Return to the Computer Help Forum | Post a Follow-Up

 o
Annoying Commercial Excerpts

Posted by walnutcreek (My Page) on
Sun, Sep 9, 12 at 10:39

My daughter has an allegedly new laptop. I say "allegedly" because there is a strange issue. I truly believe it is a brand new laptop, because she was at my house when she set everything up following the instructions the laptop was giving her.

Regardless, randomly either radio or TV commercial excerpts will start playing (audio only of extremely brief duration). It is exceedingly annoying.

She has scanned several times using: Spybot, Superantipspyware, Malwarebytes, Microsoft Security Essentials, and Microsoft Malicious Software Removal Tool. None of these have found or removed a virus or Trojan.

She and I are both stumped as to what she needs to do to get rid of this annoyance. We don't even know how to find out what "program" could even be doing this.

Please, please, please help.


Follow-Up Postings:

 o
RE: Annoying Commercial Excerpts

Can we see a log to get a basic idea of what programs are installed and what's running, that may help us to identify any issues, it's a start,

Click Here to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop. Right click the Hijackthis Icon and Run as Adminstrator if you use Vista or Windows 7
By default it will install to C:\Program Files\Trend Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy" and Paste the entire contents of the log into your next post.
DO NOT use the AnalyzeThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what HJT lists will be harmless or even required by your Operating System.

Then do this

Double click the hijackthis Icon on the Desktop, Scroll down to "Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"[ over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..


 o
RE: Annoying Commercial Excerpts

Thanks, Zep. Below is the logfile.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:53 AM, on 9/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Users\ConstantLight\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - (cce665dd-f6dd-4808-968e-eaec971f70ef) - (no file)
R3 - URLSearchHook: YTNavAssistPlugin Class - (81017EA9-9AA8-4A6A-9734-7AF40E7D593F) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - (7DB2D5A0-7241-4E79-B68D-6309F01C5231) - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120128104026.dll
O2 - BHO: Windows Live ID Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - (FDAD4DA1-61A2-4FD8-9C17-86F7AC245081) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: cozi - (5356518D-FE9C-4E08-9C1F-1E872ECD367F) - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: wlpg - (E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324) - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel� Centrino� Wireless Bluetooth� 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9798 bytes


 o
RE: Annoying Commercial Excerpts

Like to see this too,

Double click the hijackthis Icon on the Desktop, Scroll down to "Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"[ over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply..


 o
RE: Annoying Commercial Excerpts

Here is that file list, Zep.

AccelerometerP11
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
Dell VideoStage
Dell Webcam Central
High-Definition Video Playback
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) WiDi
Java 7 Update 7
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
NVIDIA Stereoscopic 3D Driver
PlayReady PC Runtime x86
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype� 5.5
SyncUP
SyncUP
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4
Zinio Reader 4


 o
RE: Annoying Commercial Excerpts

Looks like you had White Smoke toolbar, ----> R3 - URLSearchHook: (no name) - (cce665dd-f6dd-4808-968e-eaec971f70ef) - (no file) It appears to be gone cause it says "No File" Just an orphaned registry key left over. We can look further into that as we go.

Did Malwarebytes find anything when you ran it? If so do you have the log?


1 more scan, Don't delete anything just post the log it creates.
**********************************************************
Download AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Link below too for your convenience.

Double click on AdwCleaner.exe to run the tool.
***Note: Windows Vista and Windows 7 users:

Right click in the adwCleaner.exe and select "run as adminstrator"

1 Click the Search button.

2 A logfile will automatically open after the scan has finished.

3 Please post the content of that logfile in your next reply.

4 Or you can find the logfile at C:\AdwCleaner[R1].txt.

Joe

Here is a link that might be useful: adwcleaner


 o
RE: Annoying Commercial Excerpts

it almost sounds like she has something open in the back ground. Also many of the ads on these pages do have auto play and will start playing video, sound, music etc.
Adding firefox with adblock plus and easylist would block all of those so she might try doing that to see if it makes a difference. Let us know if you need the info on doing that.


 o
RE: Annoying Commercial Excerpts

Sounds good ravencajun, cause I'm not seeing anything yet. Lets see what the next log shows, then we can go with the Adblock +


 o
RE: Annoying Commercial Excerpts

Here is the scan from adwcleaner:

# AdwCleaner v2.001 - Logfile created 09/09/2012 at 12:37:33
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ConstantLight - DJARUMBLACK711
# Boot Mode : Normal
# Running from : C:\Users\ConstantLight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72D8GSU0\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\CONSTA~1\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\ConstantLight\AppData\Local\Conduit
Folder Found : C:\Users\ConstantLight\AppData\LocalLow\Conduit
Folder Found : C:\Users\ConstantLight\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Found : HKLM\SOFTWARE\Classes\TypeLib\(9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8)
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\(E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39)
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Found : HKLM\SOFTWARE\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Found : HKLM\SOFTWARE\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Found : HKU\S-1-5-21-377758485-2267313085-2573796334-1001\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2258 octets] - [09/09/2012 12:37:33]

########## EOF - C:\AdwCleaner[R1].txt - [2318 octets] ##########


 o
RE: Annoying Commercial Excerpts

Please rescan with AdwCleaner.
Double-click AdwCleaner.exe to run the tool.
Click Delete.
Everything that was found will be deleted.
Save and open files and approve the reboot. A text file will open after the restart.
Please post the contents of that logfile with your next reply.


 o
RE: Annoying Commercial Excerpts

# AdwCleaner v2.001 - Logfile created 09/09/2012 at 13:24:50
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ConstantLight - DJARUMBLACK711
# Boot Mode : Normal
# Running from : C:\Users\ConstantLight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72D8GSU0\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\CONSTA~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\ConstantLight\AppData\Local\Conduit
Folder Deleted : C:\Users\ConstantLight\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ConstantLight\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\(95B7759C-8C7F-4BF1-B163-73684A933233)
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\(9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8)
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\(E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39)
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)
Key Deleted : HKLM\SOFTWARE\Classes\Interface\(03E2A1F3-4402-4121-8B35-733216D61217)
Key Deleted : HKLM\SOFTWARE\Classes\Interface\(9E3B11F6-4179-4603-A71B-A55F4BCB0BEC)

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-377758485-2267313085-2573796334-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\ConstantLight\AppData\Roaming\Mozilla\Firefox\Profiles\72pzdx4i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2381 octets] - [09/09/2012 12:37:33]
AdwCleaner[R2].txt - [2556 octets] - [09/09/2012 13:23:38]
AdwCleaner[S1].txt - [3125 octets] - [09/09/2012 13:24:50]

########## EOF - C:\AdwCleaner[S1].txt - [3185 octets] ##########


 o
RE: Annoying Commercial Excerpts

What fantastic advice. Thank you so very much, Zep.

The ad/music are still in place; in fact, now it sounds like two different commercial excerpts playing one on top of the other. This is just the strangest thing I have every encountered.

My daughter notice that McAfee or parts of it are listed in the very first Highjack This list posted and in the second list posted are parts of Nero. She had uninstalled these programs. How can she get rid of the remaining bits and pieces, please.

As far as the commercials, is there a possibility that something is embedded in IE? I am grasping at straws here.


 o
RE: Annoying Commercial Excerpts

Oops. Meant to post what I mean about McAfee and Nero.

C:\Users\ConstantLight\Desktop\HijackThis.exe:
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

Open Uninstall Manager HighjackThis:
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10


 o
RE: Annoying Commercial Excerpts

My daughter notice that McAfee or parts of it are listed in the very first Highjack

McAfee is your Anti Virus program, why are you concerned with that?


 o
RE: Annoying Commercial Excerpts

Neither of us care for McAfee which was pre-loaded, and she uninstalled it and downloaded Microsoft Security Essentials, Superantispyware and Malwarebytes. That is why she would like all the bits and pieces of removed.

Likewise, with Nero. She does not like Nero and uninstalled it, but would like the remaining bits removed from her haptop.


 o
RE: Annoying Commercial Excerpts

I did not no that, so lets get rid of McAfee all of it,using Application remover,

The free AppRemover utility enables thorough uninstallation of security software like antivirus and antispyware applications from your computer.

See link, let me know when that is done

Here is a link that might be useful: appremove


 o
RE: Annoying Commercial Excerpts

Well, darn. AppRemover did not remove the remnants of McAfee or Nero.

The excerpts of sound from commercials continue.

As the British would say, "I am just gobsmacked!"

Thanks for your willingness to help remedy this situations, Zep. It is truly appreciated.


 o
RE: Annoying Commercial Excerpts

The sounds are 'brief', define brief please. Are you able to discern words or phrases at all? Any repetition of the same sounds?

Click Start
click Control panel
click Hardware and Sound
click Device manager
In the new window do you see any yellow exclamation marks or question marks at all?

-------------------
Click Start and immediate start typing 'event viewer' in the space right above the start button without the quotes and hit enter.

Wait for the new window to be fully populated then look in the centre panel for errors. It will list those in the last hour and 24 hours. Click the plus sign beside Error to see the drop down menu, double click on any errors shown for explanations. Anything of interest there?


 o
RE: Annoying Commercial Excerpts

Thanks owbist but I'd like to continue with the McAfee removal,

Lets run this for McAfee removal,

Download the MCPR tool from: See link below, when you click on the link a box will open on this page, click Save file, save it to your desktop, Then right click on it and choose "Run as Administrator". That should get rid of Left over McAfee files.

Here is a link that might be useful: MCPR.exe


 o
more

If that does not work we will delete these services manually.

