# The sound on my laptop has suddenly stopped working?



## david150 (Jun 11, 2011)

I was having some trouble with a computer virus, so I had to install some anti-virus type things. Here's the exact things I installed: ComboFix, speedingupmypic, HiJackThis, unhide, ReimageRepair, and mbam....The virus went away and everything's back to normal thanks to these programs, however, the sound is no longer working. The sound is on full blast and nothing comes out or says anything.

But I know the sound still works because when I click "Sounds" on my computer's control panel, it allows me to test "Program Events" and the sound comes out perfectly fine. For example, I click on "Asterisk", than click test and the sound works perfectly fine. Right now it's only on the internet, like youtube and such, that I'm having this problem. My initial thought was that (one of) the program(s) I installed is/are blocking sound, or that the virus took the sound with it when it went. But I really have no clue.

Anyway, if you know of a solution to this problem than please let me know. I just want to get the sound back on my computer. Like I said, it works so I don't think I need a new sound card, but it's just not coming out. Help is much appreciated, as I'd love to get the sound working again. Thanks in advance.

*Additional Details*
Nothing pops up or anything, just no sound. I'm stumped on this one.

The computer is about a year old, probably not even, and it works just fine. This is the only problem I'm having.


----------



## johnb35 (Jun 11, 2011)

My advice is to get rid of speedupmypc and reimage repair.  Then post the logs from malwarebytes, combofix and hijackthis.


----------



## david150 (Jun 11, 2011)

johnb35 said:


> My advice is to get rid of speedupmypc and reimage repair.  Then post the logs from malwarebytes, combofix and hijackthis.



I just removed speecupmypc and reimage repair.  

What do you mean by posting the logs?  How would I go about doing that? 

Thank you!


----------



## johnb35 (Jun 11, 2011)

Open malwarebytes, click on the logs tab and open the log that removed malware and then copy and paste the contents in your next reply.

The combofix log will be located at C:\combofix.txt.  Open it and just copy and paste the contents of that log in your next reply.

For hijackthis do the following.

Open hijackthis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces in your next reply along with the combofix and malwarebytes logs.  However, you may have to post them in separate replies.


----------



## david150 (Jun 11, 2011)

Ok...malewarebytes has 2 items in the logs:

The first is *mbam-log-2011-06-10 (16-31-16).txt* and here is the contents:
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xVWrsqSWuxYVn (Trojan.FakeAlert) -> Value: xVWrsqSWuxYVn -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\xvwrsqswuxyvn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\37740280.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\David\AppData\Local\Temp\-213E8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\David\AppData\Local\Temp\1363E8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\David\AppData\Local\Temp\1841.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\David\AppData\Local\Temp\tmp142C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\David\downloads\myfuncards.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Users\David\downloads\pdfconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

