Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

possible trojan virus playing phantom audio! beginner - please help!

(In Progress)
(!)

Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
14-Jun-2012, 05:40 PM #1
possible trojan virus playing phantom audio! beginner - please help!
hi there. I've made an account cuz I figure people here could help me. I have a gateway NV54 - bought as a gift for Christmas 2010. I had it reformatted about a year ago.. reinstalled Windows 7. but I don't have a Windows boot disk, I don't think.. so I want to avoid having to bring it in to the shop and pay them to get rid of this

basically the past couple weeks I've been getting glitched-out "half-time" audio when I'm playing youtube or an mp3.. then eventually it stops and starts playing normally.. now it gets steadily worse... I'm getting frequent "unresponsive script errors" which freeze up my browser - firefox. I disabled youtube2mp3 coverter but still have the problem.. now when i type, for instance in this reply window, it frequently freezes for a while, only to spit out the words I typed 30 seconds later...

but today the real kicker was.. twice today when I opened my laptop back up, even though I hadn't entered my user password yet to get into windows, audio immediately starts playing from some live improv comedy I don't recognize.. nothing off my hard drive that's for sure.. same one both times..

girls saying "things that make ..... cry!" then somebody does a rendition of Two Ladies from the movie Cabaret.. but it's is not playing off *any* open browser window.. just a phantom

I've had this before a few years ago.. tried to download a Sopranos episode off this "youkku" download site and got flooded with trojans that would blast audio from Japanese infomercials randomly at 4:00 am - even though there was no windows open..this seems to be the same sort of thing.. and the audio glitches sometimes while playing

sooooo yeah. I followed thee advice from this expired thread: http://forums.techguy.org/virus-othe...windows-2.html

I've just downloaded and run Rogue Killer. but not sure what to do now. here is a screenshot of what it says:



Uploaded with ImageShack.us

so I am really really clueless about how to find and eliminate a virus... frankly my solution has always been to reformat myself or get someone else to reformat it for me.. so I would love to know a way to get rid of this trojan without having to reformat

thanks in advance!
Mark1956's Avatar
Malware Removal Specialist with 14,055 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Jun-2012, 08:57 AM #2
Hi Celori and welcome to TSG. My name is Mark and I will be helping you.

I would like to see the full report from RogueKiller so I can see what it has found, follow the instructions below to run another scan and post the report (Obviously you do not need to download the program again).

Please also follow the instructions for Malwarebytes and DDS and post the logs from them.

STEP 1
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:
  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete.Copy/paste the content of the report and paste to next reply....


STEP 2
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Double click on the Malwarebytes icon on your desktop to launch the program
  • Under the Scanner tab, make sure the Perform Quick Scan option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

STEP 3
We need to see some additional information about what is happening in your machine.
Please download DDS by sUBs from one of the following links and save it to your desktop.`
DDS is a specialized tool that produces a Psuedo HijackThis Report (a scaled down and simplified version of 'HJT lines') that provides the same + more information in a condensed format.NOTE If your Anti Virus attempts to block the download please disable it following the instructions at the end of this guide.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs.
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instruction here asks you to attach the Attach.txt.
  • Instead of attaching, please copy & paste both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
15-Jun-2012, 09:51 AM #3
hi Mark. thanks very much for your help. I have a question. I already have Malwarebytes installed for a few months. should i uninstall and reinstall as instructed?

thanks
Mark1956's Avatar
Malware Removal Specialist with 14,055 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Jun-2012, 11:17 AM #4
You're welcome.

There should be no need to re-install Malwarebytes as long as it runs without any problem. Just be sure to allow it to install the latest updates soon after it starts to run.
Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
15-Jun-2012, 12:09 PM #5
ok first, here is the Rogue Killer report... I'm now gonna do the Malwarebytes report right after I post this

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 06/15/2012 12:06:35

Bad processes: 0

Registry Entries: 3
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 3120b9c25339ec79a63b4fcbc84d91df
[BSP] 6764997106c463414aee50ec75fb1e47 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
15-Jun-2012, 12:28 PM #6
malwarebytes log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Owner :: OWNER-PC [administrator]

