Annoying Commercial Excerpts

11 years ago

My daughter has an allegedly new laptop. I say "allegedly" because there is a strange issue. I truly believe it is a brand new laptop, because she was at my house when she set everything up following the instructions the laptop was giving her.

Regardless, randomly either radio or TV commercial excerpts will start playing (audio only of extremely brief duration). It is exceedingly annoying.

She has scanned several times using: Spybot, Superantipspyware, Malwarebytes, Microsoft Security Essentials, and Microsoft Malicious Software Removal Tool. None of these have found or removed a virus or Trojan.

She and I are both stumped as to what she needs to do to get rid of this annoyance. We don't even know how to find out what "program" could even be doing this.

Please, please, please help.

Comments (32)

zep516
11 years ago
last modified: 9 years ago
Can we see a log to get a basic idea of what programs are installed and what's running, that may help us to identify any issues, it's a start,

Click Here to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop. Right click the Hijackthis Icon and Run as Adminstrator if you use Vista or Windows 7
By default it will install to C:\Program Files\Trend Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy" and Paste the entire contents of the log into your next post.
DO NOT use the AnalyzeThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System.

Then do this

Double click the hijackthis Icon on the Desktop, Scroll down to "Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"[ over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Thanks, Zep. Below is the logfile.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:53 AM, on 9/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Users\ConstantLight\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - (cce665dd-f6dd-4808-968e-eaec971f70ef) - (no file)
R3 - URLSearchHook: YTNavAssistPlugin Class - (81017EA9-9AA8-4A6A-9734-7AF40E7D593F) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - (7DB2D5A0-7241-4E79-B68D-6309F01C5231) - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120128104026.dll
O2 - BHO: Windows Live ID Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - (FDAD4DA1-61A2-4FD8-9C17-86F7AC245081) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - (5356518D-FE9C-4E08-9C1F-1E872ECD367F) - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: wlpg - (E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324) - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel� Centrino� Wireless Bluetooth� 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9798 bytes
Related Discussions
Annoying pink dogwood
Q
Comments (31)
Planted a 8-10' Stellar Pink this past spring in pretty much full sun. I've heard many stories of woe regarding the following years after initially planting a pink dogwood. We had an unusually cold and rainy spring this year as well. Have an irrigation system but I also watered it every non-rainy day the first two weeks after planting and every other for the 3rd week. Tended to it during periods of drought this summer too. There is a 1-2' ring of mulch around the base. Noticed a lot of lower smaller twiggy branches and ones on the interior have dried up. Also the leaves started turning red (their proper fall color) about 2 or 3 weeks ago. Isn't that too early? Is it a sign of something else? Should I be doing something right now? I am nervous going into this tree's first winter. Any thoughts...or am I worrying about nothing?
...See More
I'm annoyed...tell me what you think, please.
Q
Comments (24)
Well, Stevied, thanks for your concern about "hijacking" my thread but I think we would all be better off if it morphs into a discussion of how we can all (male and female) be more sensitive in communication with our significant others than if it remains a narrowly focused thrashing out of my little problem. After all...I've already relegated that to the "last week's annoyance" category. Some might say that I've swept it under the rug...I prefer to think I've moved on. And I think I might learn a lot from a man who is willing to think a bit about these things. A different perspective, doncha know? I suspect that part of the problem your wife has with your attempts to communicate stems from old hurts. She may be expecting repeats of earlier disappointments and such. It's hard to imagine that a husband who would make such a sweet, humble attempt to understand and change would be rebuffed. There must be some issue lurking here. Have you asked about that? You say that you still can't help her feel better - well, apart from the fact that one person really cannot be responsible completely for the feelings of another - have you asked her to break things down for you into really small, doable bits? If you find that you just don't know what to do or say, could you say, "Honey, I can tell that you are hurting and I hate that and really want to help. What do you need me to do or say right now? What am I not getting about this? Do believe me that I want to understand and am not trying to be thick...I just don't quite see it and need you to help me understand how to help you. I'm hoping that if you walk me through it a few times I'll start to get it on my own." Any woman who would reject that must have a LOT of mistrust left over from somewhere. And those issues will have to be dealt with before progress is made. Also, apology has its valuable place. If you react in a way that turns out to be mistaken, apologize! Right away you can say, "Whoa! I think I read that wrong. You were serious, weren't you? I'm sorry I didn't get that. Let me back up and try again cause I really didn't want to hurt your feelings." And you may need to start out by assuming that it's ALL important for a while. Rather than putting all the burden on her to announce whether you should really pay attention or not, how about just assuming that if her mouth is moving you need to get in gear? I seriously doubt that she will be as annoyed on account of you taking something seriously when she was kidding as she would if you ignore her when she is trying to get your attention. You say that you want to help and you just can't seem to figure it out? Well, take the time and trouble to just pay attention to everything she says for a while and see if that helps. Really listen every time she speaks, take a few seconds at least to try to see what she is really saying and if you don't get it ask her to clarify for you. If nothing else, it should be a huge compliment to her that you are willing to pay attention to her. We really do teach others how to treat us. Heaven knows what I'M thinking...I seem to always teach people to take me totally for granted and to ignore my needs. When will I ever learn NOT to do that? Or HOW not to do that? But it's always easier to give advice about someone else's problem than to figure out our own or to take advice when it applies to us. So why shouldn't your wife teach you what she needs? If you are as willing to learn as you appear to be, I think she would be making a huge mistake not to jump at the chance. Guys like you don't grow on trees!
...See More
another annoying tv thing
Q
Comments (16)
That is bad enough - what gets me is "f-ing this" and "f-ing" that when you see a group of teenagers. I was at a Best Buy, and stopped to talk to a friend just going out. There were 4 teen-age boys coming out and talking -- and that's about all I picked up from their conversation. They have no social skills, morals at all. Now, obviously, there are still some really, really good kids - but these that have had absolutely no values in their lives cast a pretty big shadow. Scares me -- when they take over.
...See More
Annoying Target Commercial
Q
Comments (27)
I can't stand that target one either,mute the tv every time it comes on.I mean really,do you know anyone who acts like that?? I sure don't!! I hate the one for that Dragon thing that you talk to and it types what you talk.Did you all realize that one is 4 minutes long?? Another on my hate list is Trojan,that makes your hair stand out,when you have sex~~~~~~~~~~~~Really,who cares?? Kathi
...See More
zep516
11 years ago
last modified: 9 years ago
Like to see this too,

