Results 1 to 5 of 5

Thread: contextual ads

  1. #1
    Member
    Join Date
    Mar 2009
    Location
    fresno, tx
    Posts
    2
    Points
    0

    Default contextual ads

    I keep getting contextual ad pop ups. how can I get rid of this?

  2. #2
    Member MrDarn's Avatar
    Join Date
    Jul 2007
    Location
    South East Northumberland
    Posts
    2,949
    Points
    557

    Default

    Hi there Ladyj, and welcome to Help2Go!

    Unfortunatly, as you may know, there is alot of spyware and addware around these days, and we have many requests about this infection, however there is no 'one click fix'

    Your best chance of success is to follow the instructions HERE (Click here) then post a HijackThis (step 6) log to this thread for the final assessment, so cleanup can proceed.

    Best of luck! and please, if you are asking on any other sites for help, choose one of them now, as looking thru logs takes alot of time, and our time here is given freely, by voulenteers.

    If you choose us, please follow the above link, and let anyone else know your staying here, otherwise, we wish you the best of luck in removing this annoyance!

    Let us know if you have any trouble following the guide.

  3. #3
    Member
    Join Date
    Mar 2009
    Location
    fresno, tx
    Posts
    2
    Points
    0

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:58:34 PM, on 3/20/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16809)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Microsoft Works\WkCalRem.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: snappyads - {84c96c13-847a-71fd-5d26-92aae79ca980} - C:\Windows\system32\nsu6D85.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RDBP38EI\SCRIPT~2.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WC3VTOFM\HOME__~2.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UZWU7FNE\CLEOTA~3.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JT47GRCS\QUANT_~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\W12N04YM\499AA1~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WC3VTOFM\HO2653~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UZWU7FNE\CLC959~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JT47GRCS\CLE101~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TAZ1OZNI\CLAC77~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WFCNESD2\49A805~2.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Wind
    O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RDBP38EI\SCRIPT~2.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WC3VTOFM\HOME__~2.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UZWU7FNE\CLEOTA~3.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JT47GRCS\QUANT_~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\W12N04YM\499AA1~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WC3VTOFM\HO2653~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\UZWU7FNE\CLC959~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JT47GRCS\CLE101~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\TAZ1OZNI\CLAC77~1.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\WFCNESD2\49A805~2.SH! C:\Users\JORDAN\AppData\Local\MICROS~1\Wind
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10114 bytes
    Attached Files
    Last edited by evilfantasy; 03-20-2009 at 10:17 PM.

  4. #4
    Member MrDarn's Avatar
    Join Date
    Jul 2007
    Location
    South East Northumberland
    Posts
    2,949
    Points
    557

    Default

    Whilst you await the help of our trained spyware fighter, could you also please include your MalwareBytes log also.

    Did you follow the advice given in THE DETECTIVE?(click here) with regards your hijack this log? If so, please re-run Hijack this, and post a new log.

    I now leave you in the hands of our trained Spyware Fighter.

  5. #5
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Download from DDS by sUBs and save it to your Desktop.

    Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * Double click on dds to run it.
    * When done, DDS.txt will open.
    * You will receive another prompt after a while. Click Yes at the prompt and for the next scan to complete.
    * When done, Attach.txt will open.
    * Please copy and paste the contents of DDS.txt and Attach.txt in your next reply.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum