Annoying Commercial Excerpts

11 years ago

My daughter has an allegedly new laptop. I say "allegedly" because there is a strange issue. I truly believe it is a brand new laptop, because she was at my house when she set everything up following the instructions the laptop was giving her.

Regardless, randomly either radio or TV commercial excerpts will start playing (audio only of extremely brief duration). It is exceedingly annoying.

She has scanned several times using: Spybot, Superantipspyware, Malwarebytes, Microsoft Security Essentials, and Microsoft Malicious Software Removal Tool. None of these have found or removed a virus or Trojan.

She and I are both stumped as to what she needs to do to get rid of this annoyance. We don't even know how to find out what "program" could even be doing this.

Please, please, please help.

Sort by:Oldest

Comments (32)

zep516
11 years ago
last modified: 9 years ago
Can we see a log to get a basic idea of what programs are installed and what's running, that may help us to identify any issues, it's a start,

Click Here to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop. Right click the Hijackthis Icon and Run as Adminstrator if you use Vista or Windows 7
By default it will install to C:\Program Files\Trend Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy" and Paste the entire contents of the log into your next post.
DO NOT use the AnalyzeThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System.

Then do this

Double click the hijackthis Icon on the Desktop, Scroll down to "Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"[ over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Thanks, Zep. Below is the logfile.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:53 AM, on 9/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Users\ConstantLight\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - (cce665dd-f6dd-4808-968e-eaec971f70ef) - (no file)
R3 - URLSearchHook: YTNavAssistPlugin Class - (81017EA9-9AA8-4A6A-9734-7AF40E7D593F) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - (7DB2D5A0-7241-4E79-B68D-6309F01C5231) - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120128104026.dll
O2 - BHO: Windows Live ID Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - (FDAD4DA1-61A2-4FD8-9C17-86F7AC245081) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - (5356518D-FE9C-4E08-9C1F-1E872ECD367F) - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: wlpg - (E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324) - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel� Centrino� Wireless Bluetooth� 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9798 bytes
Related Discussions
Anyone besides me annoyed by...
Q
Comments (17)
How strange! I looked at my original post this morning to happily find others are as annoyed as I, and discovered that the Forum Masters had added a "link" to the word "y-a-r-d" in my post complaining about them adding links!! Didn't have time to respond then but checked again this evening and the link is mysteriously gone! Yippee! Maybe the powers-that-be have read about our discontent and decided it wasn't such a great idea. Could it be true? If so - Thank You from all of us!! I agree with Jazzbone - nothing could keep me from visiting or enjoying you all and your wonderful work and ideas either! I have a great pop-up-blocker. When I figure out what it is and where it came from I will let you know. It gives you the option of accepting pop-ups at certain sites but blocks all if you wish. Have to go play in concrete now! Made my first 2-part mother mold (for a silicone caulk mold I made Thanks to Nofu) and can't wait to try it out. It was WAY easier than I had anticipated. Whew! Let me know if anyone would like instructions. I was so NOT looking forward to making a mother mold and was slightly intimidated by the process - 'til I figured it out. E-Z! Bucky
...See More
How do I exit those annoying Ivilliage commercials
Q
Comments (8)
Diana, you're doing it just right. The program "learns," so you may have to click an ad a couple of times before it goes away permanently. But once they're gone, they're gone. I haven't seen one of those annoying "floaters" or "flashers" here for a good year. Firefox is a neat program, too, because it is an open source program, so people in the internet community constantly come up with ways to enhance it. Very nice. Jeri
...See More
These annoying Pop Ups
Q
Comments (7)
How sad that our fun forums have been taken over by the monster.... You are right, it is like commercial TV. I guess I don't mind having to close a box once in awhile, but the take the whole page over ads make me switch to a different website. I can only imagine how long those would take to load with a dial up connection. It would render the website unusable. Sorry for the rant- go plants!!
...See More
10 things that annoy us about the holidays
Q
Comments (39)
None of that list annoys me. I love the Christmas season. Like Rusty, the only thing that I dislike about this time of year are the miserable wretches that want to put a damper on everyone elses fun. If they are not into it, fine. Everyone is not the same. But really,keep your negative attitude to yourself. What type of person sees people being excited to celebrate something and feels the need to try to ruin it? I hate when people tell me its too early for ME to listen to the music,that MY decorations are too much, that I spend too much on gifts for people that I WANT TO give gifts too. I mean, not even a gift for them! A few people have asked me what I plan to get for SO this year. I always get lots of things. The total for his gifts is usually between 1 and 2 thousand dollars. Not much to me,given the circumstances. He is so good to me all year, so when I get my profit sharing check at work every December,I spend most of it on his Christmas. How in the name of Bob Crachit is someone gonna tell ME that I spend too much money on him? Or that I listen to the music too early? Or anything like that. No ones asking them to chip in for the gifts or to tune their own radios to the music. What's their problem? Anything to be negative. Anything to be contrary. Anything to counteract the joy and excitement of the season. That's pitiful. I remember the year that an older kid at school had told one of my nieces (5 years old at the time) that Santa wasn't real. She was devastated. That kid was a miserable creature, who thoroughly enjoyed seeing her enjoyment ruined. Luckily, her parents were able to convince her otherwise and the magic lasted for a few more years for her. So yeah. My list would be fuddy duddies. Oh, and white/clear Christmas lights. What's the point? Although,in fairness,they dont really ANNOY me. They are pretty..I guess it just seems like a missed opportunity.......
...See More
zep516
11 years ago
last modified: 9 years ago
Like to see this too,

