Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio advertisements running in the background


  • This topic is locked This topic is locked
8 replies to this topic

#1 Madrigal

Madrigal

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:29 PM

Posted 09 June 2012 - 06:16 PM

Hello! I have no experience whatsoever with computers, so please explain things to me like I'm a five-year old. Thank you.

My computer recently started to play these random audio advertisements. A day or so before, I turned on my computer to find that the toolbar at the bottom of the screen had changed from the sleek black/gray look it had before to the classic light gray box. The title bar things at the top of any open window have the same look. My Start button is also no longer round and blue with the Windows symbol. I cannot revert it because the option seems to have disappeared under the "Windows Color and Appearance" section of Personalization. I do not know if this has anything to do with the audio ads.

My computer shows a blue error screen with white writing when I try to turn it on. It doesn't give me enough time to read the message, so I don't know what it says. I do not know if this is related to the problem.

I looked around a little bit and decided to download and run HijackThis after Spybot and Norton scans hadn't found anything strange. I clicked the top option, I don't really remember what it was, but I assume it scanned my computer and it gave me the results. Not having any clue as to what I was doing, I didn't "Fix" anything.

I am worried that this may be a virus or something and don't feel brave enough to log in on any of my normal websites.

I would appreciate any help on the subject! Thank you very much in advance.

As I apparently am not permitted to upload this kind of file, here's a copy-paste version of the log I recieved:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:13:59 PM, on 6/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage

Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe

Online\DataSafeOnline.exe
C:\Program Files\Dell Webcam\Dell Webcam

Central\WebcamDell2.exe
C:\Program Files\Dell Support

Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java

Update\jusched.exe
C:\Users\Rebecca\AppData\Local\Akamai\netsessio

n_win.exe
C:\Program Files\Windows Media

Player\wmpnscfg.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Users\Rebecca\AppData\Local\Akamai\netsessio

n_win.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Rebecca\Downloads\Paint Tool

Sai\PaintTool SAI English Pack\sai.exe
C:\Program Files\CamStudio\Recorder.exe
C:\Program Files\Trend

Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32

\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX

.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion

\Internet Settings,ProxyOverride =

127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283

-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-

90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-

4217-8AA1-95DAC4DFA408} - C:\Program

Files\Norton Security Suite\Engine\5.2.1.3

\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention -

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\Program Files\Norton Security

Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464

-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-

BAB6-AB8354A81457} - C:\Program Files\Search

Toolbar\SearchToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4

-8F7B-F1F7851A4497} - C:\Program

Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-

4337-BAB6-AB8354A81457} - C:\Program

Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349

-98D2-FFB09D4B49CA} - C:\Program Files\Norton

Security Suite\Engine\5.2.1.3\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %

ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program

Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]

C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program

Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program

Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Dell DataSafe Online]

"C:\Program Files\Dell DataSafe

Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Dell Webcam Central]

"C:\Program Files\Dell Webcam\Dell Webcam

Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program

Files\Dell Support Center\bin\sprtcmd.exe" /P

dellsupportcenter
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%

\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray]

C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]

C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program Files\Common Files\Java\Java

Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program

Files\Common Files\Adobe\ARM\1.0

\AdobeARM.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface]

"C:\Users\Rebecca\AppData\Local\Akamai\netsessi

on_win.exe"
O4 - HKCU\..\Run: [PicoZip] C:\Program

Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program

Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater]

C:\Windows\system32\Adobe\Shockwave 11

\SwHelper_1151601.exe -Update -1151601

-"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;

SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET

CLR 3.5.30729; MDDC; .NET CLR 3.0.30729; .NET4.0C;

AskTB5.4)" -"http://www.miniclip.com/games/show-

jumping/en/"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk =

C:\Program Files\Dell\DellDock\DellDock.exe (User

'Default user')
O4 - Global Startup: Dell Remote Access.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program

Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Search - ?

p=ZCxdm993YYUS
O8 - Extra context menu item: E&xport to Microsoft

Excel - res://C:\PROGRA~1\MICROS~3\Office12

\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a

-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows

Live Writer - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-

E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-

B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3

\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS]

Accelerated graphics
O16 - DPF: {444785F1-DE89-4295-863A-

D46C3A781394} -

http://webplayer.unity3d.com/download_webplayer-

2.x/UnityWebPlayer.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-

55DEA7BCADD6} (WMI Class) -

http://support.dell.com/systemprofiler/SysProExe.CAB
O18 - Protocol: skype-ie-addon-data - {91774881-