Protection: Enabled

6/15/2012 12:11:40 PM
mbam-log-2012-06-15 (12-11-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221754
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Mark1956's Avatar
Malware Removal Specialist with 14,055 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Jun-2012, 12:39 PM #7
Nothing found so far, just need you DDS log.
Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
15-Jun-2012, 12:58 PM #8
I also have the attack log. do you need that too?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Owner at 12:50:48 on 2012-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4025.2563 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Native Instruments\Audio 8 DJ Driver\a8djcpl.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Users\Owner\Desktop\RogueKiller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv54_series&r=27360711n2b6l03g0z105a4801u48q
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv54_series&r=27360711n2b6l03g0z105a4801u48q
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv54_series&r=27360711n2b6l03g0z105a4801u48q
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Native Instruments Audio 8 DJ Control Panel] "C:\Program Files\Native Instruments\Audio 8 DJ Driver\a8djcpl.exe"
uRun: [AdobeBridge]
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\O PENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
TCP: Interfaces\{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0} : DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
TCP: Interfaces\{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0}\34F666665656023457C6475727560214E6361637475627 : DhcpNameServer = 192.168.24.1
TCP: Interfaces\{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0}\755637474616C6560234166656 : DhcpNameServer = 192.168.42.1
TCP: Interfaces\{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0}\7627F6B63707F64737D27796C6C69616D637 : DhcpNameServer = 208.67.220.220 208.67.222.222
TCP: Interfaces\{08E9CD3C-D056-492F-900D-ABB04F049EFC} : NameServer = 208.67.220.220
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4js8lcwo.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be0cfe535-ba7c-4b71-9ca5-9bc1a51ea054%7D&mid=e700cd0ed94a47d1ba5209b5c30dc165-35a6b9d12ed51aeeeabbc6093bf802fd2bd922f1&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr& d=2011-09-25%2001%3A32%3A02&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-7-25 844320]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-7 136176]
S3 a8djavs_x64;a8djavs_x64;C:\Windows\system32\Drivers\a8djavs_x64.sys --> C:\Windows\system32\Drivers\a8djavs_x64.sys [?]
S3 a8djusb_svc;Audio 8 DJ;C:\Windows\system32\Drivers\a8djusb.sys --> C:\Windows\system32\Drivers\a8djusb.sys [?]
S3 a8djusb_x64;a8djusb_x64;C:\Windows\system32\Drivers\a8djusb_x64.sys --> C:\Windows\system32\Drivers\a8djusb_x64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257224]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-7 136176]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 rspAux;rspAux;C:\Windows\system32\DRIVERS\rspAux64.sys --> C:\Windows\system32\DRIVERS\rspAux64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-14 04:30:50 -------- d-----w- C:\Users\Owner\AppData\Local\AVG Secure Search
2012-06-14 04:21:06 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2012-06-13 22:12:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 22:12:59 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 22:12:58 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 22:12:57 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 22:12:56 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 22:12:55 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 22:12:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 22:12:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 22:12:33 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 22:12:32 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 22:12:32 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 22:12:32 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 22:12:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 22:26:18 -------- dc-h--w- C:\ProgramData\{E23D64C2-F5F0-49F9-B45C-206F22FEEDA9}
2012-06-06 18:29:03 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 18:29:03 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 04:38:29 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2012-06-06 04:38:00 -------- d--h--w- C:\Users\Owner\InstallAnywhere
.
==================== Find3M ====================
.
2012-06-14 04:16:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 04:16:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 18:25:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 12:51:35.69 ===============
Mark1956's Avatar
Malware Removal Specialist with 14,055 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Jun-2012, 01:11 PM #9
Quote:
I also have the attack log. do you need that too?
Yes please.
Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
15-Jun-2012, 01:40 PM #10
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/25/2011 6:24:48 PM
System Uptime: 6/14/2012 6:24:05 PM (18 hours ago)
.
Motherboard: Gateway | | SJV50MV
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 291.576 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}
Description: HDAUDIO Soft Data Fax Modem with SmartCP
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250093&REV_1000\4&354C3E6&0&0102
Manufacturer: CXT
Name: HDAUDIO Soft Data Fax Modem with SmartCP
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250093&REV_1000\4&354C3E6&0&0102
Service: Modem
.
Class GUID: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Description: Microsoft AC Adapter
Device ID: ACPI\ACPI0003\5&AD80B16&0
Manufacturer: Microsoft
Name: Microsoft AC Adapter
PNP Device ID: ACPI\ACPI0003\5&AD80B16&0
Service: CmBatt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02071025&REV_10\4&21BC5EAE&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02071025&REV_10\4&21BC5EAE&0&00E0
Service: k57nd60a
.
Class GUID: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Description: Microsoft ACPI-Compliant Control Method Battery
Device ID: ACPI\PNP0C0A\1
Manufacturer: Microsoft
Name: Microsoft ACPI-Compliant Control Method Battery
PNP Device ID: ACPI\PNP0C0A\1
Service: CmBatt
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7585H_________________KX04____\4&1F2E3F97&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: Optiarc DVD RW AD-7585H
PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7585H_________________KX04____\4&1F2E3F97&0&0.1.0
Service: cdrom
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Intel(R) High Definition Audio HDMI
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000\4&354C3E6&0&0301
Manufacturer: Intel(R) Corporation
Name: Intel(R) High Definition Audio HDMI
PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000\4&354C3E6&0&0301
Service: IntcHdmiAddService
.
==== System Restore Points ===================
.
RP166: 6/6/2012 3:11:09 AM - Scheduled Checkpoint
RP167: 6/13/2012 5:51:02 PM - Scheduled Checkpoint
RP168: 6/14/2012 12:10:14 AM - Windows Update
RP169: 6/14/2012 7:53:33 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 9.5.1 MUI
AIM 7
Any Video Converter 3.2.7
Apple Application Support
Apple Software Update
ASIO4ALL
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
AVG Security Toolbar
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink PowerDVD 8
Download Updater (AOL LLC)
FlashFXP v4.1
Gateway InfoCentre
Gateway Power Management
Gateway Recovery Management
GIMP 2.6.12-2
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
Intel(R) Solid-State Drive Toolbox
iZotope Ozone 4
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
Junk Mail filter update
LAME v3.98.3 for Audacity
Launch Manager
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
Native Instruments Audio 8 DJ
Native Instruments Audio 8 DJ Driver
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor
Noise Reduction Plug-in 2.0i
OpenOffice.org 3.3
Opera 11.62
PDF Settings CS5
Picasa 3
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sound Forge Pro 10.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Web Camera
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Vuze
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
WinRAR 4.01 (32-bit)
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
6/14/2012 8:11:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/13/2012 9:31:20 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00-16-36-4E-4D-F9. Network operations on this system may be disrupted as a result.
6/13/2012 6:41:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
6/11/2012 9:58:10 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0}. The master browser is stopping or an election is being forced.
6/11/2012 5:27:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
6/11/2012 10:12:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
15-Jun-2012, 01:41 PM #11
oops it says I should zip it up and attach it. I'll figure out how to do that now
Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
15-Jun-2012, 01:54 PM #12
weird. I had the file created by that DDs things. It was called ATTACH - NOTEPAD. but I can't find it or the other DDS file anywhere when I search for it
Mark1956's Avatar
Malware Removal Specialist with 14,055 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Jun-2012, 02:01 PM #13
No need to do that the DDS instructions actually tell you to copy and paste it as you have done.

Quote:
Instead of attaching, please copy & paste both logs into your next reply.


I'm just reveiwing the logs so will post again soon.
Mark1956's Avatar
Malware Removal Specialist with 14,055 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Jun-2012, 02:40 PM #14
Hi, some further scanning is required.


Please download aswMBR.exe and save it to your Desktop.
  • Double click on aswMBR.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Scan button to start scan.
  • On completion of the scan, click the Save log button and save it to your Desktop.
  • Do not select any Fix options at this time.
  • Copy and paste the contents of that log in your next reply.

NOTE: You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.
  • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
  • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
  • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
  • When done, click on the Close this window button at the bottom of the page.
  • Enter your message-text in the message box, then click on Submit Message/Reply.
Celori's Avatar
Celori Celori is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
16-Jun-2012, 09:41 PM #15
avast scan: I had some firefox windows open plus a movie paused in VLC - hope that doesnt affect it too much if noot I can do it again

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-16 21:35:24
-----------------------------
21:35:24.590 OS Version: Windows x64 6.1.7601 Service Pack 1
21:35:24.590 Number of processors: 2 586 0x170A
21:35:24.595 ComputerName: OWNER-PC UserName: Owner
21:35:26.540 Initialize success
21:35:33.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:35:33.055 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
21:35:33.065 Disk 0 MBR read successfully
21:35:33.070 Disk 0 MBR scan
21:35:33.070 Disk 0 Windows VISTA default MBR code
21:35:33.080 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
21:35:33.090 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
21:35:33.105 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464838 MB offset 24782848
21:35:33.135 Disk 0 scanning C:\Windows\system32\drivers
21:35:42.155 Service scanning
21:36:02.875 Modules scanning
21:36:02.880 Disk 0 trace - called modules:
21:36:02.945 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:36:02.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005779060]
21:36:02.955 3 CLASSPNP.SYS[fffff88001b9643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045f8050]
21:36:02.965 Scan finished successfully
21:36:13.285 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\EMERGENCY REMOVAL\MBR.dat"
21:36:13.295 The log file has been saved successfully to "C:\Users\Owner\Desktop\EMERGENCY REMOVAL\aswMBR.txt"


and I've attached the zipped MBR.DAT file
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