1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

possible trojan virus playing phantom audio! beginner - please help!

Discussion in 'Virus & Other Malware Removal' started by Celori, Jun 14, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    hi there. I've made an account cuz I figure people here could help me. I have a gateway NV54 - bought as a gift for Christmas 2010. I had it reformatted about a year ago.. reinstalled Windows 7. but I don't have a Windows boot disk, I don't think.. so I want to avoid having to bring it in to the shop and pay them to get rid of this

    basically the past couple weeks I've been getting glitched-out "half-time" audio when I'm playing youtube or an mp3.. then eventually it stops and starts playing normally.. now it gets steadily worse... I'm getting frequent "unresponsive script errors" which freeze up my browser - firefox. I disabled youtube2mp3 coverter but still have the problem.. now when i type, for instance in this reply window, it frequently freezes for a while, only to spit out the words I typed 30 seconds later...

    but today the real kicker was.. twice today when I opened my laptop back up, even though I hadn't entered my user password yet to get into windows, audio immediately starts playing from some live improv comedy I don't recognize.. nothing off my hard drive that's for sure.. same one both times..

    girls saying "things that make ..... cry!" then somebody does a rendition of Two Ladies from the movie Cabaret.. but it's is not playing off *any* open browser window.. just a phantom :eek:

    I've had this before a few years ago.. tried to download a Sopranos episode off this "youkku" download site and got flooded with trojans that would blast audio from Japanese infomercials randomly at 4:00 am - even though there was no windows open..this seems to be the same sort of thing.. and the audio glitches sometimes while playing

    sooooo yeah. I followed thee advice from this expired thread: http://forums.techguy.org/virus-other-malware-removal/1027518-help-hearing-ads-no-windows-2.html

    I've just downloaded and run Rogue Killer. but not sure what to do now. here is a screenshot of what it says:

    [​IMG]

    Uploaded with ImageShack.us

    so I am really really clueless about how to find and eliminate a virus... frankly my solution has always been to reformat myself or get someone else to reformat it for me.. so I would love to know a way to get rid of this trojan without having to reformat

    thanks in advance! :cool:
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Celori and welcome to TSG. My name is Mark and I will be helping you.

    I would like to see the full report from RogueKiller so I can see what it has found, follow the instructions below to run another scan and post the report (Obviously you do not need to download the program again).

    Please also follow the instructions for Malwarebytes and DDS and post the logs from them.

    STEP 1
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]
    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished ...
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete.Copy/paste the content of the report and paste to next reply....
    [​IMG]

    STEP 2
    Please download Malwarebytes Anti-Malware [​IMG] and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
    • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Double click on the Malwarebytes icon on your desktop to launch the program
    • Under the Scanner tab, make sure the Perform Quick Scan option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

    NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

    STEP 3
    We need to see some additional information about what is happening in your machine.
    Please download DDS by sUBs from one of the following links and save it to your desktop.`
    DDS is a specialized tool that produces a Psuedo HijackThis Report (a scaled down and simplified version of 'HJT lines') that provides the same + more information in a condensed format.
    NOTE If your Anti Virus attempts to block the download please disable it following the instructions at the end of this guide.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • When done, DDS will open two (2) logs.
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    • The instruction here asks you to attach the Attach.txt.
      [​IMG]
    • Instead of attaching, please copy & paste both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE
     
  3. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    hi Mark. thanks very much for your help. I have a question. I already have Malwarebytes installed for a few months. should i uninstall and reinstall as instructed?

    thanks
     
  4. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome.

    There should be no need to re-install Malwarebytes as long as it runs without any problem. Just be sure to allow it to install the latest updates soon after it starts to run.
     
  5. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    ok first, here is the Rogue Killer report... I'm now gonna do the Malwarebytes report right after I post this

    RogueKiller V7.5.4 [06/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Owner [Admin rights]
    Mode: Scan -- Date: 06/15/2012 12:06:35

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 3 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] 3120b9c25339ec79a63b4fcbc84d91df
    [BSP] 6764997106c463414aee50ec75fb1e47 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
     
  6. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    malwarebytes log

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.15.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Owner :: OWNER-PC [administrator]

    Protection: Enabled

    6/15/2012 12:11:40 PM
    mbam-log-2012-06-15 (12-11-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221754
    Time elapsed: 6 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Nothing found so far, just need you DDS log.
     
  8. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    I also have the attack log. do you need that too?

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by Owner at 12:50:48 on 2012-06-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4025.2563 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Native Instruments\Audio 8 DJ Driver\a8djcpl.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Owner\Desktop\RogueKiller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv54_series&r=27360711n2b6l03g0z105a4801u48q
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv54_series&r=27360711n2b6l03g0z105a4801u48q
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv54_series&r=27360711n2b6l03g0z105a4801u48q
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Native Instruments Audio 8 DJ Control Panel] "C:\Program Files\Native Instruments\Audio 8 DJ Driver\a8djcpl.exe"
    uRun: [AdobeBridge]
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
    TCP: Interfaces\{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0} : DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
    TCP: Interfaces\{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0}\34F666665656023457C6475727560214E6361637475627 : DhcpNameServer = 192.168.24.1
    TCP: Interfaces\{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0}\755637474616C6560234166656 : DhcpNameServer = 192.168.42.1
    TCP: Interfaces\{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0}\7627F6B63707F64737D27796C6C69616D637 : DhcpNameServer = 208.67.220.220 208.67.222.222
    TCP: Interfaces\{08E9CD3C-D056-492F-900D-ABB04F049EFC} : NameServer = 208.67.220.220
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4js8lcwo.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be0cfe535-ba7c-4b71-9ca5-9bc1a51ea054%7D&mid=e700cd0ed94a47d1ba5209b5c30dc165-35a6b9d12ed51aeeeabbc6093bf802fd2bd922f1&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-09-25%2001%3A32%3A02&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-7-25 844320]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
    R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-7 136176]
    S3 a8djavs_x64;a8djavs_x64;C:\Windows\system32\Drivers\a8djavs_x64.sys --> C:\Windows\system32\Drivers\a8djavs_x64.sys [?]
    S3 a8djusb_svc;Audio 8 DJ;C:\Windows\system32\Drivers\a8djusb.sys --> C:\Windows\system32\Drivers\a8djusb.sys [?]
    S3 a8djusb_x64;a8djusb_x64;C:\Windows\system32\Drivers\a8djusb_x64.sys --> C:\Windows\system32\Drivers\a8djusb_x64.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257224]
    S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-7 136176]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 rspAux;rspAux;C:\Windows\system32\DRIVERS\rspAux64.sys --> C:\Windows\system32\DRIVERS\rspAux64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-14 04:30:50 -------- d-----w- C:\Users\Owner\AppData\Local\AVG Secure Search
    2012-06-14 04:21:06 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
    2012-06-13 22:12:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-13 22:12:59 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 22:12:58 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 22:12:57 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-13 22:12:56 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 22:12:55 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 22:12:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-13 22:12:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-13 22:12:33 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-13 22:12:32 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-13 22:12:32 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 22:12:32 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-13 22:12:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-12 22:26:18 -------- dc-h--w- C:\ProgramData\{E23D64C2-F5F0-49F9-B45C-206F22FEEDA9}
    2012-06-06 18:29:03 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-06 18:29:03 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-06 04:38:29 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
    2012-06-06 04:38:00 -------- d--h--w- C:\Users\Owner\InstallAnywhere
    .
    ==================== Find3M ====================
    .
    2012-06-14 04:16:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-14 04:16:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-04 18:25:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    .
    ============= FINISH: 12:51:35.69 ===============
     
  9. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Yes please.
     
  10. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/25/2011 6:24:48 PM
    System Uptime: 6/14/2012 6:24:05 PM (18 hours ago)
    .
    Motherboard: Gateway | | SJV50MV
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 291.576 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}
    Description: HDAUDIO Soft Data Fax Modem with SmartCP
    Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250093&REV_1000\4&354C3E6&0&0102
    Manufacturer: CXT
    Name: HDAUDIO Soft Data Fax Modem with SmartCP
    PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250093&REV_1000\4&354C3E6&0&0102
    Service: Modem
    .
    Class GUID: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
    Description: Microsoft AC Adapter
    Device ID: ACPI\ACPI0003\5&AD80B16&0
    Manufacturer: Microsoft
    Name: Microsoft AC Adapter
    PNP Device ID: ACPI\ACPI0003\5&AD80B16&0
    Service: CmBatt
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02071025&REV_10\4&21BC5EAE&0&00E0
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02071025&REV_10\4&21BC5EAE&0&00E0
    Service: k57nd60a
    .
    Class GUID: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
    Description: Microsoft ACPI-Compliant Control Method Battery
    Device ID: ACPI\PNP0C0A\1
    Manufacturer: Microsoft
    Name: Microsoft ACPI-Compliant Control Method Battery
    PNP Device ID: ACPI\PNP0C0A\1
    Service: CmBatt
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7585H_________________KX04____\4&1F2E3F97&0&0.1.0
    Manufacturer: (Standard CD-ROM drives)
    Name: Optiarc DVD RW AD-7585H
    PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7585H_________________KX04____\4&1F2E3F97&0&0.1.0
    Service: cdrom
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) High Definition Audio HDMI
    Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000\4&354C3E6&0&0301
    Manufacturer: Intel(R) Corporation
    Name: Intel(R) High Definition Audio HDMI
    PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000\4&354C3E6&0&0301
    Service: IntcHdmiAddService
    .
    ==== System Restore Points ===================
    .
    RP166: 6/6/2012 3:11:09 AM - Scheduled Checkpoint
    RP167: 6/13/2012 5:51:02 PM - Scheduled Checkpoint
    RP168: 6/14/2012 12:10:14 AM - Windows Update
    RP169: 6/14/2012 7:53:33 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS5.1
    Adobe Reader 9.5.1 MUI
    AIM 7
    Any Video Converter 3.2.7
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    Atheros Driver Installation Program
    Audacity 1.3.13 (Unicode)
    AVG Security Toolbar
    Compatibility Pack for the 2007 Office system
    CyberLink Power2Go
    CyberLink PowerDVD 8
    Download Updater (AOL LLC)
    FlashFXP v4.1
    Gateway InfoCentre
    Gateway Power Management
    Gateway Recovery Management
    GIMP 2.6.12-2
    Google Gmail Notifier
    Google Toolbar for Internet Explorer
    Google Update Helper
    Identity Card
    Intel(R) Solid-State Drive Toolbox
    iZotope Ozone 4
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 31
    Junk Mail filter update
    LAME v3.98.3 for Audacity
    Launch Manager
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT Redists
    Native Instruments Audio 8 DJ
    Native Instruments Audio 8 DJ Driver
    Native Instruments Controller Editor
    Native Instruments Service Center
    Native Instruments Traktor
    Noise Reduction Plug-in 2.0i
    OpenOffice.org 3.3
    Opera 11.62
    PDF Settings CS5
    Picasa 3
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Sound Forge Pro 10.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Video Web Camera
    Visual Studio 2008 x64 Redistributables
    VLC media player 2.0.1
    Vuze
    Winamp
    Winamp Detector Plug-in
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Movie Maker 2.6
    WinRAR 4.01 (32-bit)
    WinZip 15.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/14/2012 8:11:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    6/13/2012 9:31:20 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00-16-36-4E-4D-F9. Network operations on this system may be disrupted as a result.
    6/13/2012 6:41:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
    6/11/2012 9:58:10 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{05DFA392-2AF7-4D87-AE72-1890E6C6D8C0}. The master browser is stopping or an election is being forced.
    6/11/2012 5:27:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    6/11/2012 10:12:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================
     
  11. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    oops it says I should zip it up and attach it. I'll figure out how to do that now
     
  12. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    weird. I had the file created by that DDs things. It was called ATTACH - NOTEPAD. but I can't find it or the other DDS file anywhere when I search for it
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    No need to do that the DDS instructions actually tell you to copy and paste it as you have done.



    I'm just reveiwing the logs so will post again soon.
     
  14. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi, some further scanning is required.


    Please download aswMBR.exe and save it to your Desktop.
    • Double click on aswMBR.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Scan button to start scan. [​IMG]
    • On completion of the scan, click the Save log button and save it to your Desktop.[​IMG]
    • Do not select any Fix options at this time.
    • Copy and paste the contents of that log in your next reply.

    NOTE: You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.
    • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
    • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
    • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
    • When done, click on the Close this window button at the bottom of the page.
    • Enter your message-text in the message box, then click on Submit Message/Reply.
     
  15. Celori

    Celori Thread Starter

    Joined:
    Jun 14, 2012
    Messages:
    9
    avast scan: I had some firefox windows open plus a movie paused in VLC - hope that doesnt affect it too much if noot I can do it again

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-16 21:35:24
    -----------------------------
    21:35:24.590 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:35:24.590 Number of processors: 2 586 0x170A
    21:35:24.595 ComputerName: OWNER-PC UserName: Owner
    21:35:26.540 Initialize success
    21:35:33.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:35:33.055 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
    21:35:33.065 Disk 0 MBR read successfully
    21:35:33.070 Disk 0 MBR scan
    21:35:33.070 Disk 0 Windows VISTA default MBR code
    21:35:33.080 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
    21:35:33.090 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
    21:35:33.105 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464838 MB offset 24782848
    21:35:33.135 Disk 0 scanning C:\Windows\system32\drivers
    21:35:42.155 Service scanning
    21:36:02.875 Modules scanning
    21:36:02.880 Disk 0 trace - called modules:
    21:36:02.945 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    21:36:02.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005779060]
    21:36:02.955 3 CLASSPNP.SYS[fffff88001b9643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045f8050]
    21:36:02.965 Scan finished successfully
    21:36:13.285 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\EMERGENCY REMOVAL\MBR.dat"
    21:36:13.295 The log file has been saved successfully to "C:\Users\Owner\Desktop\EMERGENCY REMOVAL\aswMBR.txt"


    and I've attached the zipped MBR.DAT file
     

    Attached Files:

    • MBR.zip
      File size:
      598 bytes
      Views:
      1
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1057105