Double click the hijackthis Icon on the Desktop, Scroll down to "Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"[ over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Here is that file list, Zep.

AccelerometerP11
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell VideoStage
Dell Webcam Central
High-Definition Video Playback
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) WiDi
Java 7 Update 7
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
NVIDIA Stereoscopic 3D Driver
PlayReady PC Runtime x86
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype� 5.5
SyncUP
SyncUP
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4
Zinio Reader 4
zep516
11 years ago
last modified: 9 years ago
Looks like you had White Smoke toolbar, ----> R3 - URLSearchHook: (no name) - (cce665dd-f6dd-4808-968e-eaec971f70ef) - (no file) It appears to be gone cause it says "No File" Just an orphaned registry key left over. We can look further into that as we go.

Did Malwarebytes find anything when you ran it? If so do you have the log?

1 more scan, Don't delete anything just post the log it creates.
**********************************************************
Download AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Link below too for your convenience.

Double click on AdwCleaner.exe to run the tool.
***Note: Windows Vista and Windows 7 users:

Right click in the adwCleaner.exe and select "run as adminstrator"

1 Click the Search button.

2 A logfile will automatically open after the scan has finished.

3 Please post the content of that logfile in your next reply.

4 Or you can find the logfile at C:\AdwCleaner[R1].txt.

Joe

Here is a link that might be useful: adwcleaner
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
it almost sounds like she has something open in the back ground. Also many of the ads on these pages do have auto play and will start playing video, sound, music etc.
Adding firefox with adblock plus and easylist would block all of those so she might try doing that to see if it makes a difference. Let us know if you need the info on doing that.
zep516
11 years ago
last modified: 9 years ago
Sounds good ravencajun, cause I'm not seeing anything yet. Lets see what the next log shows, then we can go with the Adblock +
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Here is the scan from adwcleaner:

# AdwCleaner v2.001 - Logfile created 09/09/2012 at 12:37:33
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ConstantLight - DJARUMBLACK711
# Boot Mode : Normal
# Running from : C:\Users\ConstantLight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72D8GSU0\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\CONSTA~1\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\ConstantLight\AppData\Local\Conduit
Folder Found : C:\Users\ConstantLight\AppData\LocalLow\Conduit
Folder Found : C:\Users\ConstantLight\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Found : HKLM\SOFTWARE\Classes\TypeLib\(9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8)
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\(E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39)
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Found : HKLM\SOFTWARE\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Found : HKLM\SOFTWARE\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Found : HKU\S-1-5-21-377758485-2267313085-2573796334-1001\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2258 octets] - [09/09/2012 12:37:33]

########## EOF - C:\AdwCleaner[R1].txt - [2318 octets] ##########
zep516
11 years ago
last modified: 9 years ago
Please rescan with AdwCleaner.
Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save and open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
# AdwCleaner v2.001 - Logfile created 09/09/2012 at 13:24:50
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ConstantLight - DJARUMBLACK711
# Boot Mode : Normal
# Running from : C:\Users\ConstantLight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72D8GSU0\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\CONSTA~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\ConstantLight\AppData\Local\Conduit
Folder Deleted : C:\Users\ConstantLight\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ConstantLight\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\(9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8)
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\(E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39)
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Deleted : HKLM\SOFTWARE\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Deleted : HKLM\SOFTWARE\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-377758485-2267313085-2573796334-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2381 octets] - [09/09/2012 12:37:33]
AdwCleaner[R2].txt - [2556 octets] - [09/09/2012 13:23:38]
AdwCleaner[S1].txt - [3125 octets] - [09/09/2012 13:24:50]

########## EOF - C:\AdwCleaner[S1].txt - [3185 octets] ##########
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
What fantastic advice. Thank you so very much, Zep.