The 2nd item is *protection-log-2011-06-10.txt* 
15:27:22	David	MESSAGE	Protection started successfully
15:27:31	David	MESSAGE	IP Protection started successfully
15:27:34	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49320, Process: 37740280.exe)
15:27:34	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49318, Process: 37740280.exe)
15:27:58	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49319, Process: 37740280.exe)
15:33:19	David	MESSAGE	Protection started successfully
15:33:27	David	MESSAGE	IP Protection started successfully
15:33:39	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49159, Process: 37740280.exe)
15:33:39	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49160, Process: 37740280.exe)
15:33:39	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49161, Process: 37740280.exe)
15:33:39	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49162, Process: 37740280.exe)
15:33:39	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49163, Process: 37740280.exe)
15:34:36	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49164, Process: 37740280.exe)
15:40:07	David	MESSAGE	Protection started successfully
15:40:20	David	MESSAGE	IP Protection started successfully
15:41:56	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49158, Process: 37740280.exe)
15:41:56	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49159, Process: 37740280.exe)
15:41:56	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49160, Process: 37740280.exe)
15:41:56	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49161, Process: 37740280.exe)
15:43:10	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49169, Process: 37740280.exe)
15:43:12	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49170, Process: 37740280.exe)
15:43:13	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49171, Process: 37740280.exe)
15:43:14	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49172, Process: 37740280.exe)
15:44:04	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49203, Process: 37740280.exe)
15:44:04	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49204, Process: 37740280.exe)
15:44:04	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49205, Process: 37740280.exe)
15:44:04	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49206, Process: 37740280.exe)
15:45:09	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49270, Process: 37740280.exe)
15:45:09	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49271, Process: 37740280.exe)
15:45:09	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49272, Process: 37740280.exe)
15:45:09	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49273, Process: 37740280.exe)
15:45:43	David	DETECTION	C:\PROGRAMDATA\37740280.EXE	Trojan.FakeAlert	QUARANTINE
15:45:44	David	ERROR	Quarantine failed:  DeleteFile failed with error code 5
15:45:46	David	DETECTION	C:\PROGRAMDATA\XVWRSQSWUXYVN.EXE	Trojan.FakeAlert	QUARANTINE
15:45:47	David	ERROR	Quarantine failed:  DeleteFile failed with error code 5
15:46:06	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49338, Process: 37740280.exe)
15:46:07	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49339, Process: 37740280.exe)
15:46:07	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49340, Process: 37740280.exe)
15:46:08	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49341, Process: 37740280.exe)
15:47:05	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49376, Process: 37740280.exe)
15:47:05	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49377, Process: 37740280.exe)
15:47:05	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49378, Process: 37740280.exe)
15:47:05	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49379, Process: 37740280.exe)
15:48:12	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49388, Process: 37740280.exe)
15:48:12	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49389, Process: 37740280.exe)
15:48:12	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49390, Process: 37740280.exe)
15:48:13	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49391, Process: 37740280.exe)
15:49:10	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49398, Process: 37740280.exe)
15:49:10	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49399, Process: 37740280.exe)
15:49:11	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49400, Process: 37740280.exe)
15:49:11	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49401, Process: 37740280.exe)
15:50:08	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49457, Process: 37740280.exe)
15:50:08	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49458, Process: 37740280.exe)
15:50:09	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49459, Process: 37740280.exe)
15:50:09	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49460, Process: 37740280.exe)
15:51:06	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49470, Process: 37740280.exe)
15:51:06	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49471, Process: 37740280.exe)
15:51:06	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49472, Process: 37740280.exe)
15:51:06	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49473, Process: 37740280.exe)
