Sound dissapears, pop ups, now a ticking noise.

Hi all,
Booted computer on Thursday morning and realised there was no sound, checked all hardware and that was ok then suddenly a pop up appeared (virtually a full page ad), realised something must have become infected. Run antivirus (at that time Mcaffe), also adaware and spybot. Antivirus did not get anything, adaware and spybot found nothing significant (tracking cookies etc). Decided to download AVG9 and run that, also totally removed Mcaffe and downloaded Comodo as firewall. AVG9 found nothing except saying a digital signature for nero was broke or something like that. Problem still persisted though. Can't quite remember where but found that computer was accessing www.yadaying.com through IE (i use firefox), also on another forum someone else was having very similar problemshttp://www.computerhope.com/forum/index.php?topic=107021.0(hope its ok to post link) Gave up until today and followed advice on your 'Read and Run First' thread with following results:

SuperAntispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2010 at 01:53 PM

Application Version : 4.40.1002

Core Rules Database Version : 5177
Trace Rules Database Version: 2989

Scan type : Complete Scan
Total Scan Time : 00:55:56

Memory items scanned : 436
Memory threats detected : 0
Registry items scanned : 9058
Registry threats detected : 0
File items scanned : 28509
File threats detected : 0

Malwarebytes Anti-malware:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4295

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

09/07/2010 14:43:00
mbam-log-2010-07-09 (14-43-00).txt

Scan type: Quick scan
Objects scanned: 150163
Time elapsed: 13 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Combofix:
This was strange, followed everything to the letter, at end of its 50 stages it gave message that it was writing log and then system crashed and rebooted as it reached log in screen it crashed again and then rebooted ok. I logged in and Comodo was active saying - Services.exe was trying to modify windows registry at HKCM\system\controlset001\services\FsUsbExDisk. As i was unsure i blocked this. Tried checking for combofix log but nothing there. If i go into C: Drive Combofix icon is there but double clicking just leads to a window titled Combofix but displaying drives and documents etc.

RootRepeal:
Did not seem to work at all, the following is all i got.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/09 15:40
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------

MGtools:
Ziplog attached.

After doing all this, coming from the speakers there was the sound of a ticking clock that lasted about 10 seconds and was repeated 3x. Now it may be that it was an internet advert as since i have been having this problem i have had a voice telling me how good optrex is for the eyes and something else, no visual just sound:foolish. Hope someone can help, cheers.

 

This is what Bootkit found:


Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 454f8f8f464d74f8b4b6306cbff41597

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...

also now deleted 100.dat

 

Hi TimW,
Will backup work, photos etc and then do as requested, after looking at other threads thought it might be to do with MBR, problem i have is that i am not sure where my OS disk is, pretty confident i have it though.
Due to time this end i will probably do this tomorrow, hope that's ok and thanks for help at the moment.

 

Hi mate,
Did as requested (major squeeky bum timerolleyes). Rebooted and turned off system restore. Comodo started giving a few different warnings (svchost trying to connect, also said it had detected a new private network, not sure if this was because i had xbox hard wired to router). Run getlogs.bat but Comodo again started throwing things up to do with scan, so i switched it off and ran again, log below.

Currently have sound and no pop ups as of yet

 

Things still seem ok and stable. Will work through steps you recommend to ensure ongoing ok-ness.

Just want to say again THANK YOU, for time, support and help. Everything on site and in posts was easy to understand and work-through, i'm keeping fingers crossed thats the end of it, hopefully no other probs will happen but at least i know where to come if they do.

A virtual beverage of your choice is on its way to you - All the best.