Double click the hijackthis Icon on the Desktop, Scroll down to "Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"[ over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Here is that file list, Zep.

AccelerometerP11
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell VideoStage
Dell Webcam Central
High-Definition Video Playback
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) WiDi
Java 7 Update 7
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
NVIDIA Stereoscopic 3D Driver
PlayReady PC Runtime x86
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype� 5.5
SyncUP
SyncUP
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4
Zinio Reader 4
zep516
11 years ago
last modified: 9 years ago
Looks like you had White Smoke toolbar, ----> R3 - URLSearchHook: (no name) - (cce665dd-f6dd-4808-968e-eaec971f70ef) - (no file) It appears to be gone cause it says "No File" Just an orphaned registry key left over. We can look further into that as we go.

Did Malwarebytes find anything when you ran it? If so do you have the log?

1 more scan, Don't delete anything just post the log it creates.
**********************************************************
Download AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Link below too for your convenience.

Double click on AdwCleaner.exe to run the tool.
***Note: Windows Vista and Windows 7 users:

Right click in the adwCleaner.exe and select "run as adminstrator"

1 Click the Search button.

2 A logfile will automatically open after the scan has finished.

3 Please post the content of that logfile in your next reply.

4 Or you can find the logfile at C:\AdwCleaner[R1].txt.

Joe

Here is a link that might be useful: adwcleaner
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
it almost sounds like she has something open in the back ground. Also many of the ads on these pages do have auto play and will start playing video, sound, music etc.
Adding firefox with adblock plus and easylist would block all of those so she might try doing that to see if it makes a difference. Let us know if you need the info on doing that.
zep516
11 years ago
last modified: 9 years ago
Sounds good ravencajun, cause I'm not seeing anything yet. Lets see what the next log shows, then we can go with the Adblock +
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Here is the scan from adwcleaner:

# AdwCleaner v2.001 - Logfile created 09/09/2012 at 12:37:33
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ConstantLight - DJARUMBLACK711
# Boot Mode : Normal
# Running from : C:\Users\ConstantLight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72D8GSU0\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\CONSTA~1\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\ConstantLight\AppData\Local\Conduit
Folder Found : C:\Users\ConstantLight\AppData\LocalLow\Conduit
Folder Found : C:\Users\ConstantLight\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Found : HKLM\SOFTWARE\Classes\TypeLib\(9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8)
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\(E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39)
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Found : HKLM\SOFTWARE\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Found : HKLM\SOFTWARE\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Found : HKU\S-1-5-21-377758485-2267313085-2573796334-1001\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2258 octets] - [09/09/2012 12:37:33]

