Audio Advertisments

Hi, i have a problem where i hear audio adverts playing in the background of this laptop. When i check the sound mixer settings, they show up as "not available" and after running MWAM full scans in normal and safemode, nothing has shown up. I hope i can get help to resolve this nuisance. Thanks

Welcome aboard

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices (do NOT change any settings here)
• List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Hi thanks for the reply

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!


WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 31
Adobe Flash Player 11.2.202.235
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````




Farbar Service Scanner Version: 09-06-2012
Ran by Ziggy (administrator) on 11-06-2012 at 16:33:20
Running from "C:\Users\Ziggy\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does

not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not

exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does

not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not

exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not

exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not

exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does

not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not

exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does

not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does

not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does

not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does

not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 21:56] - [2011-12-28 04:59] - 0499200 ____A (Microsoft Corporation)

DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 14:37] - [2012-03-30 12:09] - 1895280 ____A (Microsoft Corporation)

624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation)

AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation)

765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-14 01:36] - [2009-07-14 02:41] - 2418176 ____A (Microsoft Corporation)

38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.09.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ziggy :: ZIGGY-PC [administrator]

Protection: Enabled

11/06/2012 17:53:15
mbam-log-2012-06-11 (17-53-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205505
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{e61ad4fb-8080-19fb-9a23-5da93991e46d}\U\00000008.@ (Trojan.Dropper.BCMiner)

-> Quarantined and deleted successfully.

(end)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 17:51:43
-----------------------------
17:51:43.366 OS Version: Windows x64 6.1.7600
17:51:43.366 Number of processors: 4 586 0x2502
17:51:43.366 ComputerName: ZIGGY-PC UserName: Ziggy
17:51:45.534 Initialize success
17:51:53.709 AVAST engine defs: 12061100
17:51:55.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:51:55.409 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
17:51:55.425 Disk 0 MBR read successfully
17:51:55.440 Disk 0 MBR scan
17:51:55.440 Disk 0 Windows VISTA default MBR code
17:51:55.456 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
17:51:55.487 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
17:51:55.503 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225373 MB offset 26830848
17:51:55.518 Disk 0 scanning C:\Windows\system32\drivers
17:52:07.325 Service scanning
17:52:52.293 Modules scanning
17:52:52.303 Disk 0 trace - called modules:
17:52:52.442 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:52:52.785 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003054060]
17:52:52.795 3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002f54050]
17:53:00.600 AVAST engine scan C:\Windows
17:53:05.601 AVAST engine scan C:\Windows\system32
17:57:09.602 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:57:14.128 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:59:25.013 AVAST engine scan C:\Windows\system32\drivers
17:59:49.393 AVAST engine scan C:\Users\Ziggy
18:11:44.893 AVAST engine scan C:\ProgramData
18:12:19.145 Scan finished successfully
18:12:52.786 Disk 0 MBR has been saved successfully to "C:\Users\Ziggy\Desktop\MBR.dat"
18:12:52.793 The log file has been saved successfully to "C:\Users\Ziggy\Desktop\aswMBR.txt"

You're infected with ZeroAccess rootkit.
That will require elevated help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.