Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

commercial audio playing in background


  • Please log in to reply
17 replies to this topic

#1 Meckta

Meckta

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 November 2012 - 09:22 AM

I am working on a friends computer that is having 2 main issues. The desktop icons don't seem to be working but if I go to the start menu I can open programs and folders. The other issue is that it randomly plays commercial audio when sitting idle or doing anything else on the computer. I have run scan disk, defrag, avg scan, and malware bytes. Both problems persist. I have seen other topics on this using combofix but on that page it says wait til one of you guys tell me to run it before I do. So now I am just waiting for your advice and help. Thank you.

Edited by hamluis, 14 November 2012 - 09:26 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 14 November 2012 - 09:24 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Meckta

Meckta
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 November 2012 - 09:53 AM

Ok, so I downloaded all 3 programs but I was trying to do them in order. For some reason the computer does not want to start program files. If I watch the task manager I can see the process start up for both tds and asw but then they just shut back down. I did not try the 3rd one yet. Should I try in safe mode?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 14 November 2012 - 09:55 AM

Yes

#5 Meckta

Meckta
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 November 2012 - 10:04 AM

Hmm, next step?? Even in safe mode it doesn't want to start the programs.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 14 November 2012 - 10:06 AM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

#7 Meckta

Meckta
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 November 2012 - 10:20 AM

Good news lol, that one ran.

Wasnt sure how to post the log so here it is:


ListParts by Farbar Version: 30-10-2012
Ran by Owner (administrator) on 14-11-2012 at 09:11:55
Windows Vista (X86)
Running From: C:\Users\Owner\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3069.45 MB
Available physical RAM: 2632.3 MB
Total Pagefile: 6339.93 MB
Available Pagefile: 6103.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.73 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:350.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive c: detected. Check for MBR/Partition infection.
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.82 GB) NTFS
8 Drive j: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 250 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 456 GB 10 GB
Partition 4 Primary 1040 KB 466 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 456 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 250 MB 212 KB

======================================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT Removable 250 MB Healthy

======================================================================================================
The boot configuration data store could not be opened.
The system cannot find the file specified.


****** End Of Log ******

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 14 November 2012 - 11:15 AM

Restart the PC

Press F8 on bootup

Select REPAIR YOUR COMPUTER

Click on REPAIR

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Can you get to this screen?

If yes

Select command prompt and run these commands

diskpart
select disk 0
select partition 3
active


Now restart the PC and run TDSSkiller ,ASWMBR,post the logs

#9 Meckta

Meckta
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 November 2012 - 11:45 AM

Well, not sure what to do, did that and it comes to a screen saying other user. When i click that it wants a user and pass that apparently I am unaware of. Are there any defaults that dell is known to use on their pcs? or am I just gonna have to find a way to format it?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 14 November 2012 - 12:57 PM

Restart the PC and run the tools mentioned in initial post.

Edited by narenxp, 14 November 2012 - 04:33 PM.


#11 Meckta

Meckta
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 November 2012 - 04:30 PM

here are the logs. I posted them on pastebin.

TDSS report: http://pastebin.com/KVeUwkxs

ASW Report: http://pastebin.com/GcJRhMP0

ESET Report: http://pastebin.com/5UCFAENx

Thank you for the help so far. Also, after we started this process but before I managed to get any of the software to work, the computer on windows startup came up with the FBI Moneypak screen. This had not happened before but of course that is another thing needing fixed lol. I ran all programs in Safe Mode with networking to get the reports.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 14 November 2012 - 04:35 PM

You should be able to boot into normal mode now

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#13 Meckta

Meckta
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 15 November 2012 - 09:38 AM

Malware report: http://pastebin.com/uLg9A0Q8

Minibox report: http://pastebin.com/3nPs6CWi

Farbar report: http://pastebin.com/6Sypakpr

Adware report: http://pastebin.com/6BHx6TCX

Junkware report: http://pastebin.com/mdn2s8q1

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:11 AM

Posted 15 November 2012 - 09:56 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#15 Meckta

Meckta
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 15 November 2012 - 11:41 AM

Rkill report: http://pastebin.com/RPa5NBtU

Autoruns report: http://pastebin.com/kbBkqebh




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users