The ad/music are still in place; in fact, now it sounds like two different commercial excerpts playing one on top of the other. This is just the strangest thing I have every encountered.

My daughter notice that McAfee or parts of it are listed in the very first Highjack This list posted and in the second list posted are parts of Nero. She had uninstalled these programs. How can she get rid of the remaining bits and pieces, please.

As far as the commercials, is there a possibility that something is embedded in IE? I am grasping at straws here.
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Oops. Meant to post what I mean about McAfee and Nero.

C:\Users\ConstantLight\Desktop\HijackThis.exe:
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

Open Uninstall Manager HighjackThis:
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
zep516
11 years ago
last modified: 9 years ago
My daughter notice that McAfee or parts of it are listed in the very first Highjack

McAfee is your Anti Virus program, why are you concerned with that?
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Neither of us care for McAfee which was pre-loaded, and she uninstalled it and downloaded Microsoft Security Essentials, Superantispyware and Malwarebytes. That is why she would like all the bits and pieces of removed.

Likewise, with Nero. She does not like Nero and uninstalled it, but would like the remaining bits removed from her haptop.
zep516
11 years ago
last modified: 9 years ago
I did not no that, so lets get rid of McAfee all of it,using Application remover,

The free AppRemover utility enables thorough uninstallation of security software like antivirus and antispyware applications from your computer.

See link, let me know when that is done

Here is a link that might be useful: appremove
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Well, darn. AppRemover did not remove the remnants of McAfee or Nero.

The excerpts of sound from commercials continue.

As the British would say, "I am just gobsmacked!"

Thanks for your willingness to help remedy this situations, Zep. It is truly appreciated.
owbist
11 years ago
last modified: 9 years ago
The sounds are 'brief', define brief please. Are you able to discern words or phrases at all? Any repetition of the same sounds?

Click Start
click Control panel
click Hardware and Sound
click Device manager
In the new window do you see any yellow exclamation marks or question marks at all?

-------------------
Click Start and immediate start typing 'event viewer' in the space right above the start button without the quotes and hit enter.

Wait for the new window to be fully populated then look in the centre panel for errors. It will list those in the last hour and 24 hours. Click the plus sign beside Error to see the drop down menu, double click on any errors shown for explanations. Anything of interest there?
zep516
11 years ago
last modified: 9 years ago
Thanks owbist but I'd like to continue with the McAfee removal,

Lets run this for McAfee removal,

Download the MCPR tool from: See link below, when you click on the link a box will open on this page, click Save file, save it to your desktop, Then right click on it and choose "Run as Administrator". That should get rid of Left over McAfee files.

Here is a link that might be useful: MCPR.exe
zep516
11 years ago
last modified: 9 years ago
If that does not work we will delete these services manually.

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
owbist
11 years ago
last modified: 9 years ago
Of course Zep, my suggestions have no effect on your instructions I am just offering a new avenue seeing all your good work hasn't seemed to have fixed this strange puzzle.

I am merely clutching at straws hoping something might pop up to give a clue on the challenge.
zep516
11 years ago
last modified: 9 years ago
It's a weird one indeed and I like your suggestion. By the way if your here today, maybe revo will get rid of the nero program for walnutcreek. I'll be out most of day at that thing called work :(

Joe
zep516
11 years ago
last modified: 9 years ago
If for some reason the McAfee tool fails to remove those 023 services this is how to delete them manually using a command prompt.

To delete a service (O23) manually using a windows command prompt follow the instructions:
Click Start.
in search box
Type cmd or command and press enter.

When the black window opens (command prompt)using your mouse copy this command in bold sc delete McShield now right click within the black box and choose paste, that will paste the command you copied into the command prompt, hit enter on your keyboard. Reboot.

Do the same exercise for these sc delete mfefire Reboot sc delete mfevtp Reboot
shaxhome (Frog Rock, Australia 9b)
11 years ago
last modified: 9 years ago
Others seem to have had the same problem...