15:52:11	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49528, Process: 37740280.exe)
15:52:11	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49529, Process: 37740280.exe)
15:52:11	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49530, Process: 37740280.exe)
15:52:12	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49531, Process: 37740280.exe)
15:53:09	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49582, Process: 37740280.exe)
15:53:09	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49583, Process: 37740280.exe)
15:53:09	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49584, Process: 37740280.exe)
15:53:09	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49585, Process: 37740280.exe)
15:54:06	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49607, Process: 37740280.exe)
15:54:06	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49608, Process: 37740280.exe)
15:54:06	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49609, Process: 37740280.exe)
15:54:06	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49610, Process: 37740280.exe)
15:55:11	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49623, Process: 37740280.exe)
15:55:11	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49624, Process: 37740280.exe)
15:55:11	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49625, Process: 37740280.exe)
15:55:11	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49626, Process: 37740280.exe)
15:56:07	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49641, Process: 37740280.exe)
15:56:07	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49642, Process: 37740280.exe)
15:56:07	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49643, Process: 37740280.exe)
15:56:07	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49644, Process: 37740280.exe)
15:57:12	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49657, Process: 37740280.exe)
15:57:12	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49658, Process: 37740280.exe)
15:57:12	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49659, Process: 37740280.exe)
15:57:12	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49660, Process: 37740280.exe)
15:58:09	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49671, Process: 37740280.exe)
15:58:09	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49672, Process: 37740280.exe)
15:58:09	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49673, Process: 37740280.exe)
15:58:09	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49674, Process: 37740280.exe)
15:59:05	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49729, Process: 37740280.exe)
15:59:05	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49730, Process: 37740280.exe)
15:59:05	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49731, Process: 37740280.exe)
15:59:06	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49732, Process: 37740280.exe)
16:00:10	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49774, Process: 37740280.exe)
16:00:10	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49775, Process: 37740280.exe)
16:00:10	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49776, Process: 37740280.exe)
16:00:10	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49777, Process: 37740280.exe)
16:01:57	David	MESSAGE	Protection started successfully
16:02:06	David	MESSAGE	IP Protection started successfully
16:04:10	David	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49158, Process: 37740280.exe)
16:04:10	David	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49159, Process: 37740280.exe)
16:04:11	David	IP-BLOCK	94.63.149.98 (Type: outgoing, Port: 49160, Process: 37740280.exe)
16:04:11	David	IP-BLOCK	46.161.10.104 (Type: outgoing, Port: 49161, Process: 37740280.exe)
16:09:50	David	MESSAGE	IP Protection stopped
16:10:02	David	MESSAGE	Database updated successfully
16:10:16	David	MESSAGE	IP Protection started successfully
16:11:48	(null)	IP-BLOCK	193.105.154.21 (Type: outgoing, Port: 49288, Process: 37740280.exe)
16:11:48	(null)	IP-BLOCK	188.229.88.234 (Type: outgoing, Port: 49289, Process: 37740280.exe)
16:35:11	David	MESSAGE	Protection started successfully
16:35:22	David	MESSAGE	IP Protection started successfully
16:54:38	David	MESSAGE	Protection started successfully
16:54:44	David	MESSAGE	IP Protection started successfully
17:14:02	David	IP-BLOCK	78.129.244.78 (Type: outgoing, Port: 49420, Process: firefox.exe)
17:14:03	David	IP-BLOCK	78.129.244.79 (Type: outgoing, Port: 49422, Process: firefox.exe)
17:14:03	David	IP-BLOCK	78.129.244.78 (Type: outgoing, Port: 49423, Process: firefox.exe)
17:14:03	David	IP-BLOCK	78.129.244.79 (Type: outgoing, Port: 49425, Process: firefox.exe)
17:19:08	David	IP-BLOCK	78.129.244.78 (Type: outgoing, Port: 49542, Process: firefox.exe)
17:19:08	David	IP-BLOCK	78.129.244.79 (Type: outgoing, Port: 49544, Process: firefox.exe)
17:40:25	David	MESSAGE	Scheduled update executed successfully
17:42:45	David	MESSAGE	IP Protection stopped
17:42:53	David	MESSAGE	Database updated successfully
17:42:55	David	MESSAGE	IP Protection started successfully


