Random Audio Files / Ads / Music Clips Play On Computer

First, thank you for taking your time to help me, much appreciated!

Sorry this info is limited but not sure what other info will be significant.

For the past 2-3 months maybe, my HP Laptop (Vista) plays random audio clips. This happens when I am using programs or doing nothing. I am always connected to the net via wireless so not sure if it happens when I am not connected.

The clips last anywhere from 2 seconds to one minute and usually sound like they are cut off in the middle when they stop. Sometimes, the clips are choppy sounding, as if there is not enough memory to play the audio clip. I have heard "Hi, this is Howie Mandel", last night I heard a minute long weight loss ad and this morning I heard a partial ad for the new "Stepbrothers" movie. In the past I believe I heard hip hop music clips as well.

When this happens I have used Task Manager to see what's running and nothing appears in the Applications tab and nothing unusual in the Processes tab (although I wouldn't know what to look for there anyhow). I usually keep my speakers on mute to prevent hearing these ads but we I am watching a movie or listening to news or music, these clips are as loud and I have to just stop what I am listening to and wait for these clips to end. Sometimes I hear none in a day and sometimes five or more.

I use Trend Micro and Windows Defender and no virus has been detected. I do download a lot, using Azereus and Limewire but other than that, usually stick to the same known websites and never click on any unknown emails or ads.

Any help is appreciated!!! I am ready to do a complete dump and start from scratch with my computer but I thought I'd try here first as that is my last resort.

Thank you!

Renee

Hello let's run one more scan...Run as administrator...

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Great, thank you, I will do so in as soon as I get home from work in a couple hours...

Thank you for your help!!!

Malwarebytes' Anti-Malware 1.23
Database version: 989
Windows 6.0.6001 Service Pack 1

4:48:33 PM 07/24/08
mbam-log-7-24-2008 (16-48-33).txt

Scan type: Quick Scan
Objects scanned: 35183
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\Windows\System32\routing.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\perfs.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Internet Explorer\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\afinding.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\wserving.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\andt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\perfs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\Indt2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Today files were audio playing again so I assume the virus scan did not work, thank you anyhow.

Any other suggestions???

Thank you!

Actually these downloaders are stubborn. please updat and rerun the scan.Post another log.
Yopu also had several rootkits. These can be very dangerous. They will take your personal information and send it home. They are looking for passwords,crdit card and other financial information so thsy can steal it. You should changeany and all passwords and finacial information stored on this PC.

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read " When should I re-format?and "Reformatting the computer or troubleshooting; which is best? ".

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Let me know how you wish to proceed.

Thanks for all the info, because of your comments, I have decided to reformat my OS. Just a couple questions so I am informed and can avoid rootkits again...

Where did I most likely get the rootkits from?
I usually stay to the same websites and don't click on ads or unknown emails. I do use Azureus to download programs (such as Nero, Alcohol) and movies as well as I use Limewire for music. Is it likely I am getting it from these sources? I also have used unsecured wireless numerous times, can this be a cause as well?

What is the best combo of virus, spyware, malware programs I should use?
I currently use Trend Mirco Internet Security and Windows Defender but Windows Defender has never picked up anything and Trend Micro picked up a couple viruses a long time ago but it seems neither of these helped. Once a couple months ago, every time I restarted my computer it would come up with a bunch of guest accounts and one admin accounts. Each time I would delete all the guest accounts but once I restarted, they would reappear. I ran Trend Micro, and nothing was detected. So, what brands do you recommend?

What else can I do to prevent this from happening again?
It is going to be such a pain to reformat that I want to make sure I don't get this again. After reading your article I will for sure not run on my Admin account unless needed and I will use your recommended software for virus, etc. What else can I do or avoid?

Is standard reformatting going to solve my problem?
I was just going to put in my restore CDs I originally created when I got my laptop and dump everything and reinstall Windows. Will this be sufficient as I read in your article about removing batteries, etc. and I have never done that before and am not confident in doing so myself (and do not want to have someone else do it as I cannot afford it). I have reformmated before on an old system so do not mind this option but do you thin it will solve the problem? If not, what do you suggest or is there a tutorial you can direct me to?


Thank you again, so much appreciated!!!

Where did I most likely get the rootkits from?

The rootkit in itself is not the malware,but it's abilities to allow the programmer (hacker) access to thePC and then run the programs desired is the evil.
A rootkit is a program that is designed to hide itself and other programs, data, and/or activity including viruses, backdoors, keyloggers and spyware on a computer system.
They originally came in CD's like sony,I belive but now come with email attachments and the like.

What is the best combo of virus, spyware, malware programs I should use?
Usually what works best for you. I know not a great answer. In use it is best to have one AV,One firewall and several layrs of Antispyware protection. What you have should be OK and I would add MalwareBytes ,BoClean or SuperAntispyware and SpywareBlaster. I have Avira, Comodo and those I mentioned. They can be found here at our link (all free)...

Freeware Replacements

except MalwareBytes ..here.. http://www.besttechie.net/tools/mbam-setup.exe

What else can I do to prevent this from happening again?
Please read the brief articles here,Post 10,very informative
http://www.bleepingcomputer.com/forums/top...tml#entry829374

Is standard reformatting going to solve my problem?
As mentioned earlier. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. A full format and install not a repair.

Good Luck.

Thank you so much for all of your time and assistance, I will do all you suggested! Than you so much!

You're welcome and ask any questions you may have. If you need instruction on Formatting ask in the apprpriate Operating System forum and you will be advised.

Thanks from all of us at BC