########## EOF - C:\AdwCleaner[R1].txt - [2318 octets] ##########
zep516
11 years ago
last modified: 9 years ago
Please rescan with AdwCleaner.
Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save and open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
# AdwCleaner v2.001 - Logfile created 09/09/2012 at 13:24:50
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ConstantLight - DJARUMBLACK711
# Boot Mode : Normal
# Running from : C:\Users\ConstantLight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72D8GSU0\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\CONSTA~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\ConstantLight\AppData\Local\Conduit
Folder Deleted : C:\Users\ConstantLight\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ConstantLight\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\(9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8)
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\(E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39)
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Deleted : HKLM\SOFTWARE\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Deleted : HKLM\SOFTWARE\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-377758485-2267313085-2573796334-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2381 octets] - [09/09/2012 12:37:33]
AdwCleaner[R2].txt - [2556 octets] - [09/09/2012 13:23:38]
AdwCleaner[S1].txt - [3125 octets] - [09/09/2012 13:24:50]

########## EOF - C:\AdwCleaner[S1].txt - [3185 octets] ##########
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
What fantastic advice. Thank you so very much, Zep.

The ad/music are still in place; in fact, now it sounds like two different commercial excerpts playing one on top of the other. This is just the strangest thing I have every encountered.

My daughter notice that McAfee or parts of it are listed in the very first Highjack This list posted and in the second list posted are parts of Nero. She had uninstalled these programs. How can she get rid of the remaining bits and pieces, please.

As far as the commercials, is there a possibility that something is embedded in IE? I am grasping at straws here.
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Oops. Meant to post what I mean about McAfee and Nero.

C:\Users\ConstantLight\Desktop\HijackThis.exe:
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

Open Uninstall Manager HighjackThis:
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
zep516
11 years ago
last modified: 9 years ago
My daughter notice that McAfee or parts of it are listed in the very first Highjack

McAfee is your Anti Virus program, why are you concerned with that?
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Neither of us care for McAfee which was pre-loaded, and she uninstalled it and downloaded Microsoft Security Essentials, Superantispyware and Malwarebytes. That is why she would like all the bits and pieces of removed.

Likewise, with Nero. She does not like Nero and uninstalled it, but would like the remaining bits removed from her haptop.
zep516
11 years ago
last modified: 9 years ago
I did not no that, so lets get rid of McAfee all of it,using Application remover,

The free AppRemover utility enables thorough uninstallation of security software like antivirus and antispyware applications from your computer.

See link, let me know when that is done

Here is a link that might be useful: appremove
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Well, darn. AppRemover did not remove the remnants of McAfee or Nero.

The excerpts of sound from commercials continue.

As the British would say, "I am just gobsmacked!"

Thanks for your willingness to help remedy this situations, Zep. It is truly appreciated.
owbist
11 years ago
last modified: 9 years ago
The sounds are 'brief', define brief please. Are you able to discern words or phrases at all? Any repetition of the same sounds?

Click Start
click Control panel
click Hardware and Sound
click Device manager
In the new window do you see any yellow exclamation marks or question marks at all?

-------------------
Click Start and immediate start typing 'event viewer' in the space right above the start button without the quotes and hit enter.

Wait for the new window to be fully populated then look in the centre panel for errors. It will list those in the last hour and 24 hours. Click the plus sign beside Error to see the drop down menu, double click on any errors shown for explanations. Anything of interest there?
zep516
11 years ago
last modified: 9 years ago
Thanks owbist but I'd like to continue with the McAfee removal,

Lets run this for McAfee removal,

Download the MCPR tool from: See link below, when you click on the link a box will open on this page, click Save file, save it to your desktop, Then right click on it and choose "Run as Administrator". That should get rid of Left over McAfee files.

Here is a link that might be useful: MCPR.exe
zep516
11 years ago
last modified: 9 years ago
If that does not work we will delete these services manually.

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
owbist
11 years ago
last modified: 9 years ago
Of course Zep, my suggestions have no effect on your instructions I am just offering a new avenue seeing all your good work hasn't seemed to have fixed this strange puzzle.

I am merely clutching at straws hoping something might pop up to give a clue on the challenge.
zep516
11 years ago
last modified: 9 years ago
It's a weird one indeed and I like your suggestion. By the way if your here today, maybe revo will get rid of the nero program for walnutcreek. I'll be out most of day at that thing called work :(

Joe
zep516
11 years ago
last modified: 9 years ago
If for some reason the McAfee tool fails to remove those 023 services this is how to delete them manually using a command prompt.

To delete a service (O23) manually using a windows command prompt follow the instructions:
Click Start.
in search box
Type cmd or command and press enter.

When the black window opens (command prompt)using your mouse copy this command in bold sc delete McShield now right click within the black box and choose paste, that will paste the command you copied into the command prompt, hit enter on your keyboard. Reboot.

Do the same exercise for these sc delete mfefire Reboot sc delete mfevtp Reboot
shaxhome (Frog Rock, Australia 9b)
11 years ago
last modified: 9 years ago
Others seem to have had the same problem...

Here is a link that might be useful: Audio Leaks
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
Great find Shax!!! zep it definitely looks like an infection,an MBR infection actually, I think it may be easier to send them to LzD than to suggest using the method on shax link however and safer.

Since zep is helping you here I will let him make the call just in case he wants you to go to LzD here is the link to the area you would post your new thread in, you will need to register first of course. If you provide a link back to this thread it will be helpful.

LzD Analysis and Malware Removal

zep and I are there also so if you need help getting there should you go just ask.
zep516
11 years ago
last modified: 9 years ago
@ravencajun

Lets finish up the McAfee thing, an Nero, then I'll ask for a DDS log and the user will be more prepared for LDZ. I didn't like the link at all, the guy was just shooting various programs at the user and not 1 log was shown, and he said it was an MBR infection? I did not see awsMBR.exe ran either and that program scans and looks at the MBR and creates a log.
shaxhome (Frog Rock, Australia 9b)
11 years ago
last modified: 9 years ago
Zep..here's another thread with links and logs that may be of some help...

Regards,
Shax

Here is a link that might be useful: Same Problem
zep516
11 years ago
last modified: 9 years ago
Not a bad post, but it is 4 years old, I think the DDS log will be very helpful that I'm going to ask for, it will show us a great deal more information about files installed, when they were installed and where there installed to. It's very important to get logs on this machine, and not look at other peoples work on similar issues and sort of copy what they did, that being said it's still good reference material. My intentions are to fix McAfee an Nero, then turn the thread over to ldz

Joe
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
I agree with you. That's why I was not wanting any one to jump in to those directions on that link.
It will be interesting to see what turns up on the logs.
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
My daughter had to go home and back to work, so she has not had time to work on the annoying commercial outbreaks. I am hoping she can get back to the issue soon.

Just wanted to update y'all.
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
do not let her delay if this is a serious infection she could be putting her information at risk especially if she uses this pc for any type of financial use.
She can go to the LzD link I provided from where ever she is and the team will help her run the scans needed to clean it.
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Thank you so much, zep, for the McAfee removal information. My daughter was able to totally remove McAfee. Here is what she stated: This worked! Tell everyone at GardenWeb thanks for all the help I really appreciate it. I THINK I the other issue with the sound bits is also fixed. I'll turn it on a few times through the week to check it out.

Posted by zep516 (My Page) on Sun, Sep 9, 12 at 23:59

Thanks owbist but I'd like to continue with the McAfee removal,
Lets run this for McAfee removal,

Download the MCPR tool from: See link below, when you click on the link a box will open on this page, click Save file, save it to your desktop, Then right click on it and choose "Run as Administrator". That should get rid of Left over McAfee files.
Here is a link that might be useful: MCPR.exe

Thanks to everyone else regarding removal of the sound bites issue.
zep516
11 years ago
last modified: 9 years ago
Good news is welcome, thank you!

Joe

Annoying Commercial Excerpts

Comments (32)

zep516

WalnutCreek Zone 7b/8a
Original Author

Related Discussions

zep516

WalnutCreek Zone 7b/8a
Original Author

zep516

ravencajun Zone 8b TX

zep516

WalnutCreek Zone 7b/8a
Original Author

zep516

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

zep516

WalnutCreek Zone 7b/8a
Original Author

zep516

WalnutCreek Zone 7b/8a
Original Author

owbist

zep516

zep516

owbist

zep516

zep516

shaxhome (Frog Rock, Australia 9b)

ravencajun Zone 8b TX

zep516

shaxhome (Frog Rock, Australia 9b)

zep516

ravencajun Zone 8b TX

WalnutCreek Zone 7b/8a
Original Author

ravencajun Zone 8b TX

WalnutCreek Zone 7b/8a
Original Author

zep516

COMPANY

BUSINESS SERVICES

GET HELP

CONNECT WITH US

Annoying Commercial Excerpts

Comments (32)

WalnutCreek Zone 7b/8aOriginal Author

Related Discussions

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

COMPANY

BUSINESS SERVICES

GET HELP

CONNECT WITH US

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author