Ad pop-ups appearing when clicking on search links, login buttons, etc

[j_evenstar]

Hello,

I found this forum from Google blogs. I keep on getting pop-ups when I click on google search results, clicking the login button on facebook, and even when I click on the message pane here to start typing my message. I've used Malwarebytes, avast, and spybot search and destroy but even after the fixes I still get the pop-ups.

I will greatly appreciate your help. I'm attaching below the DDS logs.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.7600.16385

Run by Ruth at 22:31:29 on 2013-05-04

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2037.852 [GMT 8:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\SupportAppXL\cdrom_mon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe

C:\ProgramData\DatacardService\HWDeviceService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\TPHDEXLG.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.ph/

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [Google Update] "c:\users\ruth\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [TpShocks] c:\windows\system32\TpShocks.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"

StartupFolder: c:\users\ruth\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ruth\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{2DA1B015-42C6-4044-8F25-19ED96FCDC71} : DHCPNameServer = 192.168.254.1

TCP: Interfaces\{2F40EE69-D2AA-4271-8DF6-DFCE2C8569CF} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2F40EE69-D2AA-4271-8DF6-DFCE2C8569CF}\37B6972627F616462616E646 : DHCPNameServer = 111.68.59.70 114.108.192.30

TCP: Interfaces\{2F40EE69-D2AA-4271-8DF6-DFCE2C8569CF}\D4142514B41494 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{2F40EE69-D2AA-4271-8DF6-DFCE2C8569CF}\D69616023616374727F6 : DHCPNameServer = 121.1.3.81 121.1.3.16

TCP: Interfaces\{7EA86EDC-ECDC-4DD3-93CD-CB17FF2A0DB5} : DHCPNameServer = 10.198.220.124 202.126.40.5

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ruth\appdata\roaming\mozilla\firefox\profiles\f6qow5hi.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\users\ruth\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-3 49248]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-16 20496]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-16 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-16 368176]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-16 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-16 66336]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2008-11-26 81920]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-10 45248]

R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-3-16 13336]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-1 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-1 701512]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-5-4 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-5-4 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-5-4 168384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-1-8 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-16 29472]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-30 73984]

R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-3-21 275496]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-1 22856]

R3 vm331avs;Digital Camera 1;c:\windows\system32\drivers\vm331avs.sys [2011-3-16 184448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\globe tattoo broadband\updatedog\ouc.exe [2012-10-30 655712]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-3 164736]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-30 102784]

S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-10-30 11136]

S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-10-30 89856]

S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2012-10-30 26624]

S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2012-10-30 190976]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-3-16 174592]

S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]

.

=============== Created Last 30 ================

.

2013-05-04 02:45:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-05-04 02:45:12 15224 ----a-w- c:\windows\system32\sdnclean.exe

2013-05-04 02:44:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2013-05-01 13:59:20 -------- d-----r- c:\program files\Skype

2013-05-01 04:09:02 -------- d-----w- c:\users\ruth\appdata\roaming\Malwarebytes

2013-05-01 04:08:41 -------- d-----w- c:\programdata\Malwarebytes

2013-05-01 04:08:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-01 04:08:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-01 04:08:20 -------- d-----w- c:\users\ruth\appdata\local\Programs

2013-04-14 03:06:15 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe

.

==================== Find3M ====================

.

2013-05-04 02:26:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-04 02:26:25 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr

2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-06 23:33:24 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-06 23:33:24 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-06 23:33:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-06 23:33:23 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr

.

============= FINISH: 22:32:31.53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 3/16/2011 10:46:00 PM

System Uptime: 5/4/2013 10:02:46 PM (0 hours ago)

.

Motherboard: LENOVO | | Mariana-3B

Processor: Intel® Atom™ CPU N550 @ 1.50GHz | CPU 1 | 1500/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 254 GiB total, 117.829 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 28.224 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\VPC2004\0

Manufacturer:

Name:

PNP Device ID: ACPI\VPC2004\0

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&1AB35688&0&CC55AD2E01D5_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&1AB35688&0&CC55AD2E01D5_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A2\7&1AB35688&0&3451C9D23CA9_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A2\7&1AB35688&0&3451C9D23CA9_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&1AB35688&0&CC55AD2E01D5_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&1AB35688&0&CC55AD2E01D5_C00000000

Service:

.

==== System Restore Points ===================

.

