLogic
2011-04-15 19:18 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-15 19:18 . 2011-04-15 19:18 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-15 19:17 . 2011-04-15 19:17 -------- d-----w- c:\users\Aleq\AppData\Local\Sunbelt Software
2011-04-15 03:06 . 2011-04-15 03:06 -------- d-----w- c:\program files\EASEUS
2011-04-15 03:00 . 2011-04-15 03:05 -------- d-----w- c:\programdata\Lavasoft
2011-04-15 02:33 . 2008-07-10 15:38 28672 ----a-w- c:\windows\Getdisk.exe
2011-04-15 02:33 . 2011-04-15 02:33 -------- d-----w- c:\program files\Recover Data for FAT & NTFS
2011-04-15 02:33 . 2011-04-15 02:33 -------- d-----w- c:\windows\Recover Data for FAT & NTFS
2011-04-14 20:26 . 2011-04-14 20:26 -------- d-----w- c:\users\Aleq\AppData\Roaming\Registry Mechanic
2011-04-14 03:33 . 2011-04-17 07:12 -------- d-----w- c:\users\Aleq\AppData\Local\ElevatedDiagnostics
2011-04-14 03:02 . 2011-04-14 03:02 -------- d-----w- c:\users\Aleq\AppData\Roaming\Malwarebytes
2011-04-14 03:02 . 2011-04-14 03:02 -------- d-----w- c:\programdata\Malwarebytes
2011-04-14 03:02 . 2011-04-27 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 21:39 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-12 21:39 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 21:39 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-12 21:39 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 21:39 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-12 21:39 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-12 21:39 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-12 21:38 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-12 21:38 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-12 21:38 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-12 21:38 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-12 21:38 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-12 21:38 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-12 21:38 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 21:38 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 21:38 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 21:38 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 05:11 . 2011-04-13 08:08 -------- d-----w- c:\program files\Microsoft
2011-04-12 05:10 . 2011-04-12 05:10 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e62db99a1cbf8cf02\InstallManager_WLE_WLE.exe
2011-04-12 05:09 . 2011-04-12 05:09 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7d776b01cbf8cf01\MeshBetaRemover.exe
2011-04-07 22:39 . 2011-04-07 22:42 -------- d-----w- c:\program files\TabIt
2011-03-29 22:06 . 2011-03-29 22:06 -------- d-----w- c:\users\Aleq\AppData\Roaming\Publish Providers
2011-03-29 22:06 . 2011-03-29 22:06 -------- d-----w- c:\users\Aleq\AppData\Roaming\NetMedia Providers
2011-03-29 22:06 . 2011-03-29 22:06 -------- d-----w- c:\users\Aleq\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-30 16:40 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 05:56 . 2011-03-09 07:17 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:56 . 2011-03-09 07:17 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:56 . 2011-03-09 07:17 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-14 04:58 . 2011-02-14 04:58 967 ----a-w- c:\windows\ScUnin.pif
2011-02-14 04:58 . 2011-02-14 04:58 94208 ----a-w- c:\windows\ScUnin.exe
2011-02-03 05:45 . 2011-02-08 23:11 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-03 02:40 . 2010-09-16 21:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:11 . 2010-08-19 16:37 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-01 64512]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-23 316192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 07:07]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 07:07]
.
2011-04-28 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-04-23 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-04-22 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-04-27 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15179&l=dis
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Aleq\AppData\Roaming\Mozilla\Firefox\Profiles\vboj4svp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=8302E132-2405-4FCA-BEE7-E80BD94D2A82&apn_ptnrs=RW&apn_sauid=1C1929C8-5B20-4899-B243-1F0EEDDAED28&apn_dtid=YYYYYYYYUS&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3536)
c:\windows\system32\igd10umd32.dll
.
Completion time: 2011-04-28 09:49:28
ComboFix-quarantined-files.txt 2011-04-28 14:49
ComboFix2.txt 2011-04-26 17:24
ComboFix3.txt 2011-04-20 15:25
.
Pre-Run: 14,094,757,888 bytes free
Post-Run: 14,072,066,048 bytes free
.
- - End Of File - - 8955AFF9BF99EF721E7342FA3347361B
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hio there lets see if we can determine where this is coming from

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP