|
| My daughter has an allegedly new laptop. I say "allegedly" because there is a strange issue. I truly believe it is a brand new laptop, because she was at my house when she set everything up following the instructions the laptop was giving her.
Regardless, randomly either radio or TV commercial excerpts will start playing (audio only of extremely brief duration). It is exceedingly annoying. She has scanned several times using: Spybot, Superantipspyware, Malwarebytes, Microsoft Security Essentials, and Microsoft Malicious Software Removal Tool. None of these have found or removed a virus or Trojan. She and I are both stumped as to what she needs to do to get rid of this annoyance. We don't even know how to find out what "program" could even be doing this. Please, please, please help. |
Follow-Up Postings:
|
| Can we see a log to get a basic idea of what programs are installed and what's running, that may help us to identify any issues, it's a start, Click Here to download HJTInstall.exe Then do this Double click the hijackthis Icon on the Desktop, Scroll down to "Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"[ over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply.. |
|
- Posted by walnutcreek (My Page) on Sun, Sep 9, 12 at 12:17
| Thanks, Zep. Below is the logfile. Logfile of Trend Micro HijackThis v2.0.4 Running processes: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 -- |
|
| Like to see this too, Double click the hijackthis Icon on the Desktop, Scroll down to "Open the Misc Tools section" Click it at the bottom under System tools click "Open Uninstall Manager"[ over to the right click "Save List" Save it to your Desktop so you may find it, copy and paste it in your next reply.. |
|
- Posted by walnutcreek (My Page) on Sun, Sep 9, 12 at 12:32
| Here is that file list, Zep. AccelerometerP11 |
|
| Looks like you had White Smoke toolbar, ----> R3 - URLSearchHook: (no name) - (cce665dd-f6dd-4808-968e-eaec971f70ef) - (no file) It appears to be gone cause it says "No File" Just an orphaned registry key left over. We can look further into that as we go. Did Malwarebytes find anything when you ran it? If so do you have the log? Double click on AdwCleaner.exe to run the tool. Joe |
Here is a link that might be useful: adwcleaner
|
- Posted by ravencajun (My Page) on Sun, Sep 9, 12 at 13:19
| it almost sounds like she has something open in the back ground. Also many of the ads on these pages do have auto play and will start playing video, sound, music etc. Adding firefox with adblock plus and easylist would block all of those so she might try doing that to see if it makes a difference. Let us know if you need the info on doing that. |
|
| Sounds good ravencajun, cause I'm not seeing anything yet. Lets see what the next log shows, then we can go with the Adblock + |
|
- Posted by walnutcreek (My Page) on Sun, Sep 9, 12 at 13:45
| Here is the scan from adwcleaner: # AdwCleaner v2.001 - Logfile created 09/09/2012 at 12:37:33 ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Conduit ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0 (en-US) Profile name : default [OK] File is clean. ************************* AdwCleaner[R1].txt - [2258 octets] - [09/09/2012 12:37:33] ########## EOF - C:\AdwCleaner[R1].txt - [2318 octets] ########## |
|
| Please rescan with AdwCleaner. Double-click AdwCleaner.exe to run the tool. Click Delete. Everything that was found will be deleted. Save and open files and approve the reboot. A text file will open after the restart. Please post the contents of that logfile with your next reply. |
|
- Posted by walnutcreek (My Page) on Sun, Sep 9, 12 at 14:36
| # AdwCleaner v2.001 - Logfile created 09/09/2012 at 13:24:50 # Updated 09/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : ConstantLight - DJARUMBLACK711 # Boot Mode : Normal # Running from : C:\Users\ConstantLight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72D8GSU0\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0 (en-US) Profile name : default [OK] File is clean. ************************* AdwCleaner[R1].txt - [2381 octets] - [09/09/2012 12:37:33] ########## EOF - C:\AdwCleaner[S1].txt - [3185 octets] ########## |
|
- Posted by walnutcreek (My Page) on Sun, Sep 9, 12 at 14:50
| What fantastic advice. Thank you so very much, Zep. The ad/music are still in place; in fact, now it sounds like two different commercial excerpts playing one on top of the other. This is just the strangest thing I have every encountered. My daughter notice that McAfee or parts of it are listed in the very first Highjack This list posted and in the second list posted are parts of Nero. She had uninstalled these programs. How can she get rid of the remaining bits and pieces, please. As far as the commercials, is there a possibility that something is embedded in IE? I am grasping at straws here. |
|
- Posted by walnutcreek (My Page) on Sun, Sep 9, 12 at 14:52
| Oops. Meant to post what I mean about McAfee and Nero. C:\Users\ConstantLight\Desktop\HijackThis.exe: Open Uninstall Manager HighjackThis: |
|
| My daughter notice that McAfee or parts of it are listed in the very first Highjack McAfee is your Anti Virus program, why are you concerned with that? |
|
- Posted by walnutcreek (My Page) on Sun, Sep 9, 12 at 15:57
| Neither of us care for McAfee which was pre-loaded, and she uninstalled it and downloaded Microsoft Security Essentials, Superantispyware and Malwarebytes. That is why she would like all the bits and pieces of removed. Likewise, with Nero. She does not like Nero and uninstalled it, but would like the remaining bits removed from her haptop. |
|
| I did not no that, so lets get rid of McAfee all of it,using Application remover, The free AppRemover utility enables thorough uninstallation of security software like antivirus and antispyware applications from your computer. See link, let me know when that is done |
Here is a link that might be useful: appremove
|
- Posted by walnutcreek (My Page) on Sun, Sep 9, 12 at 21:12
| Well, darn. AppRemover did not remove the remnants of McAfee or Nero. The excerpts of sound from commercials continue. As the British would say, "I am just gobsmacked!" Thanks for your willingness to help remedy this situations, Zep. It is truly appreciated. |
|
| The sounds are 'brief', define brief please. Are you able to discern words or phrases at all? Any repetition of the same sounds? Click Start ------------------- Wait for the new window to be fully populated then look in the centre panel for errors. It will list those in the last hour and 24 hours. Click the plus sign beside Error to see the drop down menu, double click on any errors shown for explanations. Anything of interest there? |
|
| Thanks owbist but I'd like to continue with the McAfee removal, Lets run this for McAfee removal, Download the MCPR tool from: See link below, when you click on the link a box will open on this page, click Save file, save it to your desktop, Then right click on it and choose "Run as Administrator". That should get rid of Left over McAfee files. |
Here is a link that might be useful: MCPR.exe
|
| If that does not work we will delete these services manually. O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) |
|
| Of course Zep, my suggestions have no effect on your instructions I am just offering a new avenue seeing all your good work hasn't seemed to have fixed this strange puzzle. I am merely clutching at straws hoping something might pop up to give a clue on the challenge. |
|
| It's a weird one indeed and I like your suggestion. By the way if your here today, maybe revo will get rid of the nero program for walnutcreek. I'll be out most of day at that thing called work :( Joe |
|
| If for some reason the McAfee tool fails to remove those 023 services this is how to delete them manually using a command prompt. To delete a service (O23) manually using a windows command prompt follow the instructions: When the black window opens (command prompt)using your mouse copy this command in bold sc delete McShield now right click within the black box and choose paste, that will paste the command you copied into the command prompt, hit enter on your keyboard. Reboot. Do the same exercise for these sc delete mfefire Reboot sc delete mfevtp Reboot |
|
|
- Posted by ravencajun (My Page) on Mon, Sep 10, 12 at 12:42
| Great find Shax!!! zep it definitely looks like an infection,an MBR infection actually, I think it may be easier to send them to LzD than to suggest using the method on shax link however and safer. Since zep is helping you here I will let him make the call just in case he wants you to go to LzD here is the link to the area you would post your new thread in, you will need to register first of course. If you provide a link back to this thread it will be helpful. LzD Analysis and Malware Removal zep and I are there also so if you need help getting there should you go just ask. |
|
| @ravencajun Lets finish up the McAfee thing, an Nero, then I'll ask for a DDS log and the user will be more prepared for LDZ. I didn't like the link at all, the guy was just shooting various programs at the user and not 1 log was shown, and he said it was an MBR infection? I did not see awsMBR.exe ran either and that program scans and looks at the MBR and creates a log. |
|
| Zep..here's another thread with links and logs that may be of some help... Regards, |
Here is a link that might be useful: Same Problem
|
| Not a bad post, but it is 4 years old, I think the DDS log will be very helpful that I'm going to ask for, it will show us a great deal more information about files installed, when they were installed and where there installed to. It's very important to get logs on this machine, and not look at other peoples work on similar issues and sort of copy what they did, that being said it's still good reference material. My intentions are to fix McAfee an Nero, then turn the thread over to ldz Joe |
|
- Posted by ravencajun (My Page) on Tue, Sep 11, 12 at 1:37
| I agree with you. That's why I was not wanting any one to jump in to those directions on that link. It will be interesting to see what turns up on the logs. |
|
- Posted by walnutcreek (My Page) on Sun, Sep 16, 12 at 11:58
| My daughter had to go home and back to work, so she has not had time to work on the annoying commercial outbreaks. I am hoping she can get back to the issue soon. Just wanted to update y'all. |
|
- Posted by ravencajun (My Page) on Sun, Sep 16, 12 at 13:02
| do not let her delay if this is a serious infection she could be putting her information at risk especially if she uses this pc for any type of financial use. She can go to the LzD link I provided from where ever she is and the team will help her run the scans needed to clean it. |
|
- Posted by walnutcreek (My Page) on Mon, Oct 8, 12 at 17:05
| Thank you so much, zep, for the McAfee removal information. My daughter was able to totally remove McAfee. Here is what she stated: This worked! Tell everyone at GardenWeb thanks for all the help I really appreciate it. I THINK I the other issue with the sound bits is also fixed. I'll turn it on a few times through the week to check it out. Posted by zep516 (My Page) on Sun, Sep 9, 12 at 23:59 Thanks owbist but I'd like to continue with the McAfee removal, Download the MCPR tool from: See link below, when you click on the link a box will open on this page, click Save file, save it to your desktop, Then right click on it and choose "Run as Administrator". That should get rid of Left over McAfee files. Thanks to everyone else regarding removal of the sound bites issue. |
|
| Good news is welcome, thank you! Joe |
Please Note: Only registered members are able to post messages to this forum. If you are a member, please log in. If you aren't yet a member, join now!
Return to the Computer Help Forum
Instructions
- You must be a registered member and logged in to post messages on our forums.
- Posting is a two-step process. Once you have composed your message, you will be taken to the preview page. You will then have a chance to review the contents and make changes.
- After posting your message, you may need to refresh the forum page in order to see it.
- It is illegal to post copyrighted material without the owner's consent.
- HTML codes are allowed in the message field only.
- No advertising is allowed in any of the forums.
- If you would like to practice posting or uploading photos, please visit our Test forum.
- If you need assistance, please Contact Us and we will be happy to help.