RP69: 3/7/2013 9:21:30 PM - Scheduled Checkpoint

RP70: 3/16/2013 1:17:07 PM - Removed Google SketchUp 8

RP71: 3/16/2013 1:27:36 PM - Removed Skype Click to Call

RP72: 3/28/2013 8:46:04 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Active Protection System

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Anki

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Around The World in 80 Days

Ask Toolbar

avast! Free Antivirus

Bonjour

Broadcom 802.11 Network Adapter

Broadcom Gigabit NetLink Controller

Camfrog Video Chat 6.3

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Conexant HD Audio

Dropbox

EPSON TX110 Series Printer Uninstall

Freemake Video Converter version 3.2.1

Globe Broadband

Globe Tattoo Broadband

Google Chrome

iCloud

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

iTunes

Japanese Fonts Support For Adobe Reader X

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo EasyCamera

Lenovo OneKey Recovery

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

oDesk Team

OneNote Web Exporter (0.5.0)

Picasa 3

QuickTime

Rainbow Web

Realtek USB 2.0 Card Reader

RocketDock 1.3.5

Skype™ 6.3

SMART BRO

Spybot - Search & Destroy

VLC media player 1.1.11

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

WinRAR 4.00 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

5/4/2013 10:06:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

5/4/2013 10:03:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.

5/4/2013 10:03:16 PM, Error: Service Control Manager [7000] - The Globe Tattoo Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/27/2013 1:56:58 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/27/2013 1:56:58 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

.

==== End Of File ===========================

[Maniac]

Hello j_evenstar and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Step 1

Please uninstall this application: Ask Toolbar

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 4

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 5

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• Junkware Removal Tool log
  
• AdwCleaner log
  
• RogueKiller log

[j_evenstar]

Hello Maniac! Thank you very much for your reply.

I followed your instructions and below are all the logs.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.05.01

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Ruth :: RUTH-PC [administrator]

Protection: Enabled

5/5/2013 3:28:22 PM

mbam-log-2013-05-05 (15-28-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201462

Time elapsed: 14 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.3 (04.29.2013:2)

OS: Windows 7 Ultimate x86

Ran by Ruth on Sun 05/05/2013 at 16:09:15.67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 05/05/2013 at 16:20:27.25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.300 - Logfile created 05/05/2013 at 16:04:49

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Ruth - RUTH-PC

# Boot Mode : Normal

# Running from : C:\Users\Ruth\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files\Common Files\Tencent

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKCU\Software\TENCENT

Key Found : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\025176A3BF9264F4FACAEA2AEB6618F6

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\631F9E25D3C0BA340B38F99CF7E07A4F

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9671A38E305589F45A57F69B86BD9926

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C0BA5BDCBE75A44496E56FFA50D24FF

Key Found : HKLM\Software\TENCENT

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\f6qow5hi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2637 octets] - [05/05/2013 16:04:49]

########## EOF - C:\AdwCleaner[R1].txt - [2697 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : Ruth [Admin rights]

Mode : Scan -- Date : 05/05/2013 16:32:50

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-24A23T0 +++++

--- User ---

[MBR] 13fc24db36b3bd5bbea1bf7b60a8a4af

[bSP] 3390201175e52fa6dc8c23ab3c8ec481 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 260343 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05052013_02d1632.txt >>

RKreport[1]_S_05052013_02d1632.txt

[Maniac]

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

[j_evenstar]

Hello Maniac,

Please see log file below. Thank you.

# AdwCleaner v2.300 - Logfile created 05/05/2013 at 22:42:22

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : Ruth - RUTH-PC

# Boot Mode : Normal

# Running from : C:\Users\Ruth\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\Tencent

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKCU\Software\TENCENT

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\025176A3BF9264F4FACAEA2AEB6618F6

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\631F9E25D3C0BA340B38F99CF7E07A4F

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9671A38E305589F45A57F69B86BD9926

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C0BA5BDCBE75A44496E56FFA50D24FF

Key Deleted : HKLM\Software\TENCENT

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\f6qow5hi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2766 octets] - [05/05/2013 16:04:49]

AdwCleaner[R2].txt - [2826 octets] - [05/05/2013 22:40:55]

AdwCleaner[s1].txt - [2793 octets] - [05/05/2013 22:42:22]

########## EOF - C:\AdwCleaner[s1].txt - [2853 octets] ##########

[Maniac]

How are things now?

[j_evenstar]

Hi Maniac,

I've been observing for a while and clicking on links many times. I'm not getting the pop-ups anymore so I think the malware issue's fixed..

Thank you so much!!

[Maniac]

Glad I could help!

Please manually delete DDS, Junkware Removal Tool, AdwCleaner and RogueKiller.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!