Audio Ads won't stop!

Hi guys. I have Win 7 Sp1. Generally no issues. All the sudden I started having an issue where audio ads play non stop the second I boot up. Under audio mixer the volume controls for the ad says "name not available." I have comodo installed and it picked nothing up. I ran malware bytes and it found a few ad malware that I removed but the audio ads persist. I checked all my browsers for suspicious ad ons and found nothing. I even uninstalled
Chrome and Firefox. I disabled Microsoft firewall and installed zone alarm free firewall that was rated highest by PC mag. I ran Kapersky's tdss killer and it found nothing. I deleted all temp files, cache files and fixed the registry problems with CCcleaner many times over. Idk what is left to do and don't understand how this Trojan or malware can evade so many systems. I'm a Mac user first so I have never experienced anything like this. Please help before I run away from Windows again! Ha.
38 answers Last reply
More about audio ads stop
  1. Run msconfig.exe and review the entries on the systemstart tab. Uncheck whatever looks suspicious and restart.
  2. Where is the msconfig.exe? Is that via windows? I read in another thread I should run malware bytes in safe mode, should I also do that for comodo? I also ran tdss killer with the driver installed and that time it found medium threats on some .dll files in my system folder that are important to the operating system. How would I fix something like that?
  3. Vodoochild81 said:
    Where is the msconfig.exe? Is that via windows? I read in another thread I should run malware bytes in safe mode, should I also do that for comodo? I also ran tdss killer with the driver installed and that time it found medium threats on some .dll files in my system folder that are important to the operating system. How would I fix something like that?

    Just hit Start and enter msconfig in the search field. Malwarebytes is another chance.
  4. if you have the run box enabled type it in there.once into msconfig go to startup and do what the previous poster said.if not just type it in your search bar at the bottom of the start menu.if this doesnt work post back as you may have picked up some malware.there are some good tools to get rid of this and i can give you some links.in meantime i would also run an antivirus scan as well.post logs if you can.
  5. Nothing too suspicious is running under system configuration startup tab. However isn't that the point of malware to remain undetected? I am running malware bytes in safe mode. Comodo. What else could u send me links wise?
  6. But I've used many other tools like that , what makes macafree stinger better then kapersky comodo or malware?
  7. there is a definite order to do this in. first download and run security check by 317.run a scan and post the log. also download and run a scan with hijack this.do not fix anything just yet,just post the log. next download and run adwcleaner from explode and let it get rid of anything it finds.post the log from this as well and we can take it from there.here are the links.

    http://screen317.spywareinfoforum.org/
    http://sourceforge.net/projects/hjt/
    http://www.bleepingcomputer.com/download/adwcleaner/
  8. Non of you links are from offical sources. Windows says the publishers could not be verified...whats going on with that???

    I did a scan with Stinger and got this...I did a scan with Kapersky TDSS killer and that too showed up zero threats.

    McAfee® Labs Stinger™ Version 12.1.0.732 built on Jan 2 2014 at 15:14:35
    Copyright© 2014, McAfee, Inc. All Rights Reserved.

    AV Engine version v5610.1040 for Windows.
    Virus data file v1000.0 created on Jan 2, 2014
    Ready to scan for 6332 viruses, trojans and variants.

    Scan initiated on Thursday, January 02, 2014 18:50:10


    Rootkit scan result : Not Scanned.


    Summary Report on Smart Scan
    File(s)
    TotalFiles:............ 8187
    Clean:................. 8187
    Not Scanned:........... 0
    Possibly Infected:..... 0

    Time: 00:05:37

    Scan completed on Thursday, January 02, 2014 18:55:47
  9. just not recognized by ms.these are tried and true tools and are not malware.what are you using for av? anyways if you dont trust em google em.if you still dont trust em i cant help you.
  10. aldan said:
    just not recognized by ms.these are tried and true tools and are not malware.what are you using for av? anyways if you dont trust em google em.if you still dont trust em i cant help you.


    Hey, here is the hijack log...adwcleaner is just sitting there doing nothing...safe mode is slowing everything down..i am going to reboot in regular mode and try it there.

