TechSpot

Radio infestation can not stop the noise

Inactive
By Darklingmother
Sep 5, 2013
  1. I need some help resolving my ghost radio issue. It has gotten so bad that it will start-up even before Windows has completely loaded if I have the internet connection activated. It plays almost constantly and eventually causes a temp memory dump screen to display and the computer to restart. I have a DV4 HP labtop. I have been reviewing feeds for other people having this issue and have tried just about everything posted about this issue on the forum. I am at a loss to make this headache be over so I can get back to normal.
    This far I have tried the following things:
    Resored back to my furthest restore point
    Removed all add on toolbar programs
    Removed Safari, Firefox, Itunes and Quicktime
    Ran update on my Microsoft Security Essentials
    Ran Full system scan with Microsoft Security Essentials
    Updated Malware Bytes Anti-Malware
    Ran Malware Bytes anti- Malware
    Ran windows updates
    Got blue dump screen
    Entered Safe Mode
    Ran Temp File Cleaner by OldTimer v3.1.9.0
    Rebooted to normal load
    Ran DDS.com
    Got blue dump screen
    Entered Safe Mode
    Ran RegGenie
    Ran Windows defender scan
     
  2. Darklingmother

    Darklingmother TS Rookie Topic Starter

    [HJT log removed by Broni]
     
  3. Darklingmother

    Darklingmother TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.09.05.05
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16660
    Darklingmother :: ALKILYNN [administrator]
    9/5/2013 7:13:43 AM
    mbam-log-2013-09-05 (07-13-43).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 371712
    Time elapsed: 1 hour(s), 1 minute(s), 22 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Darklingmother\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JV97MWUD\7zipfile.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    (end)
     
  4. Darklingmother

    Darklingmother TS Rookie Topic Starter

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7601.2.1.0.256.1
    Locale ID: 1033
    Additional information about the problem:
    BCCode: 1e
    BCP1: FFFFFFFFC0000005
    BCP2: FFFFFA8005CC63EF
    BCP3: 0000000000000000
    BCP4: 000000007EFA003C
    OS Version: 6_1_7601
    Service Pack: 1_0
    Product: 256_1
    Files that help describe the problem:
    C:\Windows\Minidump\090513-22838-01.dmp
    C:\Users\Darklingmother\AppData\Local\Temp\WER-47954-0.sysdata.xml
    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
     
  5. Darklingmother

    Darklingmother TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.9.2
    Run by Darklingmother at 10:26:27 on 2013-09-05
    .
    ============== Running Processes ================
    .
    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Users\Darklingmother\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    mWinlogon: Userinit = userinit.exe,
    BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [504FBF66C78FEA1359737A766D9784DF3D0C2B82._service_run] "C:\Users\Darklingmother\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\4596D60284F62747F6E6370275966496 : DHCPNameServer = 38.108.87.36 68.67.52.94
    TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\461667964616E646C6162756E616D27657563747 : DHCPNameServer = 192.168.3.1
    TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\8656C6C6F5E6F6 : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\86F6D656F5E65647 : DHCPNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\95D43414D275C414E4 : DHCPNameServer = 24.92.226.11 24.92.226.12
    TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\C41602155796E64716 : DHCPNameServer = 24.92.226.11 24.92.226.12
    TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\C4740265359313030243740264446434 : DHCPNameServer = 198.224.187.135 198.224.186.135
    TCP: Interfaces\{C487D366-FF5B-4FFF-93BF-F5B2B1EAB69C} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli DPPWDFLT
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2013-09-05 00:16:58 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AF0E917-B31F-4503-96A1-69519DF0CA96}\mpengine.dll
    2013-09-04 22:04:24 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-09-04 22:04:03 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D75A2C6D-5A80-4B20-A63D-5CE3C8FBCD4C}\mpengine.dll
    2013-09-04 22:03:00 9515512 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
    2013-09-04 22:01:15 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-09-04 13:49:27 -------- d-----w- C:\Users\Darklingmother\AppData\Local\Microsoft Games
    2013-09-03 03:37:34 -------- d-sh--w- C:\found.001
    2013-09-03 03:22:18 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06C6CD04-1F1F-4991-9012-0F599B1DBC1D}\gapaengine.dll
    2013-08-31 00:30:01 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
    2013-08-30 22:49:01 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
    2013-08-30 22:47:52 -------- d-----w- C:\ProgramData\Search Protection
    2013-08-30 22:47:50 -------- d-----w- C:\ProgramData\blekko toolbars
    2013-08-30 22:47:49 -------- d-----w- C:\Users\Darklingmother\AppData\Local\adawarebp
    2013-08-30 22:47:48 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2013-08-30 22:47:31 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2013-08-30 22:47:10 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2013-08-30 22:26:17 -------- d-----w- C:\Users\Darklingmother\AppData\Roaming\LavasoftStatistics
    2013-08-30 22:22:32 -------- d-----w- C:\Users\Darklingmother\AppData\Roaming\Ad-Aware Antivirus
    2013-08-26 18:54:47 -------- d-----w- C:\temp
    2013-08-15 23:00:44 -------- d-----w- C:\Windows\System32\MRT
    2013-08-15 04:30:06 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-08-15 04:30:05 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-08-15 04:30:05 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-08-15 04:30:04 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-08-15 04:30:03 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-08-15 04:30:03 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-08-15 04:30:02 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-08-15 04:30:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-08-15 04:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-08-15 04:28:53 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-08-15 04:27:53 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-08-15 04:27:51 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-08-15 04:26:50 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-08-15 04:26:48 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-08-15 04:26:41 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2013-08-15 04:26:41 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll
    2013-08-15 04:26:37 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-08-15 04:21:32 -------- d-----w- C:\Users\Darklingmother\AppData\Roaming\Malwarebytes
    2013-08-15 04:20:02 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-08-15 04:19:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-08-15 04:19:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-08-12 19:03:12 -------- d-----w- C:\Windows\SysWow64\Extensions
    2013-08-12 19:03:11 -------- d-----w- C:\Windows\SysWow64\searchplugins
    2013-08-10 19:35:42 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2013-08-10 19:31:58 -------- d-----w- C:\ProgramData\Symantec
    2013-08-10 19:31:45 -------- d-----w- C:\ProgramData\Norton
    2013-08-10 19:31:41 -------- d-----w- C:\ProgramData\NortonInstaller
    2013-08-10 19:31:41 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2013-08-10 19:31:34 -------- d-----w- C:\ProgramData\Babylon
    .
    ==================== Find3M ====================
    .
    2013-08-02 22:58:20 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-17 21:01:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-17 21:01:06 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    .
    ============= FINISH: 10:33:06.30 ===============
     
  6. Darklingmother

    Darklingmother TS Rookie Topic Starter

    I hope I have added enough from the other posted help that you will be able to chase the crazy radio out of my system
     

    Attached Files:

  7. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Pleas re-read our preliminaries: http://www.techspot.com/community/t...lware-removal-preliminary-instructions.58138/

    1. All logs have to be pasted not attached.
    2. The very first steps requires you have some AV program running. I don't see any.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.