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)


 o
RE: Annoying Commercial Excerpts

Of course Zep, my suggestions have no effect on your instructions I am just offering a new avenue seeing all your good work hasn't seemed to have fixed this strange puzzle.

I am merely clutching at straws hoping something might pop up to give a clue on the challenge.


 o
RE: Annoying Commercial Excerpts

It's a weird one indeed and I like your suggestion. By the way if your here today, maybe revo will get rid of the nero program for walnutcreek. I'll be out most of day at that thing called work :(

Joe


 o
also

If for some reason the McAfee tool fails to remove those 023 services this is how to delete them manually using a command prompt.

To delete a service (O23) manually using a windows command prompt follow the instructions:
Click Start.
in search box
Type cmd or command and press enter.

When the black window opens (command prompt)using your mouse copy this command in bold sc delete McShield now right click within the black box and choose paste, that will paste the command you copied into the command prompt, hit enter on your keyboard. Reboot.

Do the same exercise for these sc delete mfefire Reboot sc delete mfevtp Reboot


 o
RE: Annoying Commercial Excerpts

Others seem to have had the same problem...

Here is a link that might be useful: Audio Leaks


 o
RE: Annoying Commercial Excerpts

Great find Shax!!! zep it definitely looks like an infection,an MBR infection actually, I think it may be easier to send them to LzD than to suggest using the method on shax link however and safer.

Since zep is helping you here I will let him make the call just in case he wants you to go to LzD here is the link to the area you would post your new thread in, you will need to register first of course. If you provide a link back to this thread it will be helpful.

LzD Analysis and Malware Removal

zep and I are there also so if you need help getting there should you go just ask.


 o
RE: Annoying Commercial Excerpts

@ravencajun

Lets finish up the McAfee thing, an Nero, then I'll ask for a DDS log and the user will be more prepared for LDZ. I didn't like the link at all, the guy was just shooting various programs at the user and not 1 log was shown, and he said it was an MBR infection? I did not see awsMBR.exe ran either and that program scans and looks at the MBR and creates a log.


 o
RE: Annoying Commercial Excerpts

Zep..here's another thread with links and logs that may be of some help...

Regards,
Shax

Here is a link that might be useful: Same Problem


 o
RE: Annoying Commercial Excerpts

Not a bad post, but it is 4 years old, I think the DDS log will be very helpful that I'm going to ask for, it will show us a great deal more information about files installed, when they were installed and where there installed to. It's very important to get logs on this machine, and not look at other peoples work on similar issues and sort of copy what they did, that being said it's still good reference material. My intentions are to fix McAfee an Nero, then turn the thread over to ldz

Joe


 o
RE: Annoying Commercial Excerpts

I agree with you. That's why I was not wanting any one to jump in to those directions on that link.
It will be interesting to see what turns up on the logs.


 o
RE: Annoying Commercial Excerpts

My daughter had to go home and back to work, so she has not had time to work on the annoying commercial outbreaks. I am hoping she can get back to the issue soon.

Just wanted to update y'all.


 o
RE: Annoying Commercial Excerpts

do not let her delay if this is a serious infection she could be putting her information at risk especially if she uses this pc for any type of financial use.
She can go to the LzD link I provided from where ever she is and the team will help her run the scans needed to clean it.


 o
RE: Annoying Commercial Excerpts

Thank you so much, zep, for the McAfee removal information. My daughter was able to totally remove McAfee. Here is what she stated: This worked! Tell everyone at GardenWeb thanks for all the help I really appreciate it. I THINK I the other issue with the sound bits is also fixed. I'll turn it on a few times through the week to check it out.

Posted by zep516 (My Page) on Sun, Sep 9, 12 at 23:59

Thanks owbist but I'd like to continue with the McAfee removal,
Lets run this for McAfee removal,

Download the MCPR tool from: See link below, when you click on the link a box will open on this page, click Save file, save it to your desktop, Then right click on it and choose "Run as Administrator". That should get rid of Left over McAfee files.
Here is a link that might be useful: MCPR.exe

Thanks to everyone else regarding removal of the sound bites issue.


 o
RE: Annoying Commercial Excerpts

Good news is welcome, thank you!

Joe


 o Post a Follow-Up

Please Note: Only registered members are able to post messages to this forum.

    If you are a member, please log in.

    If you aren't yet a member, join now!


Return to the Computer Help Forum

Information about Posting

  • You must be logged in to post a message. Once you are logged in, a posting window will appear at the bottom of the messages. If you are not a member, please register for an account.
  • Please review our Rules of Play before posting.
  • Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review your post, make changes and upload photos.
  • After posting your message, you may need to refresh the forum page in order to see it.
  • Before posting copyrighted material, please read about Copyright and Fair Use.
  • We have a strict no-advertising policy!
  • If you would like to practice posting or uploading photos, please visit our Test forum.
  • If you need assistance, please Contact Us and we will be happy to help.


Learn more about in-text links on this page here