Tech Problem Aggregator

Audio ads playing in background, google redirect, windows firewall "unidentified problem" error

Q: Audio ads playing in background, google redirect, windows firewall "unidentified problem" error

I keep hearing random audio ads or music coming from my speakers every now and then. I also noticed that in Windows Task Manager it shows two iexplorer.exe processes are running, and whenever I try to End Process they pop back up a few seconds later and I'm not sure if this is normal but svchost.exe is using a lot of memory. Also often when I search for websites on google it redirects me to random websites. And when following the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" when I double click the Windows Firewall icon in the control panel I get a error window stating "Due to an unidentified problem, Windows cannot display Windows Firewall settings." I could not create a GMER Log, during the scanning process I always eventually get the blue screen of death.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by Brent at 18:53:15 on 2012-07-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1922 [GMT -10:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Brent\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Brent\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\raidcall\raidcall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "c:\documents and settings\brent\local settings\application data\akamai\netsession_win.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Sonic Solutions] RUNDLL32.EXE "c:\documents and settings\brent\local settings\application data\sonic solutions\leawxjff.dll",DSCRun
uRun: [Akamai] rundll32.exe "c:\documents and settings\brent\local settings\application data\ati\akamai\pisagrwul.dll",CreateInstance
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Akamai] rundll32.exe "c:\documents and settings\brent\local settings\application data\ati\akamai\pisagrwul.dll",CreateInstance
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DF1930DE-9EDB-42FF-BC66-1984A1A725B8} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brent\application data\mozilla\firefox\profiles\onxnrr26.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBFPlugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2008-5-28 337280]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2008-5-28 54656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2008-6-24 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2008-6-24 169320]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2008-9-30 1956792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-18 106656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120720.002\naveng.sys [2012-7-20 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120720.002\navex15.sys [2012-7-20 1589752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
R3 XDva396;XDva396;\??\c:\windows\system32\xdva396.sys --> c:\windows\system32\XDva396.sys [?]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-9-30 116664]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2011-12-18 665616]
S3 xspirit;xspirit;\??\c:\windows\xspirit.sys --> c:\windows\xspirit.sys [?]
.
=============== Created Last 30 ================
.
2012-07-21 05:21:51 -------- d-----w- c:\documents and settings\brent\application data\Malwarebytes
2012-07-21 05:21:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-21 05:21:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 05:21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-13 07:22:31 -------- d-----w- c:\documents and settings\brent\local settings\application data\Sonic Solutions
.
==================== Find3M ====================
.
2012-07-12 11:21:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:21:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-03 01:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-03 01:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-03 01:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-03 01:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-03 01:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-03 01:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-03 01:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-03 01:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-14 19:48:06 4702744 ----a-w- c:\windows\system32\GameMon.des
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-10 20:02:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-10 20:02:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-10 20:02:40 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAC -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AE374B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ae3e93c]; MOV EAX, [0x8ae3eab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8B08CAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8B000740]
\Driver\atapi[0x8AFDCCA8] -> IRP_MJ_CREATE -> 0x8AE374B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AE372E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:55:32.31 ===============

A: Audio ads playing in background, google redirect, windows firewall "unidentified problem" error

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

18 more replies
Answer Match 81.3%

Sometime last week I got hit with a rogue anti-virus program, can't remember it's name, but I got rid of that rather easily. However, since then google has been redirecting me when I do searches, Internet Explorer script errors appear even though I don't have IE installed, and random audio ads play in the background without any program being open. These ads last anywhere from 15 seconds for the shortest to 15 minutes. I had almost a full radio show from a Christian radio station play last night. I would really appreciate any help with this! I have work in about two hours and then again tomorrow morning so my replies may be a bit slow, but please bear with me. Thanks in advance.

What already worries me is that I uninstalled Avira AntiVir PersonalEdition quite awhile, like months, ago.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Mello at 23:40:22.57 on Tue 04/26/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1418 [GMT -5:00]
.
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8617F204-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862AA43C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861B7894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8623A62C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Upda... Read more

A:Google redirect, Audio ads playing in background, and IE script error messages.

Hello NinjasAreMammalsToo, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.1.I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cau... Read more

20 more replies
Answer Match 79.5%

I got this problem about 2 months ago.Might as well repair everything. I run Windows XP Home edition on a laptop.Problems that still exist:1. Commercials, in audio form, starts playing after computer start-up. No application was open.2. Google search redirects, on Mozilla only. I use Chrome, and this used to happen on Chrome too, but I renamed Chrome.exe). Redirects to Tazinga!, Lycos page, Mevio, etc. 3. Notifications pop-ups. One type is the Internet Explorer Script Error, containing "Line, Char, Error, Code, URL" infos, and the option is Yes/No.The other type is Adobe update, asking whether do I want to install it or not. Both will interrupt whatever application is on the top (including full-screen games!).Also, I can't run TDSSKiller, but for some reason able to run SuperAntiSpyware. Scanned with Avira AntiVir, nothing. Scanned with that SAS, found a lot of cache memories, deleted, reboot computer, problems still there. Scanned with Stinger, can't do anything.Hope this supplies enough info to start.I need this laptop for college, and I have too much precious music and software (I'm a musician) to be re-formatted.Pro help will be hugely appreciated.Ayam

A:Audio playing in background, script error notifs pop up repeatedly, Google redirect virus.

What do you mean when you say you can't do anything?

Can you post the logs from Super Anti-Spyware?

8 more replies
Answer Match 104.16%

A few weeks ago my computer cashed. Restarting it, I was faced with a black screen with no desktop or icons, and the only thing that would open was something along the lines of "Vista Restore". It was clearly illegitimate, and would perform a "scan" of the system, only to finish by saying that it couldn't fully fix the problem without me purchasing some sort of advanced "patch" for ~$80.

Yeah, right.

After booting and rebooting a few times, I was finally able to keep Malwarebytes running long enough to knock off a bunch of trojans, which seemed to slow it down a bit, after which I performed a system restore back about 3 days. Rebooting once again, everything seemed normal (desktop, icons, etc.), but to my dismay all my documents and pictures were MIA, though thankfully my music was intact. The rest was not of very much importance, so I decided not to trouble myself with getting it back. Thinking that was the end of it, I carried on with my business, only to have audio advertisements, sound effects, music, and what sounds like TV or movies begin playing in the background without any obvious source. I was able to tolerate this for a while though it's grown more prevalent recently, and it's hard to concentrate on typing an e-mail when your computer is shouting at you to buy Fabreze air freshener or to go and get checked for colon cancer.

On top of that, I've also been the victim of some sort of Google redirect virus, which re... Read more

A:Audio ads playing in background + Google Redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

18 more replies
Answer Match 102.06%

Can someone please help me work out how to remove this! I think it's a root-kit?

I can't run TDSSKiller at all, RKill doesn't find anything, Malwarebytes seems like it's only fixing a few obvious things? I changed my IE connection options to use a proxy server 0.0.0.0 because the audio (I'm guessing advertisements) was driving me crazy and script errors keep popping up.

I don't actually use IE, I'm using Firefox, and I'm getting the Google redirect problem as well.

Thank you in advance for your help!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Amy at 13:54:16.42 on Sat 05/07/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1848 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Window... Read more

A:Google Redirect, Script Errors, Audio Playing in the Background

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

16 more replies
Answer Match 92.82%

Hi, first time poster, always have been a lurker and a fan of the site.. Anyway, I've seen other threads of this but apparently the help that was given to the user was unique to their computer. I'm on Windows 7 64 bit. Recently (maybe 2-3 days ago) I've been having the Google Redirect problem.. I've had this problem on this computer before, but fixed it with system restore. This time around, I guess I waited too long and a day later I got hit with the hide all programs virus, but I fixed that with the unhide.exe from this site. Just yesterday, I started getting ads playing with just audio, and no programs open. These ads play maybe every 30 mins to an hour. Again I've seen threads with the same problem, but I don't want to run programs that aren't meant for my computer or something along the lines. AVG has been giving me error messages of a trojan, from Explorer.exe, but only gives me an option to ignore and not remove the virus. I don't know if these problems go hand in hand, so sorry if it's off topic a little. Thanks for any help/comments in advance!

A:Audio ads playing in background, hide virus, Google redirect virus

Bump, I really just wanna get these audio ads out of here, the other problems aren't so bad

6 more replies
Answer Match 91.56%

Seeing all these posts - this is a common virus that is going on...I seem to be infected too! Need help - please! This began when a bogus Anti-Malware program called "Windows Recovery" took over my computer.

Symptoms:
The background went black;
my search engine results are being redirected;
audio commercials are playing in the background when the internet is not up and running;
and I am getting "Internet Explorer Script Errors"
When I run McAfee, Spybot and Malware - nothing is finding the issues.

Help Please!

DDS (Ver_11-03-05.01) - NTFSx86
Run by Rebecca at 22:26:33.09 on Fri 04/22/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.160 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Enabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetw... Read more

A:IE Script Error, Audio Commercials running in Background, Google Redirect Virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

11 more replies
Answer Match 86.1%

Hi - I have ad's that are running on my computer without any programs open at all, they include McDonalds and others. Additionally I have had an issue with a redirect virus when performing searches on the web. I have tried the Microsoft suggestions to no avail - hours and hours and now it seems worse because I have audio ads now. Can someone help me? Thanks!
 

More replies
Answer Match 84.42%

I have a computer in a remote office that has random ad's playing on the speakers, pop up IE windows and IE script errors. I have ran MalwareBytes, CA AntiVirus, and SpyBot. Here is the recent HijackThis log from the computer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:27 PM, on 5/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\Entitlement\ccprovsp.exe
C:\Program Files\CA\TotalDefense\EndPointClient\EndpointProtection\ccschedulersvc.exe
C:\Program Files\CA\TotalDefense\EndPointClient\SIM\SIMAgentSvc.exe
C:\Program Files\Citrix\GoToAssist Exp... Read more

A:Random Ad's playing in background and Google redirect.

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes ... Read more

12 more replies
Answer Match 84.42%

My wife accidentally downloaded the Iexplore.exe virus/Windows XP Recovery virus from her spam e-mail. It has hidden all of the desktop shortcuts and redirects any Google search as well as plays random audio from videos or ads at random intervals while the computer is in use. Attempted to use rkill and MalwareBytes to remove it in the past using the help guide but the virus has come back stronger than ever. Help!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Run by Administrator at 18:03:08 on 2011-06-30
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.486 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:&#... Read more

A:Infected with Windows XP Recovery w/ TDSS (Google redirect and phantom audio playing)

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agr... Read more

22 more replies
Answer Match 84.42%

A couple of weeks ago I started hearing strange audio and ads coming from my computer. I hear them even when there are no programs running. I'm also getting redirected from google searches to different ad pages. I've never had any kind of virus like this before. None of my malware scanners have been able to detect anything wrong. I hope you guys can help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:40:48 PM, on 8/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Chicony\GameKeys\MODPS2KEY.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Users\Owner\Documents\batterydeley\BatteryDeley.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Owner\AppData\Loca... Read more

A:Audio Ads Playing in Background + Redirecting from google

16 more replies
Answer Match 84.42%

Hello. I seem to have the exact same problem as was posted by the user in this forum: http://www.bleepingcomputer.com/forums/topic470346.html

Firefox is redirecting almost all of my searches to random sites with ads, and often times music will start playing in the background, although no pop ups seem to be hosting the music. I've been running a number of anti-virus/malware searches, including Kaspersky, Flashfake Removal Tool, Sophos Anti-Virus, and iAntivirus to try to take care of this problem. Sometimes they find threats and I delete or quarantine them, but the problem persists. Sometimes they don't even find any threats, but it's clear there is still a virus as the web browser is still messed up. I've been working on this for days and can't figure out the solution.

Can anyone help? I'm running an iMac OS X 10.6.8. I'm not incredibly tech-savvy, but can follow directions and would really appreciate assistance resolving this problem. Thank you!

A:Google redirecting, audio playing in background

Also, I'm not sure how to run and post the DDS logs on a Mac, but am happy to do so if someone can provide me with directions. Thanks again-- looking forward to your response(s)!

33 more replies
Answer Match 83.58%

Hi, I've got a google redirect virus, everytime i click on results it redirects me to other websites. Also random audio ads are playing in background.
Any help would be very much apreciated, Here is the log from combofix:

ComboFix 12-02-27.02 - Tony 02/28/2012 10:02:42.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2996.1641 [GMT 0:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* post:26248243
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* post:26248242
SP: Windows Defender *Enabled/Updated* post:26248241
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\BPK
c:\program files (x86)\BPK\pk.bin
c:\programdata\djvkbaa.tmp
c:\programdata\gjglaaa.tmp
c:\programdata\iamlbaa.tmp
c:\programdata\jamlbaa.tmp
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\programdata\trbqbaa.tmp
c:\windows\SysWow64\Cache
c:\windows\SysWow64\tmp2E50.tmp
c:\windows\SysWow64\tmp2EAF.tmp
.
c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 10:16 . 2012-02-28 10:16 -------- d-----w- c:�... Read more

A:Google redirect virus + random ads playing in background

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

23 more replies
Answer Match 83.58%

I went on a torrent site and some how acquired this virus. It seems to have something to do with win32k.sys because everytime I start up, avira tells me there is a virus by the name of win32k.sys. Also, every once in a while, without any programs opened, an audio advertisement will start playing from my speakers. When this happens, I close all programs and get into my taskmanager and try to close as many programs as much as possible to isolate the program responsible for this advertisement and am unsucessful. These audio advertisements play maybe once a day in the morning. When I go on google to do a search, the results come up but when I click on the results, it takes me to a different page. This virus also appears to affect my audio somehow because every once in a while, I'll have to restart my computer to play mp3's. Please help. Here is my HJT log, let me know if you need anything else. Thanks!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:15:11 PM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sv... Read more

A:HJT log, google result redirect, advertisements playing in background

bump, it's been almost a month...
 

1 more replies
Answer Match 83.58%

Hello,I am looking for some help here. My computer got infected Yesterday. I ran Malwarebyes and that cleared the main Virus but I still have Audio Ads playing randomly in the background. I can have no browser open but those Ads keep playing and I get redirected when using Google search. I also get Script error every so often. When I look at the process, there is nothing running there, Only way to stop it by killing Explorer.exe. I have run Rootkit Buster (Trend Micro), Tdss Killer, Malware Bytes, Hit Man Pro and Combofix. None of them are finding anything. I have also clear all my temps using Ccleaner. I also Uninstall Firefox (My Main Browser) and also reset Internet Explorer and also manually disabled all Browser. When None of this worked, I did a system restore to 2 weeks ago, the script error popped right back up as soon as I logged back in, I ran updated combofix again. Please help, I am not posting the Log as its says so i the forum rule but I ran it before reading this rule... Thank you !Following is the DDS Log and then Combofix Log as requested:.DDS (Ver_11-03-05.01) - NTFSx86 Run by Faisal at 13:17:19.58 on Thu 03/31/2011Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1331 [GMT -4:00].SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32... Read more

A:Background Audio Ads Playing and Google keeping Redirecting

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

13 more replies
Answer Match 83.58%

Hi, I'm new to this and I hope the forum will help

Ive noticed 4 problems:
1. My computer has been randomly playing audio ads on my computer without any visual notice.
2. Also some links on google redirected me to ads (specifically links to certain techguy pages).
3. Chrome recognizes google with a weak security level
4. My history is full of ads I have not clicked

I really hope you can help! This is really frustrating to deal with

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:32 AM, on 13/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\YORKUBF\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\YORKUBF\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yorkubf.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Softwar... Read more

A:Audio Ads playing the background, links on google redirected

Hi,

If help still needed post fresh dds logs, please.
 

1 more replies
Answer Match 83.16%

I have a home machine, a Dell Inspiron Desktop with Windows 7 Home Premium with Service Pack 1

There are 4 major problems:

The listing in "Libraries" in the "Computer" options are gone (no My Documents, etc.)
Any time we use Google it redirects us to a random site
There are audios of ads running in the background
The system after some time will go to a Blue Screen and I'll need to power the machine down completely (the on/off button is frozen as well)

I've tried Malware Bytes and Spybot but they haven't worked.

Can you help?
 

A:Google Redirect and Audio of Ads in Background

Hi , welcome to the forum.


To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Do not use any temporary file cleaners at this time.

Download OTL to your desktop.

Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg... Read more

2 more replies
Answer Match 83.16%

Hello,

I have a machine inftected with malware. There is an iexplore.exe that is always running and the memory usage climbs higher and higher, and audio advertisements play in the background. Links from Google search results are also hijacked. The machines is Windows 7 Professional x64.

Any help would be appreciated.

Thanks. Brent

A:Google Ad Redirect and Background Audio

Hello Brent.. lets do these and see where we are after.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click... Read more

12 more replies
Answer Match 82.32%

Hi ive been having problems since letting someone use my pc for a couple days. I am now hearing random ad's and sounds playing in background with nothing visual. Also when I attempt to open any program such as Spybot, adaware, or AVG I tried to reinstall avg but it failed. I have had programs close on me. Malware Defender suddenly appeared on my pc and i did not install it.

Here is my HJT log hopefully somebody has an idea

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:29:27 PM, on 1/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT... Read more

More replies
Answer Match 82.32%

Hello! I'm attempting to fix my fathers home computer. It has been playing audio advertisements even when browser windows are closed, and google will randomly reroute search requests to advertisements. I do not know when these problems began, so I hope that doesn't hurt our efforts to solve these issues. Thanks! Here are the log files the sticky post said to include. Daemon tools was uninstalled after running hijackthis and dds, once I had read that it should be gone before running gmer.

Thank you,
Hobochili

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:23 AM, on 11/29/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\fire... Read more

A:Audio ads in background+ google redirect issues

13 more replies
Answer Match 82.32%

Hello,

Thank you in advance to the person who can assist with my issue! I'm trying to help my mom, she seems to have contracted two issues which I have seen multiple posts regarding on this and other forums:

1. Random audio ads playing in background, even with no browser open.
2. Google links redirecting to ad pages.

I just ran a Malawarebytes full scan that came up empty, as well as a Hijack this scan. Logs below. Please help. I know it will take a few days and some back and forth, but I really appreciate your expertise.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:47:53 PM, on 6/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\pat\Desktop\Setup Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=273601107235l0334z195t4862y489
R1 - HKCU\Software\Microsoft\Inter... Read more

A:Audio Ads in background AND Google link redirect

11 more replies
Answer Match 82.32%

Hello....thank you in advance for taking the time to help with my problem.This is a Dell laptop with MS Windows XP Professional 2002 Service Pack 3. 2.00 GHz with 1.0 GB RAM. Laptop was purchased from my old company, and was preiinstalled with Symantec AV. I have since also installed MS Security Essentials, Ad-Aware, Spybot S&D and have used MalwareBytes successfully for prior infections.Current issue is with Firefox and I.E. having problems with Google results being redirected to incorrect websites. Selection of the Google "cached" results seems to work ok. Sometimes also having issues with strange short audio adverts being displayed in the background when it would seem that there is no browser running. Firefox continues to open with message that it could not recover windows and tabs from previous session. At one point, I could not get Firefox to start cleanly at all....I ended up deleting it and re-installing it to a different directory than the default. MS XP System Restores are also not completing, neither in safe mode or regular. I have scanned with MalwareBytes, Security Essentials, Symantec AV which all found nothing. Spybot S&D found some things, which it said were successfully removed....subsequent scan found nothing.I tried running GMER as requested in the Prep guide, but each time I ran it, the computer crashed with a BSOD.DDS log follows:DDS (Ver_10-03-17.01) - NTFSx86 Run by Scott.Leonard at 22:39:22.57 on Wed 07/28/2010Internet Expl... Read more

A:Google results redirect; audio ads in background

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

34 more replies
Answer Match 82.32%

Hello everyone!