----------



## david150 (Jun 11, 2011)

I can't find C:\combofix.txt.  I can't even find combofix in my downloads anymore to be honest, or anywhere on my computer.  I'm not sure about this.


----------



## johnb35 (Jun 11, 2011)

Did you run combofix?  Perhaps you uninstalled combofix by typing combofix /uninstall in the search box?   

Lets start by having you download and run combofix and post the logfile for me along with a hijackthis log.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces


----------



## david150 (Jun 11, 2011)

Combofix isn't working for me, it doesn't produce a logfile and I can't find it afterwards...I'm sorry I really have no idea what I'm doing here.  

I open up HiJack this and click "Do a System Scan and Save Log" and something pops up.  It says "For some reason your system denied write access to the hosts files.  If any hijacked domains are in this file, HiJackThis may NOT be able to fix this".  I just copied what I coukd here - 

HiJackThis.msi (file://DAVID-PC/Users/David/Downloads/HiJackThis.msi)


----------



## johnb35 (Jun 11, 2011)

What do you mean it isn't working for you? What happens when you run it?  To run hijackthis, right click hijackthis and click on "run as".  If the "run as" option doesn't appear then press and hold the shift key and then right click on hijackthis and then the option will appear.


----------



## david150 (Jun 11, 2011)

Well when I click that link you posted to download combofix, it gives me two options to download:

Author: sUBs 	Download Locations 	 
License: Freeware/Not for commercial use 	BleepingComputer Mirror: 	ComboFix Download Link 	
Operating System: Windows XP, Windows Vista, Windows 7 	ForoSpyware.com Mirror: 	ComboFix Download Link #2 	 

Please note that the BleepingComputer.com download link will expire in 10 minutes! After it has expired you will need to refresh the page to get a working link.




As for the HiJackThis thing, I don't see "Run As" even when I'm pressing shift.  It gives me different option for when I'm pressing shift than when I'm not...

I'm sorry man.  I appreciate the help, but my ineptitude with computers is probably going to be my downfall with this.


----------



## johnb35 (Jun 11, 2011)

For combofix click on the bleeping computer mirror download link.  For hijackthis, you will get the option to appear in one of those ways.  If you don't, then you must be doing something wrong.


----------



## david150 (Jun 11, 2011)

Can I email you about this, because I feel it would be easier to send you some screenshots and I'm not sure how to post them on here...


----------



## johnb35 (Jun 11, 2011)

sure. edited out


----------



## david150 (Jun 11, 2011)

Thank you.  I just sent you an attachment with a few screenshots in it.  Hopefully that will help you.


----------



## johnb35 (Jun 11, 2011)

The last screen shot you didn't actually right click on hijackthis. you right clicked on an open area of the desktop.  

The first screen shot doesn't look good if the message given is true.  Virut is a pretty nasty infection and only a fresh install of windows is recommended.  

However...

Do you have a usb flash drive available to use?  If so please download combofix from an uninfected computer and put it on the flash drive and then boot to safe mode on the infected pc and then run combofix on it.  If you don't have a usb flash drive then do the following...

Boot to safe mode with networking and download the following.

please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running combofix again.  Remember do not reboot the pc until after you can get combofix to run.  If combofix still won't run without the warning then you can reboot if you want as it doesn't matter at this point. 

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------



## david150 (Jun 11, 2011)

I downloaded Rkill.Scr in safe mode networking, everything went well there.

Then I downloaded ESET Online Scanner and this is the log (I'm pretty sure):
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=562dcd1cd3430240b04981248fe1849d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-11 04:17:11
# local_time=2011-06-11 12:17:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5121 16777214 100 75 375178 20338828 0 0
# compatibility_mode=5893 16776574 66 85 59294229 59309146 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=367
# found=1
# cleaned=0
# scan_time=135
C:\$Recycle.Bin\S-1-5-21-648988110-2748433343-3755578098-1000\$RXZ0Q7M.exe	a variant of Win32/Adware.SpeedingUpMyPC application (unable to clean)	00000000000000000000000000000000	I

Only thing is, when I try to download combofix it tells me to disable McAfee Anti-virus and anti-spyware and I truthfully do not know how to do that.


----------



## johnb35 (Jun 11, 2011)

The Eset scan takes at least an hour or so to scan your computer and it hasn't been that long.

To disable mcafee do the following.

Please navigate to the system tray and double-click the taskbar icon to open Security Center.

•Click Advanced Menu (bottom mid-left).

•Click Configure (left).

•Click Computer & Files (top left).

•VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.

•Do the same via Internet & Network for Firewall Plus.

Just make sure you go back and undo it when combofix has completed.


----------



## david150 (Jun 11, 2011)

I did that, diabled the mcafee, the combofix downloaded.  So after that I restarted it normally (not safemode), and I tested the sound.  And, what do you know?  It works again, just as clear as ever!!!!!!  

Awesome man.  You're a true life saver.  Absolutely awesome.  Thanks so much.


----------



## johnb35 (Jun 11, 2011)

I still need you to post the log that it provided for you.  You still may have infections that it didn't delete..  The log is located at C:\combofix.txt.  Just open the log and copy and paste it back here.


----------