Here is a link that might be useful: Audio Leaks
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
Great find Shax!!! zep it definitely looks like an infection,an MBR infection actually, I think it may be easier to send them to LzD than to suggest using the method on shax link however and safer.

Since zep is helping you here I will let him make the call just in case he wants you to go to LzD here is the link to the area you would post your new thread in, you will need to register first of course. If you provide a link back to this thread it will be helpful.

LzD Analysis and Malware Removal

zep and I are there also so if you need help getting there should you go just ask.
zep516
11 years ago
last modified: 9 years ago
@ravencajun

Lets finish up the McAfee thing, an Nero, then I'll ask for a DDS log and the user will be more prepared for LDZ. I didn't like the link at all, the guy was just shooting various programs at the user and not 1 log was shown, and he said it was an MBR infection? I did not see awsMBR.exe ran either and that program scans and looks at the MBR and creates a log.
shaxhome (Frog Rock, Australia 9b)
11 years ago
last modified: 9 years ago
Zep..here's another thread with links and logs that may be of some help...

Regards,
Shax

Here is a link that might be useful: Same Problem
zep516
11 years ago
last modified: 9 years ago
Not a bad post, but it is 4 years old, I think the DDS log will be very helpful that I'm going to ask for, it will show us a great deal more information about files installed, when they were installed and where there installed to. It's very important to get logs on this machine, and not look at other peoples work on similar issues and sort of copy what they did, that being said it's still good reference material. My intentions are to fix McAfee an Nero, then turn the thread over to ldz

Joe
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
I agree with you. That's why I was not wanting any one to jump in to those directions on that link.
It will be interesting to see what turns up on the logs.
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
My daughter had to go home and back to work, so she has not had time to work on the annoying commercial outbreaks. I am hoping she can get back to the issue soon.

Just wanted to update y'all.
ravencajun Zone 8b TX
11 years ago
last modified: 9 years ago
do not let her delay if this is a serious infection she could be putting her information at risk especially if she uses this pc for any type of financial use.
She can go to the LzD link I provided from where ever she is and the team will help her run the scans needed to clean it.
WalnutCreek Zone 7b/8a
Original Author
11 years ago
last modified: 9 years ago
Thank you so much, zep, for the McAfee removal information. My daughter was able to totally remove McAfee. Here is what she stated: This worked! Tell everyone at GardenWeb thanks for all the help I really appreciate it. I THINK I the other issue with the sound bits is also fixed. I'll turn it on a few times through the week to check it out.

Posted by zep516 (My Page) on Sun, Sep 9, 12 at 23:59

Thanks owbist but I'd like to continue with the McAfee removal,
Lets run this for McAfee removal,

Download the MCPR tool from: See link below, when you click on the link a box will open on this page, click Save file, save it to your desktop, Then right click on it and choose "Run as Administrator". That should get rid of Left over McAfee files.
Here is a link that might be useful: MCPR.exe

Thanks to everyone else regarding removal of the sound bites issue.
zep516
11 years ago
last modified: 9 years ago
Good news is welcome, thank you!

Joe

Annoying Commercial Excerpts

Comments (32)

zep516

WalnutCreek Zone 7b/8a
Original Author

Related Discussions

zep516

WalnutCreek Zone 7b/8a
Original Author

zep516

ravencajun Zone 8b TX

zep516

WalnutCreek Zone 7b/8a
Original Author

zep516

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

zep516

WalnutCreek Zone 7b/8a
Original Author

zep516

WalnutCreek Zone 7b/8a
Original Author

owbist

zep516

zep516

owbist

zep516

zep516

shaxhome (Frog Rock, Australia 9b)

ravencajun Zone 8b TX

zep516

shaxhome (Frog Rock, Australia 9b)

zep516

ravencajun Zone 8b TX

WalnutCreek Zone 7b/8a
Original Author

ravencajun Zone 8b TX

WalnutCreek Zone 7b/8a
Original Author

zep516

COMPANY

BUSINESS SERVICES

GET HELP

CONNECT WITH US

Annoying Commercial Excerpts

Comments (32)

WalnutCreek Zone 7b/8aOriginal Author

Related Discussions

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

WalnutCreek Zone 7b/8aOriginal Author

COMPANY

BUSINESS SERVICES

GET HELP

CONNECT WITH US

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author

WalnutCreek Zone 7b/8a
Original Author