I've been having issues starting a month ago when some phony anti-spyware got onto my computer. I removed it successfully but ever since then, my google searches have been redirected and just recently, some various audio of ads play in the background on my computer. I often find my cpu usage hitting 99-100% as well.

Anyway, here is my System info log:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 4
RAM: 4087 Mb
Graphics Card: NVIDIA GeForce GT 220, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 236316 MB;
Motherboard: ASUSTeK Computer INC., P7P55D-E PRO, Rev 1.xx, 103136680000203
Antivirus: Kaspersky Internet Security, Disabled

And my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:32 PM, on 10/28/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\CallBurner\callburner.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Sys... Read more

A:Background audio and Google redirect Malware

13 more replies
Answer Match 82.32%

Hello,
I finally managed to remove google redirect virus following the instructions from here:

http://www.bleepingcomputer.com/forums/topic436184.html
but I still have some problems like windows firewall which when I try to turn on I get error :Windows Firewall can't change some of your settings. Error code 0x80070424.
Also I need to mention that while I was on step 8 on the instructions I couldn't check some options on gmer and I don't know if this is important, but there is an attached picture of how gmer looked like while scanning at the bottom.At this point Im scanning my pc and there are about 12 adware tracking cookies and Trojan Agent/Gen-MSFraud.
Also,I would like to ask why I can't uninstall some programs that were installed while pc was infected, when I try to unistall them from control panel I always get error messages.
So thank you for your help till now, I hope you could help me with these additional problems.

Thank you in advance

A:google redirect is fixed, windows firewall error

Can you post your GMER log?

Thanks

22 more replies
Answer Match 81.9%

Yesterday, my google searches started getting redirected. This concerned me. I attempted to download malwarebytes (newish computer, didn't have any anti-spyware software running yet), but was met with aggression. Whenever I attempted to download the program, it would finish instantly, and a file would appear in my downloads folder with the appropriate name, but having a size of 0 bytes. I noticed some odd processes running in Task Manager (don't remember the names, was just a random jumble of letters and numbers), navigated to the folder containing them, then ended the process. I watched the files delete themselves as I ended the processes. For a brief window of time, I was able to download things. I downloaded malwarebytes and ran the program, it found over 100 infected files, and removed all of them (had to restart to get rid of some). Afterwards, I ran windows update and downloaded every available security update. I then went into safe mode and ran malwarebytes, but it didn't find any other infected file. Around this point, I started hearing phantom audio ads in the background of my computer at random times. I played a round of League of Legends to see how the virus would actually affect my running programs. There was a decent amount of system lag (not network; i.e. choppy gameplay, some sound lag) and then at one point the game completely froze, and I had to close the process through task manager and reload the game to finish the match. Now, sometimes I can do... Read more

A:Audio Ads Playing In Background, Google Searches Being Redirected, Script Errors

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

39 more replies
Answer Match 81.9%

Hi! I've been having issues with my computer. It happened out of nowhere and I don't remember downloading anything. My computer keeps playing these random audio ad's in the background even when I don't start firefox (I use firefox as my main web browser.) Sometimes my computer will just be showing the desktop without anything opened and the audio starts playing. It plays McDonald ad's, cleaner ad's, sometimes even news about celebrities to Toyota ad's. It happens at random times too. It happens at random times too, 15 minutes, 30 minutes, sometimes even an hour or HOURS. It also redirects anything I click on google. It lets me do a google search but as soon as I want to click on a page that it gives me from the results, it redirects me. It's very annoying. I've tried ctrl+alt+delete because I had this issue once before (6 months ago) which was solved by ending the iexplorer.exe process and using combofix. But this time there is no iexplorer.exe in the windows task manager process menu. This is what I get from the windows task manager process menu.All I get is:taskmgr.exe (Compaq User)firefox.exe (Compaq User)explorer.exe (Compaq User)wuauclt.exe (Compaq User)ASCTray.exe (Compaq User)ctfmon.exe (Compaq User)RCHelper.exe (Compaq User)svchost.exe (LOCAL SERVICE)alg.exe (LOCAL SERVICE)spoolsv.exe (SYSTEM)svchost.exe (NETWORK SERVICE)WLService.exe (SYSTEM)wpsscannersvc.exe (SYSTEM)svchost.exe (SYSTEM)svchost.exe (SYSTEM)MsMpEng.exe (SYSTEM)... Read more

A:My computer is playing audio ad's in the background and redirecting when clicking on a link in google.

Hi EstherMonster,I have requested that this thread be moved into the more appropriate malware removal forum. In the mean time could you please post the log from your ComboFix run, as well as a scan with DDS:Please run a scan with DDS: Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results, click no to the Optional_Scan Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.Information on A/V control HERE regards myrti

2 more replies
Answer Match 81.48%

Like I said in my Topic Description I searched and found many similar cases but (if I may say) I think that each case has similar malware / etc.. but each situation are different so I am making a thread of my own.

I tried running AVG 8.5 and it seems to have found and deleted but when I search again the same results are coming up. The things listed from AVG search that were sent to the Virus Vault were "Downloader .Zlob.ANQM","Clicker .AAJC", "Generic14 .DNP" and "Agent2 .NWN" all four of these were found in my "\LocalSettings\Temp" and described as "Trojans" in AVG 8.5. I downloaded but can't install Malwarebytes Anti-Malware as my computer is only seeming to work in Safe Mode. I've restarted numerous times but it seems to only work 1/10th of the time in which if I try to run AVG will crash my computer. I have received only one blue screen but it has not bothered me since then. I believe there are many other problems with this computer but the one I am describing at the moment is the one in which I need to get out of the way because it is impeding even the usage of my computer since it happened only recently during the past two days.

Here is as instructed the DDS logs: (I performed it in Safe Mode though not sure if that matters) I tried to upload the Attach but it wont seems to take it as a .rar. So I just uploaded it as the .txt I hope this is ok?

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Neil P... Read more

A:Google Redirect / Audio Streaming Ads in Background / (iexplorer.exe)

Hello nup123,Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 13
Java™ 6 Update 3 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.******************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click Sec... Read more

16 more replies
Answer Match 81.48%

Has been receiving assistance here: http://www.bleepingcomputer.com/forums/topic427874.html ~ OBHello Team,From reading some other open threads, I believe I am going to need your assistance removing an infection. I currently have a machine that is experiencing the Google Redirects in IE as well as background audio playing Ads with iexplore running in task mananger and eating up memory. Originaly the machine was missing start menu and desktop icons. - Ran malwarebytes and removed infections. Same symptoms- Ran combofix. Desktop was back. - Ran unhide.exe Mostly back to normal.- Restored missing start menu shortcuts- Problem with IE Redirect and background Audio Remains.I can post logs when requested.Thank you for your help.- Brent-- ADDING DDS LOG -- ATTACHING GMER LOG = ARK.TXT --.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by csimons at 22:37:42 on 2011-11-14Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2128 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows ... Read more

A:Another Google Redirect - Background Audio Malware Infection

Hi,could you please run tdsskiller next:Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Please also run this utility to restore the remaining start menu items: link

25 more replies
Answer Match 81.48%

Hi guys, I've been having some issues with malware on my computer (Win security 2012) and am still having troubles with recurring issues. I get redirected to spam sites randomly on Google, and when i try turning on windows firewall it gives me the Error Code 0x80070424. I have MSE and it will randomly pop up with infected items out of the blue too.

Thanks,
DJ

A:Google Redirect and Windows Firewall Error Code 0x80070424

<information removed upon admin request>

Although this fix works; I wouldn't want anyone here to accident do something that can hurt their PC, I have removed the content of this post..

24 more replies
Answer Match 81.06%

When I use Google, I can search just fine, but if I click on a link (one of the search results) I am redirected to a random website, some of which are blocked by my anti-virus software saying that the website is dangerous. This doesn't only affect Google, however, it affects any search engine that I have tried (Yahoo!, Bing, Google, Ask). Another problem that I have been having is a random "Script Error" message that will pop up, saying "continue running script?" with the choices "yes" and "no." It interrupts whatever I am doing and if I hit any keys while it is open, it automatically selects "yes." I hit no whenever I can, but this pop-up issue has been preventing me from playing games, as I get interrupted and die, writing papers for school, because it constantly pops up and disallows me from concentrating or typing correctly. There seems to be no result whenever I accidentally select yes. Next, although I muted it, there is an unknown source of audio that just has a man and a woman saying random words. It almost sounds like a skype conversation, because of the influction and tone. When I created a guest account for my dad to use on my laptop, the audio was everpresent, but I could not find where it was coming from when I tried to mute it. Finally, to top off all of my computer problems, Windows desperately tries to force me to update it, but whenever it attempts to, it begins the update, then stops somewhere before ... Read more

A:Google redirects, ghost audio in background, script error pop-ups, and windows unable to update

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

31 more replies
Answer Match 81.06%

Hi all. I posted in "Am I infected? What do I do?" and was told, after running a few programs I was instructed to, to come here and post a thread. I'm on Windows 7 64 bit. Recently (maybe 2-3 days ago) I've been having the Google Redirect problem.. I've had this problem on this computer before, but fixed it with system restore. This time around, I guess I waited too long and a day later I got hit with the hide all programs virus, but I fixed that with the unhide.exe from this site. Just yesterday, I started getting ads playing with just audio, and no programs open. These ads play maybe every 30 mins to an hour. Same goes for the ads in the right hand corner of Firefox, but this is constant. AVG has been giving me error messages of a trojan, from c:\Windows\System32\Services.exe, but only gives me an option to ignore and not remove the virus. The threat name, according to AVG is "Trojan horse Dropper.Gerneric_c.MMI" and it says "Detected on open." I don't know if these problems go hand in hand, so sorry if it's off topic a little. Anyway, here are the logs. DDS.txt log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31Run by Mirza at 12:20:12 on 2012-07-14Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4863.2466 [GMT -4:00].AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Internet Security 2011 *Enabled/Up... Read more

A:Random ads popping up in bottom right hand corner/ ads playing in background + Google redirect

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you... Read more

8 more replies
Answer Match 80.64%

Good (insert time of day here)!
Yes, I'm new, yes, I'm not very good with computers, and yes, I don't always update things that I ought to, and I was dumb enough to install the fake Adobe Flash Player virus. Admitting a problem is the first step to recovery, right? Well now that THAT'S out of the way...

I've also been having problems with audio ads playing in the background with no internet browsers open (although it hasn't played any in a while) and I've been having the Google Redirect problem. I've already got the Security Check, FSS, MiniToolBox, Malwarebytes and DDS logs done and saved, and my Avast! antivirus has already confirmed the existence of the Sirefef virus and was unable to remove it. Should I separate the results from the different programs into different posts?
Running Windows 7 64 Home Premium
I mostly use Firefox
Thank you for your time and help!

A:Background Audio Ads, Google Redirect, Flash Player Virus?

Please post your logs here.. I aloso removed the other accidental duplicate post.

3 more replies
Answer Match 78.96%

I had the PC Performance and Stability Analysis Report pop up and followed directions on another thread to remove it. I ran rkill, SAS, MBAM, TDDS killer, and ESET online scan. Find my topic here: http://www.bleepingcomputer.com/forums/topic426019.html/page__gopid__2464127#entry2464127

I am still getting redirects in google and random audio playing advertisement when no audio program is visibly running.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by AshleeWood at 23:08:10 on 2011-11-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.1602 [GMT -4:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe... Read more

A:Google Redirect and Audio Advertisements playing

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426397 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

19 more replies
Answer Match 78.96%

Hi,
I've got an older desktop that is primarily used for a media server that has picked up a rather nasty piece of malware.
Multiple runs of MBAM, Spybot both declare the system clean. The problem started with the Goggle Redirects and when that appeared fixed using the Gooredfix, the random audio started playing. It appears to be some sort of script running in the background that tries to direct a hidden IE window to a random site, some of them being internet radio sites. If it is valid, audio from that station just starts playing. The second I hit a key to try and see what process is running, it stops and leaves no trace that I can find.
If the random site doesn't work, I get an "ie script error window" pop up on my destop indicating a line error in the process of redirecting.

The google redirect keeps coming back no matter what I try.

Below is my HJT log.

Thanks for all your help in advance!

D
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:23:54 PM, on 4/19/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\... Read more

A:Random audio playing along with Google Redirect

BUMP-

After much reading through the forums, I downloaded and ran Combofix.
I saved and renamed it on my desktop. When I ran it, I get the warning the MCaffee AV is running and needs to be disabled. I uninstalled Mcaffee several months ago and double checked and it was not running. I let Combofix run and it said it detectected the Volsnap.sys Rootkit. I clicked OK and let is attempt to fix. It ran for about 20 minutes then appeared to stall out.

Here is the Catchme.log it generated-

File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File list cleared
Any help would be greatly appreciated.

D
 

2 more replies
Answer Match 78.54%

have been hearing audio ads in background when using google.  does not appear to happen when using Internet explorer.
Using Windows 7 64 bit, Microsoft Essentials and Malwarebytes Pro.
I posted problem with Malwarebytes and did various downloads of programs and scans  - cant remember all names of programs but believe was roguekiller, adwcleaner, farbar recovery scan tool, security check, and combofix.  Tech believed the problem was in chrome plug in extensions and when disabled or removed all appeared to be OK -  for 1 day.  He did not indicate any virus, infections, etc.  Today audio ad appeared once again. This is the first problem.  Think I may still have reports in my recycle bin, but all programs used were removed.
 
I have also just noticed that my Action Centre icon wont appear in my system tray inspite of "show icon and notifications" being set.  I open up action centre and says firewall not set to recommended settings.  I turn on recommended settings and firewall on.  Shut down to see what happens - I have to reset firewall again. 
 
Was going to remove goggle but I was unsure if I would lose my bookmarks so I have not removed google yet.
Should I copy/paste attach.txt?
Am I infected with something?   DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Linda at 13:25:48 on 2014-03-23
Microsoft Windows 7 Home Premium   ... Read more

A:audio ads in background and firewall /action centre problem

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Please upload the attach.txt by DDS and run the following tool:   Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your d... Read more

20 more replies
Answer Match 78.12%

Hi guys i have a problem, when i am on my pc after about 30 mins i get this random audio playing usually about chinese tourist things but i don't know where it is coming from, even if i have no programs open and if i do i close them but it still keeps playing them. I wondered if anyone knew how to locate and get rid of these i have looked for programs i don't recongnise but can't any on my computer. i am running windows xp service pack 2.

thankyou
 

A:Problem keep getting random audio playing in the background

Please click here to download and install version 2.0.2 of the HijackThis Installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything
 

3 more replies
Answer Match 78.12%

Okay- Here are the symptoms:Windows Recovery Software/Internet Security 2011 antivirus pop-ups. Background audio ads, search engine redirect from google and script errors listing random websites. I ran malwarebytes twice today. The first scan neted 15 files, but the second was clean and the problem remains. Although, i don't seem to be getting the internet secuirty 2011 pop-up any more.I ran DDS and only the DDS.txt file was produced. Attach.txt did not pop up..DDS (Ver_11-03-05.01) - NTFSx86 Run by Eric at 13:15:48.30 on Sat 04/23/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2410 [GMT -4:00]..============== Running Processes ===============.I:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeI:\Program Files\Windows Defender\MsMpEng.exeI:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeI:\WINDOWS\system32\spoolsv.exeI:\WINDOWS\Explorer.EXEsvchost.exeI:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeI:\Program Files\Bonjour\mDNSResponder.exeI:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeI:\WINDOWS\eHome\ehRecvr.exeI:\WINDOWS\eHome\ehSched.exeI:\Program Files\Flip Video\FlipShare\FlipShareService.exeI:\Program Files\Java\jre6\bin\jqs.exeI:\... Read more

A:Infected- Internet Security 2011, Google redirect, background audio, script errors

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

29 more replies
Answer Match 77.28%

Hi,I've been trying to deal with an infection on my grandma's computer for some time now, it seems to just not want to die. Malwarebytes, Spybot, Ad-aware, and McAfee all come back clean. TDSS killer tells me that c:\windows\system32\drivers\atapi.sys is infected by TDSS rootkit, but when I restart, it doesn't get rid of it. There is a process that starts itself occasionally called ew0lanus.exe that seems to initiate internet explorer. It also sometimes will be listed in the task manager 20+ times. I've been getting google redirects for anything computer related, and random commercial audio that cuts out after about 5-10 seconds. I've posted/attached my DDS logs, but for some reason it lists no running processes, which is obviously not the case. I'll wait for instructions on what to do about that. Unfortunately GMER crashes my computer before it finishes.DDS (Ver_10-03-17.01) - NTFSx86 Run by Sharon at 8:36:11.07 on Thu 05/13/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialuSearch Bar = mSearch Bar = uSearchAssistant = uCustomizeSearch = uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\... Read more

A:Google redirect, commercial audio playing at random times

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

15 more replies
Answer Match 76.86%

Hello, i hope i can get some help here, as ive seen tons of other users around the net recently getting this same annoying virus or malware, whatever it is, that plays uncontrollable, unstoppable ad-sounds. 
 
Id like to make a few things 100% clear just to rule anything out for the tech support here.
 
 
It started around 8 or 9 am if i remember correctly. I was working on some art; using paint tool sai, watching youtube, and on skype with one of my good friends. Suddenly the computer without warning REBOOTED, without any provocation. I make sure NOT to visit any risky sites; i only frequent aol.com, youtube.com, tumblr, and a few art sites such as Deviantart. I had not visited ANY risky sites or downloaded ANY risky material to cause this virus,  have NO clue how it got on my computer, as i am a generally suspicious and careful person who tries desperately hard to avoid these situations.
 
Once the system had rebooted, i got back into my skype call thinking it was very weird and by this point i was nervous and anxiety was taking over, but within minutes of the reboot, loud ads, news reports, music, and other stuff started playing shockingly loud, overlapping each others ads sometimes.
 
It came at regular intervals and was unstoppable. I went into task manager to watch my processes and saw NOTHING out of the ordinary. I have gaming rig computer, and i saw nothing visible [to myself] that could be considered suspicious. I read many sites, i... Read more

A:Audio Ads playing in background on windows 7!

anyone.....? No help? i read similar posts on the forums, it seems this virus is becoming widespread and dangerous. I simply cannot do it alone since it seems it requires professional tech support.
 
Even if someone just responds letting me know im not alone in this  and they wanna try to help, and they are dealing with the same problem would let a load off my heart. 

7 more replies
Answer Match 76.86%

Hello everyone,
 
I have had random semi-muffled audio ads playing in the background for a month or two. This is extremely annoying. They show up in my audio mixer as 'Name Not Available." Any advice would be much appreciated!

A:Audio ads playing in background - Windows 7

Hi,
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
 rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.
After the tool has finished running, a text file named Rkill.txt should be located on the desktop. Please copy and paste the contents into your next reply.
 
xXToffeeXx~

4 more replies
Answer Match 76.44%

Dear Experts,

Hi, here is a description of my issues. I got the XP System Restore virus for the second time earlier this week. I rebooted in safe mode, restored an earlier version, and selected to show the hidden files. I thought my troubles were over because this worked like a charm the first time. However, upon going about my business, I noticed two things I have never dealt with before. Malwarebytes, Superantispyware, Spybot, and AVG have not resolved the situation.

First of all, when I click any search results in Google or Yahoo, I am redirected multiple times to various sites like the yellow pages. If I use startpage.com for searching, I have no problem with search redirects.

Secondly, I have audio playing randomly for a few minutes even though I don't have anything running (all browsers and players are closed that I am aware of). I have heard what sounds like news from England, random movie/tv quotes, and celebrity gossip talk. There is never any commercials or any information about what station/program I might actually be listening to.

I have read the Preparation Guide several times and have done my best to follow the directions perfectly. I have pasted the contents of my DDS.txt log below. I have also attached my Attach.txt file as well as the Ark.txt log from GMER.

Please let me know if there is any other information you need. I thank you ahead of time for volunteering your time to share you professional expertise to folks who don't know how to... Read more

A:Google/Yahoo search results redirect + Random audio playing

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

29 more replies
Answer Match 76.02%

Hi everyone,
 
I originally posted this topic here: http://www.bleepingcomputer.com/forums/t/531535/audio-ads-playing-in-background-windows-7/
 
I have extremely annoying audio ads playing in the background. This has been happening for the past 4-6 weeks. These ads show up as 'Name Not Available' in the audio mixer. So far I have used rkill.exe and was told that I have the latest version of the Zekos virus.
 
Thanks in advance for your help. DDS log below:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16521
Run by anausied at 16:52:25 on 2014-04-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3327.1587 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome... Read more

A:DDS logs: Audio ads playing in background - Windows 7

Hello tonyroma I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

25 more replies
Answer Match 76.02%

Starting today, I constantly have this audio playing in the background which sounds like some foreign radio with ads. Although it is very feint, I still can hear it. The weird thing is, if i restart my computer, I start hearing it even before putting in my password, meaning it's probably not a program that I need to physically open (chrome, etc). The weird part is that even when I mute my computer, I can still hear it. It's a Lenovo ThinkPad 450s, I just got it this January and I have kept it bloat-free with very few programs installed. I find nothing suspicious in the task manager, and I have ran Adwcleaner, Malware bytes, and Windows Defender full scan and they've caught nothing. I would very much appreciate any help I can get on this. I am posting this in the security subforum because others with this problem seemed to relate this to a Trojan. Thank you for taking your time to read this and I eagerly await for your responses.

A:Audio Ads and Radio playing in the background Windows 10

Hello sungholy and Welcome to the BleepingComputer.  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the com... Read more

0 more replies
Answer Match 76.02%

I have no clue whats going on here....I recently bought a Gateway GT5028 Media center edition desktop.. first i get all updates, uninstall mcafees all in one that is temporary, install nod32, did a virus scan found a ton of trojans, was succesfull getting rid of them, setup router and network to my other computer for file and printer sharing. Go to services to clean up non used services and cannot find windows firewall nor the ICS. Sp2 is supposably installed but cannot find it in add/remove programs .. go to control panel and the security center is in there except when i click on firewall icon it gives me the error..Due to an unidentified problem , windows cannot display firewall settings. Everything else was fine in security center. found a program called antifirewall to hopefully use a registry edit and turn off firewall but i reallly don't think it was succesful...How can i fix this without reformating? I want the firewall disabled so i can add another one but when the firewall with sp2 is installed it is by default set to on so i have no way to control what is being blocked... By the way this was a display model when i bought it and im sure that is where the virus's and trojans, and spyware came from... from bestbuy...they want me to bring it in so they can reformat it and say it is fixed.. i dont want to lose anything so... if anyone has experienced this or know a known solution that doesnt involve a reformat please help...thank you it is a windows xp media ce... Read more

A:due to an unidentified error, windows cannot display firewall settings

why don't you want to format that display model? that would be the first thing I did, everything on it is more than likely infested. BTW nice specs.. what did you pay for it?
 

2 more replies
Answer Match 75.6%

Hello,I've been having a problem with Google searching (it keeps redirecting me to sites other than where I want to go) and random audio ads playing in the background with no open browser window. I tried running a Malwarebytes scan and got rid of several malware. However, I re-scanned right after I restarted my system (to finish the scan) to be sure I got rid of everything and, to my surprise, it still picked up one malicious item: Rootkit.0Access. I tried to quarantine this again, but the ads kept playing, Google kept redirecting to the wrong sites, and the virus kept showing up in recurring scans. As of now, all programs work fine such as my video games (I'm a gamer at heart) and Firefox, IE, Malwarebytes, etc., but I'm still having these problems. I should note that I am running Windows 7 Professional as well. I also noticed that Microsoft Security Essentials was disabled - I tried to restart it but said it wasn't an installed service. Scans show that I did have Security Essentials at one point but is now disabled. Any help/ideas? This problem has been happening for a while now (it might have been infected 2-3 weeks ago, but I've recently been on vacation so I couldn't fix it)P.S. I should also mention that I had the Live Security Platinum virus on my system as well, which I removed successfully by using the self-guide on this site. I'm not sure if I was too late in removing it, and if it left some trace of it on my computer.

A:Google Redirect and Random Audio ads playing, Microsoft Security Essentials disabled

Welcome aboard Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Answer Match 75.6%

I tried the TDSS tool again, and still it won't run. Nothing so far has worked to rid my PC of these problems. Here is the data that was requested

A:Infected with Google Redirect, Random Audio Playing and multiple script errors

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 75.6%

Here's the link to the topic in the "Am I infected?" forum that I posted up: http://www.bleepingcomputer.com/forums/topic460619.html

As stated in the topic above, Google redirects to other sites when I use their search engine. I also hear random audio advertisements with no visible browser and Microsoft Security Essentials is disabled for some reason. I ran a Malwarebytes scan, removed a few malware, then restarted my computer. Promptly after booting up again, my computer again played audio ads after about an hour or so. In addition, all of the other problems continued to happen.

Currently, all my programs still work correctly, including all browsers and games. My computer runs Windows 7 32-bit Professional.

Any and all help is appreciated!
DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Telesis at 0:25:27 on 2012-07-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3068.1761 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C... Read more

A:Google redirect, random audio ads playing, Microsoft Security Essentials disabled

Hi,Please run the followingRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

12 more replies
Answer Match 75.18%

first time poster here, and completely lost over this. about 6 months ago I started getting background ads on my computer and I can't remember exactly how. i've been working out of town since then and just today was able to start my computer for the first time since. now I haven't heard any ads yet, but in the process of trying to update everything to the latest drivers and versions, I keep getting an error in win update that fails everything it tries to update.  can anyone help me please.  here is my dds.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.71.2
Run by Jay at 22:53:26 on 2014-12-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16325.12494 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Fi... Read more

A:i have audio ads playing in background and windows update errors

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

3 more replies
Answer Match 74.76%

Hey, thanks for taking a look at this.Symptomsiexplore.exe opens in the background, occasionally plays some sounds, usually bloats and slows internet speeds horribly. Since upgrading to IE 9, it's trying to open "itpc://mevio.com/feeds/weirdvideos.xml" (fortunately IE is asking before opening... of course I deny it)Google search links are redirected (independent of browser)(Likely related) Gmail accounts cannot open a message.(Likely related) Occasional bluescreens (can't remember the message, but i will write it down next time it happens)(not likely related) ATI Catalyst Control Center always "stops working" and goes into error reporting on boot up. (Don't worry about fixing this one, if the other 4 are resolved I'd be more than happy)As I have seen tons of complaints related to this sort of problem, I've taken a few steps already (running MalwareBytes and tdsskiller, which has found nothing).System is running 64-bit, therefore no GMER logs.I do have access to a clean (32 bit) machine for downloads and file preparation for transferring to this infected machine.Thanks in advance for any help. You guys (and gals) run a great service here.-------------------------------------------------Start of Logs-------------------------------------------------.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by Demos at 20:51:07 on 2011-11-29Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18... Read more

A:Yet another google-link redirect, background IE problem

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

34 more replies
Answer Match 72.66%

I don't know why, but I can't get my firewall turned back on!!
 

A:Solved: Denied access to turn on my windows firewall due to an unidentified problem!! help!

http://windowsxp.mvps.org/sharedaccess.htm
 

3 more replies
Answer Match 72.24%

Hello,
running XP Home Edition service pack 2

Yesterday I ran into serious issues: Norton jammed up while I was trying to do a scan and I had to reset. Suddenly the computer had an empty boot sector, so I went through this long process running "chkdsk" and did some work using the Home Edition disc. Eventually I was able to get back onto my computer by loading up a new boot sector.

Minor problem: I now seem to have two Windows installs on my computer and have to choose between them when I am starting up.
I had a bunch of problems an hour later when I "misclicked" on a file which then proceeded to infect my computer.
I ran SDFIX and COMBOFIX

I don't know which of the things I did yesterday caused this problem, but now when I try to adjust windows firewall I get this error message:
"due to an unidentified problem windows cannot display windows firewall settings."
I tried a registry fix I found on the windows site, it did nothing.
Any help would be much appreciated,
Ben
 

A:due to an unidentified problem windows cannot display windows firewall settings

Well I've disabled it, I think for good, by using this at the command prompt:
netsh.exe firewall set opmode mode=disable profile=all

Hope I didn't break anything.
 

1 more replies
Answer Match 72.24%

Hi,

Yesterday, my Windows Firewall seemed to have turned off by its own and then I started get loads of spyware and viruses on my computer and it became really slow and I think I still might have some on it, even though I tried to get rid of today. Even now, when I try to go to my Windows Firewall settings to enable to firewall again, I get the following error, 'Due to an unidentified problem, Windows cannot display Windows Firewall settings'. I think it could be the viruses and spyware that caused, but I don't know how to get it back on again.

Here is a HiJackThis log, even though I think I have got rid of most of the spyware:

Logfile of HijackThis v1.99.1
Scan saved at 21:19, on 06-09-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mapiicon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplo... Read more

A:Due to an unidentified problem, Windows cannot display Windows Firewall settings...

You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
===========================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O20 - AppInit_DLLs: e1.dll

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\e1.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and pos... Read more

3 more replies
Answer Match 72.24%

I felt like I got a virus, because my computer was going slower than usual, so I took the liberty of Downloading Avast antivirus while running one of the many scans it found like 3-4 viruses so I said to remove all four of them, but one of them was unable to delete, repair or put in the virus chest. I felt like the problem was solved because my computer speed was back so I didn't worry about it, today I was downloading a online game called Maple Story, and it is unable to play because of the Firewall, so I went to allow it and whenever I try to allow a program I get the error message saying Due to an unidentified problem, Windows cannot display Windows firewall settings. I am brand new to this so I don't know what to post like logs or w.e, please help me.

A:Due to an unidentified problem, Windows cannot display Windows firewall settings

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Answer Match 72.24%

Okay so here's the run down, I dont speek too much of the lingo, and dont know how to get any "logs" for anyone to follow. But when I open the controll panel; under security I click "Allow a program through windows firewall" and it prompts me to give administrator permission to do so. When I hit "continue" a box comes up that says "Due to an unidentified problem, Windows cannot display the Windows Firewall settings." Any help is greatly appreciated

A:"Due to an unidentified problem, Windows cannot display Windows Firewall settings."

What security applications do you have installed?

6 more replies
Answer Match 70.98%

I ran Malwarebytes to try to remove a virus, (I think it was Windows Restore but it was two weeks ago). Now my desktop background has been changed to solid black and some folders are hidden. Google and Yahoo! take a long time to find search results and then they redirect if I click directly on a link. Audio advertisements play in the background and I also get pretty regular IE script errors even if nothing seems to be running. Every now and then IE will open on it's own and go to a pop-up advertisement. My computer acts like it is running IE on its own and it is constantly cycling through pop-up adds in the background, but I can't find anything on taskmanager which looks suspicious. If I run rkill.exe the audio advertisements stop but they start up again pretty soon afterward. I've been updating Malwarebytes daily and running both full and quick scans, in regular and in safe mode, but nothing shows up. I really appreciate any help I receive, as I have been trying on my own to get rid of this whit no luck.

Here are my logs:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by henrye at 2:52:41.06 on Fri 04/22/2011
Internet Explorer: 7.0.6000.16982
Microsoft? Windows Vista? Business 6.0.6000.0.1252.1.1033.18.2038.900 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\syst... Read more

A:Google redirects, IE script errors pop up, audio advertisements play in background, desktop background has changed to black

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run this tools first - http://download.bleepingcomputer.com/grinler/unhide.exeRun Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disabl... Read more

24 more replies
Answer Match 70.56%

Laptop appears to have a virus of some sorts. I can't make it reproduce the symptons the user is describing, but have found other issues. I'll provide all known symptoms.Windows 7 64 bit on a Dell Studio laptopAntivirus: Avira, turned up 5 warnings, no infectionsMalwarebytes also did not detect any infections, both updated with full scans.After running for a period of time it will redirect search engine results to other pages. While installing some printer software I got an error stating that windows firewall needed to be running. Only option in control panel is to "Change to recommended settings." Upon clicking, the circle spins, and nothing happens. Also tried launching services.msc and get "windows could not start the windows firewall on local computer. for more information, review the system even tlog. if this is a non-microsoft service, contact the service vendor, and refer to the service-specific error code 5."And that's when I came here.Thanks in advance. Looking forward to sage like wisdom, scans, cleans, and posting logs!Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

A:Google Redirect and Windows Firewall

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan"... Read more

19 more replies
Answer Match 70.56%

Hello, I am currently having a very hard time with my desktop computer:

About 3 days ago I began having problems with google redirecting to ads and typed url's changing (sometimes just changing from http to https for no given reason). I obviously saw this as heavy malware activity, I ran a battery of scans and found some but apparently not all of the offending malware. At this time windows firewall was also unable to start up stating "windows cannot display firewall settings".

I became a busy and had to put the fix on hold and only used the pc for non-internet related activity until I could fix it. However now I am unable to get internet access and windows firewall is still unresponsive. Spybot search and destroy, malware bytes, and avira have turned up nothing. At this point manual fix seems the only possible fix beyond a good old fashioned reformat.

Thank you in advanced for any assistance received.

A:Google redirect, Windows firewall down

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Answer Match 70.14%

Mom reported issues with a wireless printer. I attempted to re-install the software package but the installation was cancelled because windows firewall was not active. Only option in control panel is to "Change to recommended settings." Upon clicking, the circle spins, and nothing happens. Also tried launching services.msc and I get a message saying, "windows could not start the windows firewall on local computer. for more information, review the system event log. if this is a non-microsoft service, contact the service vendor, and refer to the service-specific error code 5."

She also reports that after a period of time her internet search results will redirect her to pages that weren't the ones she clicked on. I haven't been able to duplicate this problem yet.

Avira and Malware Bytes both return 0 infections upon full scans with updated libraries.

Windows 7 64-bit system.

Was previously receiving help in the Am I infected? What do I do? forum
http://www.bleepingcomputer.com/forums/topic388837.html
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by CClonts at 12:50:19 on 2011-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1678 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DC... Read more

A:Windows Firewall disabled and google redirect

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

36 more replies
Answer Match 69.72%

A few days ago I visited a site that a friend told me about only to get hit with a huge virus attack. I was able to get rid of most of the viruses quickly, but I will occasionally hear audio ads, get random script error messages, and clicking links in Google sometimes redirects me to other sites. I've used Avira AntiVir, Microsoft Security Essentials, Spybot, Ad-Aware, TDSSKiler, and Sophos AntiRootkit in attempts to remove the virus, but none have worked, and Ad-Aware crashed in the middle of the scan and TDSSKiller wouldn't run at all. Any help would be greatly appreciated.

Here's my DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 19:18:50.59 on Fri 05/13/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.887 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\syst... Read more

A:Yet another Google redirect/script error/audio ads issue

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 69.72%

I am new to the site but I am hoping someone can help me out. I just removed "Windows Restore" virus using direction I found on this site. Computer is now back up, but does have the following 3 problems. 1: Random audio starts playing. They are the same few clips over and over. 2: When online and I click on search results I get redirected to various sites. The only way to get to an actual site is to type the entire address into the address bar and hitting enter. 3: Get Internet Explorer Error Boxes which state "An error has occurred in the script on this page". These error messgaes seem to go along with the random audio that has been playing. I have deleted all temporary internet files and all other Temp files but it hasn't helped. Thanks in advance for any help.

A:random audio, google redirect, IE script error

Looks like you have a Bootkit infection.We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

2 more replies
Answer Match 69.3%

My computer is running really slowly.

When I Google I get Jump/ redirected to a site selling me something.

Computer was popping up Windows Security Alerts saying I have visuses, and I need to buy software from their site. I managed to get rid of those popups. Still, there is a permanent message on my screen saying; "WARNING! Spyware detected on your computer. Please activate your antivirus software to clean your computer. " It shows a box that has "WARNING - Win32 Adware Virtumonde detected on your computer"
"WARNING - Win32Privacy remover M64 Detected on your computer".

Wont let me download AVG free download. Or Avast. I have downloaded SpyBot search& destroy, though i dont know if its made much difference.

Also, after computer is on and not being used for around 15mins, it will go to a blue screen with old style computer writing with alot of technical stuff written, and basically saying that the computer isnt doing okay and any software recently added needs to be removed (which is none, as i havent added anything recently). I click Enter and get back to the screen I was using.

It sometimes says "Computer has just ecountered a serious error and needs to shut down" and sometimes turns itself off.

I am really dissappointed that ive managed to do this to my computer and I hope with your help we can fix it.. and thankyou to all you angels in advance. What a generous service you have here. Makes me very grateful to see people ... Read more

More replies
Answer Match 69.3%

After fixing windows recovery virus (via system restore to 1 week ago, and unhide.exe) i still have a problemgoogle searches are hijacked and ads always play in the background (hidden ie window)i have read posts about this exact same problem caused by the windows recovery virus/trojan but haven't seen any posts on how to fix it.. any ideas?hijack this included..----MRT EDIT:realized,We no longer use HijackThis as a primary tool for diagnostic purposes. In an effort to provide you with assistance effiecently, It'd be extremely helpful for us, if you could take a look at the instructions in this topic here and EDIT this post, to include those log files. (Note: If you encounter an issue with one of the steps/tools, then please skip it, but do mention it in your post, so that your helper is aware of it). This will give your helper a better picture of what else is going on with your computer. Thanks for your cooperation.--SweetTech

A:after windows recover virus, google search hijacked and audio ads play in background....

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 68.46%

Hi, I'm a newbie so let me know if I have missed any steps here.

My Toshiba laptop has some type of Google search redirect malware. Typing in a URL in the address bar works fine, but if I do a Google search for something, then click on a result, I wind up at various sites. The really strange part is that this happens a few times, but then stops. However, the problem will recur.

I did a full system scan using Norton Internet Security and Malwarebytes Anti-malware (both up to date), and neither one detected the malware. Therefore, I cannot get rid of it.

I could not find a help guide on this in the Malware Removal Guide area.

Per your forum's instructions, I used Defogger to stop CD emulation.

I then ran DDS, and got the following log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by cjhauser at 11:49:16 on 2012-05-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.1649 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:�... Read more

A:Infected with unidentified Google redirect malware

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

31 more replies
Answer Match 68.46%

Hi,

I'm having a problem with Google search links being hijacked. IE seem ok most of the time but Firefox links are hijacked about 90% of the time. I also notice Windows firewall keeps getting disable when I restart the computer. AV scans doesn't find any malware. Thanks for any help.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by xuan at 15:44:21 on 2011-10-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.153 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc... Read more

A:Google Search Link Redirect and Windows Firewall Disabled

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

12 more replies
Answer Match 68.04%

Hello there, I'm having an issue with my computer that started today. It restarted by itself and when it rebooted these ads in the background started playing. I've already tried malwarebytes, and TDSS killer but it couldn't find anything If someone could please help me it'd be much appreciated, I already ran DDS so I'll post the log I got from that.
 
If there's anything else you guys need from me please let me know. Thank you.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.9.2
Run by Fred at 0:05:59 on 2013-12-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.798 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k LocalServic... Read more

A:Audio ads playing in background

Hello Leelee21 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

51 more replies
Answer Match 68.04%

Ive run a few programs (Combofix, Adw) and haven't solved the problem yet. The ads run while i have no programs open.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 10.51.2
Run by Marcus Booker at 2:45:11 on 2014-03-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3070.550 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn Hamachi\LMIG... Read more

A:Audio ads playing in background

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

9 more replies
Answer Match 68.04%

Hi everyone, I'm having the issue now that whilie I'm surfing the internet I'm getting these audio ads that can't be stopped, and some play in specfic tabs that you have to go to and press on the X buttom to cancel them, and on top of that there are these box ads all around the webpages now. How can this malware be eliminated? Thanks

A:Audio ads playing in background 2

Greetings Sternritter-A and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter... Read more

22 more replies
Answer Match 68.04%

Ok so my machine keeps playing audio ad's, I can have nothing open and they play.
I have ran Malwarebytes and Super Antispyware and they have found nothing. Now I have two SVCHosts listed and when I kill the one that is using the most process the sound stops for a little bit. I have looked threw the following logs (Rkill, DDS) and cant spot what is causing this issue.
 
Thanks for the Help
 
 
 
Rkill 2.5.0 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/28/2013 03:27:22 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Home\Desktop\rkill\rkill-05-28-2013-03-27-26.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 05/28/2013 03:29:21 PM
Execution time: 0 hours(s), 1 minute(s), and 58 seconds(s)
-----... Read more

A:Audio Ad's Keep Playing in the Background

Hello nopcs These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo

4 more replies
Answer Match 68.04%

I am literally the most ignorant person you will ever meet when it comes to computers. For a few weeks I have had audio ads playing in the background of my computer whenever the internet is connected, even when there are no windows up. It is driving. me. crazy. I have ran my Norton and nothing shows up, but obviously something is wrong. I was wondering if anyone out there is patient enough to slowly walk me through figuring out how to fix this problem. I would greatly appreciate any and all help!

Thank you!
 

A:Audio ads playing in background, PLEASE HELP!

16 more replies
Answer Match 68.04%

Hi All,
 
I am new in this community and I'm really glad I've come across it. 
 
I believe my problem started when I watched a video via streaming (for free) from this website called watch32.is. As expected, there are heaps of ads being free. Every time you clicked on the play button, it would open up a new page for the ads. After a few days, I noticed that while watching a show, an audio of a ads would play in the background.
 
I looked it up online and it appeared to be a malware/adware. I called my anti-virus/spyware product support and after running several scans no threats were reported. It is very annoying because even if I'm not browsing anything, the ad audio plays in the background.

Can anyone please tell me how to get rid of this? 
 
Thanks a lot.
 
Cheers,
iwannabe_geek

A:Ads audio playing in the background

I am a novice pretty new to this Site also and I am not going to even attempt to answer your query because I know that expert advice will be along here very shortly. 
All I can say is this Site has been a god-send to me in helping me gain tech knowledge in how to keep my pc virus-free. The guys and girls here are awesome!
I am sure someone will come along to recommend you use Junkware Removal Tool and/or AdwCleaner of which there are downloads available within this Site.
Use them if indeed this is the case -  as well as read up about the potential problems that PUP's (Potentially Unwanted Programs) can cause. Also, if you are ever tempted to download and use a free pc 'boosting' or other supposed performance-enhancing program in future - DONT! Registry cleaners are a no-no as well! 
 
Sorry to diverse away slightly from your original query....just a bit of 'advice' (if you can call it that! lol) from a fellow novice!

2 more replies
Answer Match 68.04%

Mod edit: Moved to Proper forum for DDS logs ~~ boopme
 
Ok so my machine keeps playing audio ad's, I can have nothing open and they play.
I have ran Malwarebytes and Super Antispyware and they have found nothing. Now I have two SVCHosts listed and when I kill the one that is using the most process the sound stops for a little bit. I have looked threw the following logs (Rkill, DDS) and cant spot what is causing this issue.
 
Thanks for the Help
 
 
 
Rkill 2.5.0 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/28/2013 03:27:22 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Home\Desktop\rkill\rkill-05-28-2013-03-27-26.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 05/28/2013 03:29:21 PM
Ex... Read more

A:Audio Ad's Playing in the Background

Hello nopcs I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

3 more replies
Answer Match 68.04%

so ive had this problem for a few months now and at random times ads just start playing i dont even have anything open. ive tried many thing to fix it but nothing works they just keep on playing. also at random times it tells me somthing like plug n play services have terminated and must now restart and DCOM services have terminated and must now restart and its is annyoing please help me.Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

A:Audio ads playing in background

Hi,
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
 rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.
After the tool has finished running, a text file named Rkill.txt should be located on the desktop. Please copy and paste the contents into your next reply.
 
xXToffeeXx~

7 more replies
Answer Match 68.04%

Hello There,

So recently, I've been hearing audio adverts play every once in a while on my laptop, I ran an AVG and that came up with nothing, and Ive had no warnings prior to it. To my knowledge, I have not downloaded anything.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:20:40, on 19/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Abigail\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Abigail\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Autodesk\SketchBook Pro 2011\SketchBookSnapshot.exe
C:\Users\Abigail\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Da... Read more

A:Audio ads playing on and off in the background

Hi,

If help still needed post fresh dds logs (attach.txt contents too).
 

3 more replies
Answer Match 68.04%

Hello,
Whenever I'm connected to the internet, at random times, audio ads play in the background, even when no browser is open. Ive searched the internet for solutions, and it seems that those who got the problem resolved posted in a forum like such. I have an idea as to what the problem is, but no idea how to solve it. If someone can walk me through this slowly, it would be much appreciated!
 

A:Audio Ads playing in background

Please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.
 

3 more replies
Answer Match 68.04%

Hi, I seem to have gotten infected by that bothersome malware that keeps playing audio ads by starting an internet explorer process. I tried using some anti-virus software but to no avail, so my last chance would be a hijackthis log.Thanks in advance for your help!The log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 00:20:58, on 09/07/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32&#... Read more

A:IE8 playing audio ads in background

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

11 more replies
Answer Match 68.04%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3033 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1292 Mb
Hard Drives: C: Total - 223434 MB, Free - 122150 MB; D: Total - 953866 MB, Free - 716425 MB; E: Total - 14999 MB, Free - 7394 MB;
Motherboard: Dell Inc., 0G848F, , .D9WTBH1.CN701669690022.
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled.

Malwarebytes has just been used to remove Fake "Hard Drive Diagnostics" program. PC now appears clean but audio adverts randomly play in background without showing any programs running but with iexplore.exe process active.
Any instructions and help you can give me would be greatly appreciated, thanks.
 

A:Audio ads playing in background

16 more replies
Answer Match 68.04%

Hi,
 
After startup I can hear advertisements in the background even though I am not running any programs. I run Windows 7
 
Upon opening the task manager it shows that internet explorer is open and that a website advertising something is open. I can't end the task either.
 
Sometimes it plays the entire ad or cuts off midway but it slows down other programs sometimes. It's more annoying than anything but I'm worried it may be a more serious threat.
 
I ran some anti malware
 
Hitman Pro
Malwarebytes
Rogue Killer
Comodo Cleaning Essentials
Emergency Kit Scanner
AdwCleaner
 
and ran full scans using myTrend Micro Antivirus and Microsoft Security Essentials.
 
They all came up clean but Hitman Pro did notice some tracking cookies
 
So anyway, what else can I do to try and fix this?

A:Background Audio ads playing

Let's try using MBAM Anti Rookit and ASWmbr.Download Malwarebytes Anti-Rootkit to your desktop.Double click on downloaded file. OK self extracting prompt.Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.MBAR will start. Click in the introduction screen "next" to continue.Click in the following screen "Update" to obtain the latest malware definitions.Once the update is complete select "Next" and click "Scan".When the scan is finished and no malware has been found select "Exit".If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.Open the MBAR folder and paste the content of the following files in your next reply:"mbar-log-{date} (xx-xx-xx).txt""system-log.txt">>>Please download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.When asked if you'd like to "download the latest Avast! virus definitions", click Yes.Click the Scan button to start the scan.On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

3 more replies
Answer Match 68.04%

All steps taken to try and resolve issue can be found at https://www.bleepingcomputer.com/forums/t/563549/audio-ads-playing-in-background/.
 
Audio ads play in background at seemingly random times. Whenever the ads play multiple instances of the Iexplorer.exe (you cant see any internet explorer windows) process are found running and sometimes taking up 100k plus memory while playing audio ads.
 
I will attach 2 sets of DDS logs one for when no audio ads are playing (after computer restart) and another for after the audio ads play.
 

A:Audio Ads Playing In Background

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.To attach a file select the "More Reply Option" and follow the instructions.Wait for further instructions.

7 more replies
Answer Match 68.04%

My computer has been attacked by many different kinds of virus these few days, like trojans, FBI malware. I have cleared all of those by using my antivirus software except the audio ads playing in background. I have been following the instructions of the post in this link: http://forums.techguy.org/virus-other-malware-removal/890285-audio-ads-playing-background.html

I disabled all the antivirus software realtime protection and ran the ComboFix already, but I couldn't find the combofix report. Can anyone help me with this? Thanks
 

More replies
Answer Match 68.04%

Hi

I have audio playing in the backgorund at random on my pc. The audio is adverts for products etc. Please can you help to remove this annoyance.

Thanks
Tony


DDS (Ver_09-10-13.01) - NTFSx86
Run by Tony at 21:20:51.21 on 15/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.282 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\wltray.exe
C:\Program Files\ATI Technologies\ATI Control Pane... Read more

A:Audio Playing In The Background

Hi,

Please do the following:

Download ComboFix from either of these locations:
Link 1
Link 2


VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When fini... Read more

9 more replies
Answer Match 68.04%

Hi Guys,
Thanks in advance for the help.

I have a toshiba laptop running the following -

Intel (R) Core (TM) Duo CPU T2250 @1.73 Ghz 1.73 Ghz
Memory (RAM) 4.00GB
System Type - 32 bit Operating System

Running Windows Vista Business 2007 Service pack 1.

Browser - IE 8

Yesterday I downloaded a couple of (obviously dodgy) files and also a (supposedly legitimate) program. Since downloading these, I found my default search engine had changed, and also I was getting audio ads playing in the background without IE open at all.

One of the files was an .exe which I am not sure what it was, the program was the 'Coffee Cup' website building software.

The first thing I did was reset my browsers default search engine to google. I then went into see any addons were added to my browser, and found a few that were not there before. One of them was 'hot revenue browser' or something like that.

I then re-booted my computer.

I then figured I had a problem as the ads were still playing. I ran Malwarebytes, and found there were some problems, so I fixed all those errors. Log here -

Malwarebytes' Anti-Malware 1.37
Database version: 2190
Windows 6.0.6001 Service Pack 1
21/04/2010 3:08:13 PM
mbam-log-2010-04-21 (15-08-13).txt
Scan type: Quick Scan
Objects scanned: 97287
Time elapsed: 10 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected... Read more

A:Audio Playing in Background

11 more replies
Answer Match 68.04%

Good evening.

Ever since this morning, I've been getting audio ads playing on my computer despite the fact that my browser is closed and that no video is playing at all. I've been worried, since my Windows Live OneCare detected trojans recently... But I deleted them, and now it doesn't detect anything wrong anymore, no viruses, nothing. A few times I opened Task Manager to check if I noticed a process that I didn't recognize, but nothing came on.

Here is my HijackThis log. Please do tell me if you see something suspicious.

Thanks for the help in advance.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:30:47 PM, on 01/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program F... Read more

A:Audio ads playing in background

16 more replies
Answer Match 68.04%

So basicly I hear audio advertisements playing in the background that talk about buying products, "How I got rich quick", etc...
 
Somethings to note are Firefox is my default browser I never use Internet explorer.
The Iexplorer.exe process will always run 3 instances of itself even though you cannot see it open, If you try to kill the process it will open back up automatically.
The application tab shows Internet explorer connected to the following website: "http://ib.pixadsserve.com/?s=23327" and will sometime switch to careercast.com.
 
I have tried MBAM but this thing will not go away. Maybe someone here knows.

A:Audio Ads Playing In Background

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

25 more replies
Answer Match 68.04%

Hi
I currently have the same issue as sutefaniidesu who had an entry entitled "Audio ads playing in the background" from Jan 1, 2010. I've included the sysinfo, ComboFix log and the "loaded drivers" information from my ntbtlog.txt. My issue occurs as soon as the login screen appears which is why I'm sending the ntbtlog.txt. Any help would be greatly appreciated.

Thanks,
zefram
=============== Sysinfo

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz, Intel64 Family 6 Model 26 Stepping 5
Processor Count: 8
RAM: 12279 Mb
Graphics Card: NVIDIA GeForce GTX 470, 1280 Mb
Hard Drives: C: Total - 953767 MB, Free - 141312 MB; D: Total - 1907718 MB, Free - 924581 MB; E: Total - 953867 MB, Free - 182680 MB;
Motherboard: ASUSTeK Computer INC., SABERTOOTH X58
Antivirus: None
================ ComboFix log
ComboFix 12-05-24.01 - w7 05/24/2012 9:01.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.10599 [GMT -4:00]
Running from: c:\users\w7\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 13:07 . 2012-05-24 13:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-24 13:07 . 2012-05-24 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
20... Read more

A:Audio ads playing in background

13 more replies
Answer Match 68.04%

I have recently had audio only ads running in the background. No application open - no browser or media player.

I have run Spybot and Malwarebytes. Upon searching further I have found your site. I have installed Hijackthis and here is my log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:10 PM, on 28/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
F:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
F:\F-Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://... Read more

A:Audio ads playing in background

15 more replies
Answer Match 68.04%

I have ads playing in my background when connected to the internet but no windows are open. I've tried some of the suggestions listed on this forum but I think I need a manual command to fix the issue. Here are the logs of some of the programs I've tried to use to fix the problem. Any help would be appreciated.

TDSSKILLER
20:08:03.0536 5592 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:08:05.0556 5592 ============================================================
20:08:05.0556 5592 Current date / time: 2014/01/06 20:08:05.0556
20:08:05.0556 5592 SystemInfo:
20:08:05.0556 5592
20:08:05.0556 5592 OS Version: 6.1.7601 ServicePack: 1.0
20:08:05.0556 5592 Product type: Workstation
20:08:05.0557 5592 ComputerName: OWNER-PC
20:08:05.0557 5592 UserName: Owner
20:08:05.0557 5592 Windows directory: C:\Windows
20:08:05.0557 5592 System windows directory: C:\Windows
20:08:05.0557 5592 Running under WOW64
20:08:05.0557 5592 Processor architecture: Intel x64
20:08:05.0557 5592 Number of processors: 4
20:08:05.0557 5592 Page size: 0x1000
20:08:05.0557 5592 Boot type: Normal boot
20:08:05.0557 5592 ============================================================
20:08:10.0040 5592 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:08:10.0044 5592 Drive \Device\Harddisk1\DR1 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0... Read more

A:Audio Ads Playing In The Background

16 more replies
Answer Match 68.04%

Hello,

I am looking for some help here. My computer got infected Yesterday. I ran Malwarebyes and that cleared the main Virus but I still have Audio Ads playing randomly in the background. I can have no browser open but those Ads keep playing and I get redirected when using Google search. I also get Script error every so often. When I look at the process, there is nothing running there, Only way to stop it by killing Explorer.exe. I have run Rootkit Buster (Trend Micro), Tdss Killer, Malware Bytes, Hit Man Pro and Combofix. None of them are finding anything. I have also clear all my temps using Ccleaner. I also Uninstall Firefox (My Main Browser) and also reset Internet Explorer and also manually disabled all Browser. When None of this worked, I did a system restore to 2 weeks ago, the script error popped right back up as soon as I logged back in, I ran updated combofix again. Please help, I am not posting the Log as its says so i the forum rule but I ran it before reading this rule...

Thank you !

A:Background Audio Ads Playing

You most likely have a Bootkit infection.Having run ComboFix we need to see that and a DDS log.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip the GMER step and instead post the ComboFix log you have.Let me know if that went well.

3 more replies
Answer Match 68.04%

Hi folks...and hope you can help
 
I'm running Windows 7, 64 Bit
 
I've read a number of threads here on the subject, and tried a number of programs to clear this up, but no luck as of yet.  I also believe I have the "Proxy 127.0.0.1".  Using Admin rights I've tried to change the DWord for "ProxyEnable" to "0", and delete "ProxyServer", which was set to "http=127.0.0.1:8877;https=127.0.0.1:8877", but it keeps coming back.
 
I've downloaded the current versions, and virus databases of:
- Malwarebytes
- HitmanPro_x64
- SpyHunter
- tdsskiller
- ESET
- Adwcleaner 5.019
 
I've also downloaded the below files based on what i've read here, run them, and saved the text file:
- ESET
- Rkill
- Junkware Removal
- Adwcleaner
 
In may cases I have to run "RKill" again to launch the program.  Prior to realizing what RKill was, I was running in SAFE MODE.
 
Below are the FRST text files.  I sure hope someone can help
 

A:Audio Ads Playing in background

Hi there, I will be helping you with your malware related problems.
 
Can you please upload the below files:
C:\Program Files (x86)\claim\remember.exe
C:\Program Files (x86)\repulsive\cars.exe
To this link for review?
 
Thank you

19 more replies
Answer Match 68.04%

Hello! Earlier tonight my computer randomly restarted itself, and afterwards I've been having random audio ads playing in the background. It's not coming from my web browser, and my volume mixer is showing it as "name not available." I downloaded Avast! free and I'm currently running a full system scan, but it hasn't found anything, and the webshield is constantly popping up, telling me it's blocking multiple malware objects that are infecting my System32\svchost.exe. I haven't downloaded anything risky recently that I can remember, but I have streamed tv shows online on project free tv.
 
I've read a thread on here that had a similar problem and it ended up being a rootkit, and I think that might be the case here .
 
Any help would be appreciated!
 
I am running Windows 7 Ultimate 64bit

A:Audio Ads playing in the background

Hi xMassy,
 
Run these for me:
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
 rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.
 
----------
 
Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
 
 
Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
 
 
Click Start Scan and allow the scan process to run
 
 
If threats are detected select Skip or Cure (if available) for all of them u... Read more

11 more replies
Answer Match 68.04%

Audio ads playing in background, PLEASE HELP!
For a few weeks I have had audio ads playing in the background of my computer whenever the internet is connected, even when there are no windows up. I have ran my Norton and nothing shows up, but obviously something is wrong. I was wondering if anyone out there who can walk me through figuring out how to fix this problem. I would greatly appreciate any and all help!

Thank you!
 

More replies
Answer Match 68.04%

I saw this problem was solved many times on the forums, but didn't want to follow the steps in case they were meant only for the other people's unique situations. So I decided to make an account and ask for help.
These ads usually play around 3-4 am, but happen throughout the day and in the volume mixer, its shown its done through chrome. Also recently, chrome has been eating up a lot of CPU usage even when it's not doing anything, so I think thats related.
Used malwarebytes, Kaspersky, doesn't detect anything.
Thanks in advance.
 

A:Audio ads playing in the background

Welcome aboard
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

31 more replies