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 7:19:10 PM, on 1/2/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)


    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\shawnh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S5BJFXS\stinger32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\shawnh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S5BJFXS\HijackThis.exe
    C:\Users\shawnh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S5BJFXS\AdwCleaner.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\shawnh\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: PrivDogExtension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PrivDogService] "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
    O4 - HKCU\..\Run: [Steam] "G:\Program Files\steam.exe" -silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: "C:\Users\shawnh\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: "C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Program Files\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
    O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: pcregservice Service (pcregservice) - Unknown owner - C:\Program Files\pcreg\pcreg.exe
    O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Sophos Virus Removal Tool (SophosVirusRemovalTool) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

    --
    End of file - 14628 bytes
  11. going to take a while to go thru this log.i have to out for a few hours,will look when i get back.by all means boot into regular windows for the scans.cheers.
  12. done looking at your log and couple of questions. what antivirus are you using.i see av tools from sophos,zonealarm,and avg.if you have more than on av installed it will create conflicts.myself,i recommend avast 9 (2014),but you can use what you like as long as its just one.make sure to remove all others. now i need to see those other logs.while this may seem a slow process its thorough.cheers
  13. aldan said:
    done looking at your log and couple of questions. what antivirus are you using.i see av tools from sophos,zonealarm,and avg.if you have more than on av installed it will create conflicts.myself,i recommend avast 9 (2014),but you can use what you like as long as its just one.make sure to remove all others. now i need to see those other logs.while this may seem a slow process its thorough.cheers


    Thanks for your help. I use Comodo mainly. I also have malwarebytes installed. Should I remove that? zonealarm I use solely for my firewall. I think i will try another. I don't love comodo. They are constantly trying to get me to buy things. why is Avast 9 good? To update you after I did the hijack I did Adwcleaner and it found a bunch of other ad malware that malware bytes failed to use. However I accidently closed the log file..In the quarantine is things like tarmainstaller, something posing as the ascpca and a bunch of other stuff. My machine defintiely ran faster after that so thank you! HOWEVER, the audio ad problem still persists. On the plus side the ads seem to be intefered with. Not to mention my firewall zonealarm is picking up all these incoming and outgoing transmissions. Does that mean something is mining data from my machine?... Whenever I run adwcleaner again nothing comes up to clean but this under chrome..C:\Users\shawn*\AppData\Local\Google\Chrome\User Data\Default\preferences
    I try to clean it, it says it does, but still comes up when i try to run adwcleaner again. I then went into that folder and found that there is a bunch of stuff left over even though I removed chrome.Inside the extentions folder there is a bunch of folders with random titles liek "dihadhsakdhaskdhasjkdhakjjhd" Isn't that malware? Should I manually delete it?.... On the good side, also I haven't gotten the DCOMM error where it logs you out of windows, so I assume we are making progress! Oh and I also tried Junkware removal tool and it removed this...It seems all the different apps find different things..

    ~~ Services


    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice


    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}


    ~~~ Files


    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
    Successfully deleted: [Folder] "C:\Users\shawnh\appdata\local\adtrustmedia"
    Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"


    ~~~ Event Viewer Logs were cleared
  14. kinda figured it would pick up a few things.on we go then.now download and run rogue killer from bleeping computer and let it take out anything it finds.post the log and then run another hijack this scan and post that log.no problem with your av as long as you dont have more than one av realtime scanner running at the same time.
  15. aldan said:
    kinda figured it would pick up a few things.on we go then.now download and run rogue killer from bleeping computer and let it take out anything it finds.post the log and then run another hijack this scan and post that log.no problem with your av as long as you dont have more than one av realtime scanner running at the same time.


    I have some new critical info. I uninstalled all my AV programs and installed Avast. It was rated number 1 by cnet and I can see why. It is seeing things no other Av program did. First off with the quick scan it says there is a virus on the cryptbase.dll file location c://windows/system32/sysprep...Also constantly web shield goes off "threat has been detected" for object it has some weird url...infection: URL:Mal Process: C:/windows/system32/svchost.exe...The kind of infection and process are always the same but the object keeps changing. I assume this is the ads and it is blocking it? However, it is not giving me an option to fix anything. All it did was quarantine that cryptbase.dll... This all sounds very serious as isn't if the important system32 files are infected you can't really delete them or anything. What should I do?...I also did a boot scan and another system32 file came up...I tried repairing it, and it said I have no share privilege, and I tried deleting it, same thing.
  16. aldan said:
    kinda figured it would pick up a few things.on we go then.now download and run rogue killer from bleeping computer and let it take out anything it finds.post the log and then run another hijack this scan and post that log.no problem with your av as long as you dont have more than one av realtime scanner running at the same time.


    oh yea and I am trying to run rogue killer...when it starts to scan it finds some problems in the registry..Type: PUM Key type: HJ POL Global HKEY_CURRENT_USER...It lists a few of these...HJ DESK as well... HOWEVER, roguekiller.exe then stops working every time. Any ideas why it is crashing? Is the virus blocking it? This is insane...
  17. ok,this is a nasty one. download a program called combofix to your desktop.important to download to your desktop. disable any antivirus and run combofix.dont do anything while it is running,not even move the mouse.it can take some time to finish.post the log when it is done. its really important for me to see these logs including the avast one.if i dont see them its kinda like working with a blindfold on.cheers.
  18. aldan said:
    ok,this is a nasty one. download a program called combofix to your desktop.important to download to your desktop. disable any antivirus and run combofix.dont do anything while it is running,not even move the mouse.it can take some time to finish.post the log when it is done. its really important for me to see these logs including the avast one.if i dont see them its kinda like working with a blindfold on.cheers.


    Well, I am running a full system scan now from Avast! It is taking a long time. I only did a quick scan. should I stop it and run combo fix? Should I also disable my firewall? I read about combofix and it said it automatically fixes problems, so what if it deletes something that is a false positive or a critical file i need?
  19. aldan said:
    ok,this is a nasty one. download a program called combofix to your desktop.important to download to your desktop. disable any antivirus and run combofix.dont do anything while it is running,not even move the mouse.it can take some time to finish.post the log when it is done. its really important for me to see these logs including the avast one.if i dont see them its kinda like working with a blindfold on.cheers.


    Also what about running rogue killer in safe mode first? Maybe that will help.
  20. let avast finish and post the log.ive never seen combofix take anything as a false positive.just dont mess with it while its running.
  21. aldan said:
    let avast finish and post the log.ive never seen combofix take anything as a false positive.just dont mess with it while its running.


    Should I of been running avast in safe mode? I am reading reports of combofix deleting important registry files which the person could not even boot. Combofix just DELETES everything? it doesn't ask you to delete first?

    I shouldn't give rogue killer a shot first in safe mode? I thought if a virus is stopping a program like rogue killer , it can't in safe mode.
  22. i would wait until avast is finished and post the log.you can try rogue killer in safemode keeping in mind safemode doesnt always guarantee success.post the log from that too.then we will talk again about combofix.
  23. aldan said:
    i would wait until avast is finished and post the log.you can try rogue killer in safemode keeping in mind safemode doesnt always guarantee success.post the log from that too.then we will talk again about combofix.


    hi man, sorry for the delay, the scan took all day as I have 4 3 TB Hds in my computer. So the scan yielded no threats. However, that system 32 file is still in the quarantine. I did run Rogue Killer in safe mode. It woked! I deleted those PUM registry's which I looked it up and thats malware correct? This is the report.

    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode with network support
    User : shawnh [Admin rights]
    Mode : DNSFix -- Date : 01/04/2014 02:11:49
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    Finished : << RKreport[0]_DN_01042014_021149.txt >>
    RKreport[0]_D_01042014_021121.txt;RKreport[0]_H_01042014_021144.txt;RKreport[0]_S_01042014_020903.txt
  24. i take it your machine is still talking to you? just out of curiosity,can you go to msconfig startup and give me a screenshot of the programs that are starting with your computer? if i dont see anything there ie a name of this little bugger combofix would be my next step.
  25. aldan said:
    i take it your machine is still talking to you? just out of curiosity,can you go to msconfig startup and give me a screenshot of the programs that are starting with your computer? if i dont see anything there ie a name of this little bugger combofix would be my next step.


    How do you do a screen grab? I'm a Mac user..,

    In system config the only thing suspicious is a program called vprot the publisher is unknown and it's in a folder called avg safeguard toolbar/vprot. Exe and I can't find the folder anywhere..

    I was about to do combo fix. Please let me know all the risks using it. What exactly will it do? It can cure these svchost.exe issues?
  26. Oh and no the audio ads are gone. However like I said before avast! Keeps blacking a harmful webpage or file. The process is systems32/svchost.exe

    It keeps blocking over and over again - everytime it does it, it's a new URL. I assume this is avast blocking the audio ads right?
  27. Oh and should I run combo fix in safe mode? Since rogue killer needed to be? Or I should run it in reg mode but disable my firewall and avast?
  28. if the ads are gone dont run combofix.when it blocks the bad url what exact site are you trying to go onto? if avast gives you options as to what action to take either delete or quarantine it. gotta go to bed now but do post back.cheers. do run another hijack this scan and post another log.
  29. I am doing nothing when this is detected. Accessing no web page. It's automatically trying to access it. The infection it is blocking is "URL: mal" it gives me no options to quarantine or do anything besides ask more details or report as a false positive. It does this over and over again so what on my computer is trying to access this URL mal? If the process is svchost.exe does that mean that file is infected? Thanks!
  30. latest hijack.
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 4:35:06 AM, on 1/4/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\spotify.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\AVAST Software\Avast\AvastBCL-Sfx.exe
    C:\Users\shawnh\AppData\Local\Temp\7zSC2A2.tmp\BrowserCleanup.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\WinRAR\WinRAR.exe
    C:\Users\shawnh\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: "C:\Users\shawnh\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: "C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - (no file)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Program Files\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
    O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: pcregservice Service (pcregservice) - Unknown owner - C:\Program Files\pcreg\pcreg.exe
    O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

    --
    End of file - 13364 bytes
  31. I think I fixed it! Googling this issue most people solved this problem with tdss killer. Which found nothing for me. So I tried malwarebytes rootkiler and it found a Trojan on the file rpcss.dll in the system32 folder. I did a cleanup and no audio
    Ads and no more of this avast warnings. So I assume a combo of malware bytes and adwcleaner got rid of the malware that this Trojan was creating, but this Trojan was the source. I should be ok now right? Why did malwarebytes rootkiller find this but tdss killer did not? What is a rootkit exactly? Thanks!!!
  32. good you got it sorted. here is a definition thats better than anything i could muster.
    http://en.wikipedia.org/wiki/Rootkit
    keep an eye on things. do regular av and malwarebytes scans.malwarebytes pro is well worth paying for as its a realtime scanner.if you go with the free version scan often. i wouldnt mind seeing another hijack this log just to be sure you got it.cheers
  33. aldan said:
    good you got it sorted. here is a definition thats better than anything i could muster.
    http://en.wikipedia.org/wiki/Rootkit
    keep an eye on things. do regular av and malwarebytes scans.malwarebytes pro is well worth paying for as its a realtime scanner.if you go with the free version scan often. i wouldnt mind seeing another hijack this log just to be sure you got it.cheers


    Here is the latest Hijack...

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 1:46:19 PM, on 1/4/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\spotify.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\shawnh\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: "C:\Users\shawnh\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: "C:\Users\shawnh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - (no file)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
  34. what should I ad to my browsers to block malicious sites? I use chrome and firefox. I'm pretty sure I got this from a website.
  35. i use comodo dragon which is a chrome base browser and have adblock plus installed.comodo also has an option to use secure dns when browsing (blocks the bad guys).i havent had an infection in forever. just a matter of housekeeping,i would run another hjt scan and check fix on the following.

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    while not harmfull,these are not needed (bet you never use em). my security is pretty simple.windows firewall,avast 2014,comodo dragon secure dns,and malewarebytes pro.that and a bit of common sense (probably very little lol.)your hjt log looks clean.happy trails.
  36. aldan said:
    i use comodo dragon which is a chrome base browser and have adblock plus installed.comodo also has an option to use secure dns when browsing (blocks the bad guys).i havent had an infection in forever. just a matter of housekeeping,i would run another hjt scan and check fix on the following.

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    while not harmfull,these are not needed (bet you never use em). my security is pretty simple.windows firewall,avast 2014,comodo dragon secure dns,and malewarebytes pro.that and a bit of common sense (probably very little lol.)your hjt log looks clean.happy trails.


    Hey Man, things have been going fine on my computer but now i have a new issue. I posted a new thread but thought I would post to you what it is if it is related to the problem you helped me with. Hope all is well. "I tried to update Java and suspicious behavior kept coming up in Zone Alarm. It said FIU is trying to communicate with several file locations on my computer. A lot of system 32 files. Like Svhost.exe, windows explorer etc etc...I know Zone Alarm thinks even legit software is suspicious but what is FIU? Is that oracle's or is that a virus? If it is Oracle why is it trying to communicate with so many areas on my computer. The thing is I uninstalled Java and FIU still kept trying to access my computer. After I denied all of them it finally uninstalled. I then went to Oracle.com and downloaded the latest version of Java and tried to reinstall it but that FIU warning still keeps coming up. I did recently have a problem with Malware, audio ads and etc. Malware Beta Root Kit fixed that issue however. I ran Avast, Malware Bytes, TDSS Killer,and Malware Bytes Beta Root kit again, and none of them found anything...Perhaps FIU is just Java, but I wanted to know if anyone else experienced this..Also, my Zone Alarm firewall has blocked over 3,000 transmissions since I installed it about a month ago. Is that normal?"
  37. java is not really necessary to have anymore.it has some business applications but thats it.its also a malware magnet.i havent had java on my computer in almost a year. java script is another story.until i went to avast for my anitvirus i would keep the java plugin disabled when i didnt need it.avast has a built in bad script blocker so i now leave the plugin enabled. java script is not to be confused with java (different animals entirely).i would get rid of everything java and not look back.the only reference i found for fiu is florida international university.there should be a way to have your firewall permanently block this so it doesnt bug you all the time,but im not familiar with zonealarms firewall settings.maybe run a complete scan with avast and get rid of anything it finds.i will try to find your other post as well.cheers
Ask a new question

Read More

Malware Audio Windows 7