Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Windows randomly plays music/audio and what sounds like ads. Virus?

This is a discussion on Windows randomly plays music/audio and what sounds like ads. Virus? within the Inactive Malware Help Topics forums, part of the Tech Support Forum category.


 
 
Thread Tools Search this Thread
Old 07-20-2012, 08:21 AM   #1
Registered Member
 
Join Date: Jul 2012
Posts: 1
OS: windows 7



Greetings,

This morning i logged onto my computer and upon reaching the login screen windows randomly started playing audio. This continues after i login and randomly starts and stops again. I don't have my browser open or anything, it just happends even if i don't click anything.

I've tried running a virus scan but showed up clean (f-secure)

Anyway, here is my info. I hope you can help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by dennis at 15:20:40 on 2012-07-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1043.18.3326.1411 [GMT 2:00]
.
AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Computer Security *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\TEMP\mrt7714.tmp\stdrt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\ps2.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\F-Secure\fshoster32.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\F-Secure\fshoster32.exe
C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 86.62.120.92:8010
uURLSearchHooks: H - No File
BHO: ThreeShips IE Helper: {17fdb9f8-dcc4-4f6a-ae07-b16018a48469} - c:\program files\common files\threeships shared\dll\ThreeShipsIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {7fad48da-1365-6fd3-24e0-213808a87ceb} - c:\windows\system32\psappi.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\apps\onlinesafety\bpp\iescript\BaseLitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\apps\onlinesafety\bpp\iescript\BaseLitmus.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Steam] "d:\spellen\steam\Steam.exe" -silent
uRunOnce: [Index Washer] c:\program files\webroot\washer\WashIdx.exe "dennis"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [F-Secure Hoster (54599)] "c:\program files\f-secure\fshoster32.exe" -app -hosterid:1
mRun: [F-Secure Manager] "c:\program files\f-secure\apps\computersecurity\common\FSM32.EXE" /splash
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\dennis\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://plaza.joulz.nl/InternalSite/WhlCompMgr.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.opentopia.com/support/activex/AxisCamControl.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B9642382-5237-4DAC-A278-8885FDAC23B9} : DhcpNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-7-2 44184]
R0 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys [2008-6-16 185352]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-1-20 16048]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\apps\computersecurity\hips\drivers\fshs.sys [2012-7-2 72976]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-7-2 38024]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-7-2 73640]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\apps\computersecurity\anti-virus\minifilter\fsvista.sys [2012-7-2 14504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 fshoster;F-Secure Dll Hoster;c:\program files\f-secure\fshoster32.exe [2012-6-21 163536]
R2 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\apps\ccf_reputation\fsorsp.exe [2012-3-15 62160]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-10-10 196912]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-7 1262400]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe [2011-10-26 150928]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-4-19 598856]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\apps\computersecurity\anti-virus\minifilter\fsgk.sys [2012-7-2 144592]
R3 fsccsys1341218264;F-Secure Content Control Driver;c:\windows\system32\drivers\fsccsys.sys [2012-7-2 54352]
R3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\drivers\wfmcvad.sys [2010-6-26 19456]
S2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\adbcnsl.exe [2012-7-17 689492]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9d20ba76ac9d7;Google Update Service (gupdate1c9d20ba76ac9d7);c:\program files\google\update\GoogleUpdate.exe [2009-5-11 133104]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-9-24 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-9-24 79360]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2012-7-16 131912]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\downlo~1\DMService.exe [2011-10-26 487312]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-11 133104]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-19 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-19 40552]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-5-29 79888]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 wrssweep;Webroots Volume Access Driver;c:\program files\webroot\washer\wrSSweep.sys [2010-9-4 21832]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-18 08:54:06 -------- d-----w- c:\program files\Image-Line
2012-07-18 08:53:53 1554944 ----a-w- c:\windows\system32\vorbis.acm
2012-07-18 08:51:05 818169 ----a-w- c:\windows\system32\msvfd32.exe
2012-07-18 01:36:03 384 ----a-w- c:\windows\system32\checkOS.bat
2012-07-17 10:31:50 689492 ----a-w- c:\windows\system32\adbcnsl.exe
2012-07-16 21:40:00 -------- d-----w- c:\users\dennis\appdata\roaming\.techniclauncher
2012-07-16 14:31:24 -------- d-----w- c:\program files\common files\Desura
2012-07-16 14:28:58 -------- d-----w- c:\programdata\Desura
2012-07-16 14:28:40 -------- d-----w- c:\users\dennis\Zomboid
2012-07-15 19:21:17 -------- d-----w- c:\users\dennis\appdata\local\Two Worlds II
2012-07-11 02:35:19 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:59:13 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-10 23:59:07 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 23:59:06 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 23:58:59 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 23:58:58 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 23:58:57 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-07 16:44:26 -------- d-----w- c:\users\dennis\appdata\local\TeamSpeak 3 Client
2012-07-07 16:14:56 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-07 16:14:56 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-07 16:14:56 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-07 16:14:56 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-07-07 16:14:56 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-07 16:14:56 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-07 13:39:05 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2012-07-07 13:37:07 -------- d-----w- c:\programdata\Battle.net
2012-07-02 08:37:44 54352 ----a-w- c:\windows\system32\drivers\fsccsys.sys
2012-07-02 08:37:09 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-02 08:36:11 38024 ----a-w- c:\windows\system32\drivers\fses.sys
2012-07-02 08:36:06 73640 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2012-06-29 14:23:34 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8dbbae76-653d-41f1-b5de-41ef7eacd6f7}\mpengine.dll
2012-06-27 09:53:47 -------- d-----w- c:\windows\nl
2012-06-27 09:52:53 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-25 14:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-24 17:22:39 15712 ----a-w- c:\program files\common files\windows live\.cache\f4af029c1cd522d01\MeshBetaRemover.exe
2012-06-24 12:17:11 89944 ----a-w- c:\program files\common files\windows live\.cache\483e16f81cd520302\DSETUP.dll
2012-06-24 12:17:11 537432 ----a-w- c:\program files\common files\windows live\.cache\483e16f81cd520302\DXSETUP.exe
2012-06-24 12:17:11 1801048 ----a-w- c:\program files\common files\windows live\.cache\483e16f81cd520302\dsetup32.dll
2012-06-21 05:01:05 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 05:00:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 05:00:46 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 05:00:46 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-15 08:34:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-15 08:34:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 10:26:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26:00 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:28:50 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 00:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
============= FINISH: 15:21:35.80 ===============
Attached Files
File Type: zip attatch.zip (7.0 KB, 9 views)

__________________
oodle12 is offline  
Old 07-24-2012, 01:38 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,633
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------
Please download aswMBR.exe to your desktop.
  • Double-click aswMBR.exe to run it.
  • When prompted to download the latest Avast! virus definitions, please choose Yes
  • Click the Scan button to start scan.
  • Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
  • Click Save log, and save it to your desktop.
  • Click Exit.
  • Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click Change parameters then under 'Additional options' check the 'Detect TDLFS file system' > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.7.48.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 07-27-2012, 02:18 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,633
OS: XP SP3; Win7 32/64-bit



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:03 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts