I think I have a random sound virus - help?!

Inactive
By sadpolkadots
Dec 19, 2012
  1. Hi! My computer has recently been making loud, unbearable noises (the same noise each time) every minute or so. I followed the instructions in the malware forum and I here are the reports I got (I attached them long ones and copied and pasted the short ones).
    I'd be so thankful if anyone could help!!

    1:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/29/2012 7:23:40 PM
    System Uptime: 12/19/2012 2:20:48 PM (1 hours ago)
    .
    Motherboard: LENOVO | | Lenovo
    Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz | CPU Socket - U3E1 | 792/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 886 GiB total, 697.54 GiB free.
    D: is FIXED (NTFS) - 25 GiB total, 21.549 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP33: 11/19/2012 10:18:44 PM - Windows Update
    RP34: 11/23/2012 7:44:14 PM - Windows Update
    RP35: 11/27/2012 9:35:06 PM - Windows Update
    RP36: 11/29/2012 7:58:35 PM - Installed Java 7 Update 9
    RP37: 11/30/2012 9:37:59 AM - Windows Update
    RP38: 12/3/2012 6:44:43 PM - Windows Update
    RP39: 12/5/2012 3:44:20 PM - Windows Update
    RP40: 12/8/2012 5:04:03 PM - Windows Update
    RP41: 12/12/2012 12:12:50 AM - Windows Update
    RP42: 12/17/2012 2:14:58 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Absolute Reminder
    Adobe Reader X (10.1.4)
    Akamai NetSession Interface
    Alcor Micro USB Card Reader
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    BootShield
    Cisco WebEx Meetings
    Conexant HD Audio
    Coupon Printer for Windows
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dolby Home Theater v4
    Dropbox
    Energy Management
    F.lux
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel PROSet Wireless
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel(R) WiDi
    Intel(R) Wireless Display
    Intel(R) Wireless Music device driver
    Intel® PROSet/Wireless WiFi Software
    Intel® Trusted Connect Service Client
    Intelligent Touchpad
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Junk Mail filter update
    Lenovo CAPOSD
    Lenovo EasyCamera
    Lenovo EE Boot Optimizer
    Lenovo OneKey Recovery
    Lenovo Registration
    Lenovo Smart Update
    Lenovo Welcome
    Lenovo YouCam
    LenovoDrv_x64
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Control Panel 295.93
    NVIDIA Graphics Driver 295.93
    NVIDIA Install Application
    NVIDIA Optimus 1.7.12
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.1111
    NVIDIA Update 1.7.12
    NVIDIA Update Components
    ooVoo
    Pharos
    Picasa 3
    Realtek Ethernet Controller All-In-One Windows Driver
    RegRun Reanimator
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skype™ 5.10
    SugarSync Manager
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    UserGuide
    VeriFace
    VLC media player 2.0.3
    Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1)
    Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/19/2012 6:40:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
    12/19/2012 6:40:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    12/17/2012 4:14:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.1793.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/17/2012 4:07:40 PM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.
    12/17/2012 4:05:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cron Service for Prey service to connect.
    12/17/2012 4:05:15 PM, Error: Service Control Manager [7000] - The Cron Service for Prey service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/17/2012 2:25:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.1793.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/17/2012 11:05:15 PM, Error: NetBT [4321] - The name "PRIYANKA-PC :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
    12/17/2012 10:37:01 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1DF02DFC-05F2-4130-A512-CB06E02EFCF6} because another computer on the network has the same name. The server could not start.
    12/17/2012 10:37:01 PM, Error: NetBT [4321] - The name "PRIYANKA-PC :20" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================

    Attached Files:

  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. sadpolkadots

    sadpolkadots Newcomer, in training Topic Starter

    Hi! Thanks for the help :)

    Just a quick question - the random noises have stopped. Does that mean that the virus is gone now? I ran Avast and restarted my computer a few times, so maybe my computer is clean now?

    Or could this be some kind of trick that the virus is playing on me?

    Thanks!
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go ahead and run a few scans and we can make sure. :)
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Were you able to do that?
  6. sadpolkadots

    sadpolkadots Newcomer, in training Topic Starter

    Hello!

    Sorry for the late response - Christmas is crazy around here.

    The first 3 logs are included in my first post - or do you need more updated versions?

    Here are the results from the Adw cleaner:
    # AdwCleaner v2.103 - Logfile created 12/26/2012 at 10:06:57
    # Updated 25/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Priyanka - PRIYANKA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Priyanka\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\Partner

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Priyanka\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.13] : homepage = "hxxp://www.ask.com/?l=dis&o=15430cr",
    Deleted [l.2269] : homepage = "hxxp://www.ask.com/?l=dis&o=15430cr",

    *************************

    AdwCleaner[S1].txt - [1151 octets] - [26/12/2012 10:06:57]

    ########## EOF - C:\AdwCleaner[S1].txt - [1211 octets] ##########
    How does it look?
    Thanks in advance!!
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  8. sadpolkadots

    sadpolkadots Newcomer, in training Topic Starter

    Just wondering - why are so many scans and logs required?
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    All of the info posted is to help reveal malware entry points so we can find and target the malware. Sometimes logs cannot properly help diagnose the issue. Eventually, malware finds ways to get around our scanners.

    If we did not use our scanners, and instead used third party products, we could not get enough info to make sure we can help to defeat the issue.

    For example, whenever rootkit scanners, and antivirus software scan for a rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

    Problem is, you could try to replace every file on the system, but still the rootkit will show its face. That is a primary problem we have in detecting malware. So, these scanners are engineered by our staff, and corresponding staff to help bypass malware, and fully detect it.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.