D725-4E58-B298-07617B9B86A8} - C:\Program

Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O20 - Winlogon Notify: GoToAssist - C:\Program

Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories

cache daemon - {8C7461EF-2B13-11d2-BE35-

3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7

(AdobeActiveFileMonitor7.0) - Adobe Systems

Incorporated - C:\Program Files\Adobe\Photoshop

Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service

(AdobeARMservice) - Adobe Systems Incorporated -

C:\Program Files\Common Files\Adobe\ARM\1.0

\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) -

Andrea Electronics Corporation -

C:\Windows\System32

\DriverStore\FileRepository\stwrt.inf_f6ef8056

\aestsrv.exe
O23 - Service: Dock Login Service (DockLoginService) -

Stardock Corporation - C:\Program

Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision

Europe Ltd. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of

Citrix Systems, Inc. - C:\Program

Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate)

(gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem)

(gupdatem) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Advanced Networking Service (hnmsvc)

- Dell Inc. - c:\Program Files\Common

Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor

(IAANTMON) - Intel Corporation - C:\Program

Files\Intel\Intel Matrix Storage

Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Security Suite (N360) -

Symantec Corporation - C:\Program Files\Norton

Security Suite\Engine\5.2.1.3\ccSvcHst.exe
O23 - Service: SBSD Security Center Service

(SBSDWSCService) - Safer Networking Ltd. -

C:\Program Files\Spybot - Search &

Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) -

SoftThinks SAS - C:\Program Files\Dell DataSafe Local

Backup\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service

(DellSupportCenter) (sprtsvc_DellSupportCenter) -

SupportSoft, Inc. - C:\Program Files\Dell Support

Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. -

C:\Windows\System32

\DriverStore\FileRepository\stwrt.inf_f6ef8056

\STacSV.exe
O23 - Service: TabletServicePen - Wacom Technology,

Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service

(wltrysvc) - Unknown owner -

C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: WTouch Service (WTouchService) -

Wacom Technology, Corp. - C:\Program

Files\WTouch\WTouchService.exe
O23 - Service: Marvell Yukon Service (yksvc) -

Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 10600 bytes

Edited by Madrigal, 10 June 2012 - 11:04 AM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 AM

Posted 11 June 2012 - 11:32 PM

Hi,

Disable word wrap in notepad so that text format is more readable, please.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Madrigal

Madrigal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:29 PM

Posted 12 June 2012 - 03:25 PM

My computer now fails to let me log in at all.

I've only tried to turn it on once more. A black screen with white lettering appears under the title "Windows Boot Manager" It says:

Your computer can't come out of hibernation.
Status: 0xc000007b
Info: A fatal error occurred processing the restoration data.
File: \hiberfil.sys
Application failed to initialize properly (0xc00000142). Click OK to terminate application.


So I hit OK and the log-in screen shows up. My user (the only one that is available) is not present. There is a user present called "Other User" that requires a username and password that I have never created and therefore don't know. (Specified domain does not exist or could not be contacted.)

I am currently using a different computer and am at a loss. I suppose I will simply have to get a new laptop. However, is there any way to retrieve files from my other computer? It's not life-threatening, but if there is a virus in my computer I have ONE file with credit card information and such on it that would not be good to share. I also have a project on there made with an art program that I would be bitter about losing.

What do you say? Is my computer a goner, or should I bring it in somewhere to be fixed?

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 AM

Posted 13 June 2012 - 11:10 AM

Hi,

Try to reboot and see if it still shows that message.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Madrigal

Madrigal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:29 PM

Posted 13 June 2012 - 11:34 AM

How would I go through the process of doing this?

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 AM

Posted 13 June 2012 - 11:36 AM

By restarting your system (if no other way to do this then turn the system power off and back on).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Madrigal

Madrigal
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:29 PM

Posted 14 June 2012 - 09:29 PM

My computer gives me the option of running some kind of Repair Launch or to start Windows normally. I say okay to the repair and the log in screen with "Other User" shows up. I can do nothing from here. Ctrl+Alt+Delete doesn't appear to have any sort of effect.

Thank you for your help, Blade81. Is there anything more I can do in this situation?

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 AM

Posted 15 June 2012 - 11:14 AM

Hi,

My computer gives me the option of running some kind of Repair Launch or to start Windows normally.

If you try to start Windows normally does it crash with the blue screen?

If you press F8 before Windows loading animation and select safe mode from the menu there does it work?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 AM

Posted 26 June 2012 - 02:59 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users