Inactive Radio infestation can not stop the noise

Status
Not open for further replies.
Darklingmother

Darklingmother

Posts: 6   +0
I need some help resolving my ghost radio issue. It has gotten so bad that it will start-up even before Windows has completely loaded if I have the internet connection activated. It plays almost constantly and eventually causes a temp memory dump screen to display and the computer to restart. I have a DV4 HP labtop. I have been reviewing feeds for other people having this issue and have tried just about everything posted about this issue on the forum. I am at a loss to make this headache be over so I can get back to normal.
This far I have tried the following things:
Resored back to my furthest restore point
Removed all add on toolbar programs
Removed Safari, Firefox, Itunes and Quicktime
Ran update on my Microsoft Security Essentials
Ran Full system scan with Microsoft Security Essentials
Updated Malware Bytes Anti-Malware
Ran Malware Bytes anti- Malware
Ran windows updates
Got blue dump screen
Entered Safe Mode
Ran Temp File Cleaner by OldTimer v3.1.9.0
Rebooted to normal load
Ran DDS.com
Got blue dump screen
Entered Safe Mode
Ran RegGenie
Ran Windows defender scan
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.05.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Darklingmother :: ALKILYNN [administrator]
9/5/2013 7:13:43 AM
mbam-log-2013-09-05 (07-13-43).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371712
Time elapsed: 1 hour(s), 1 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Darklingmother\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JV97MWUD\7zipfile.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
(end)
 
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional information about the problem:
BCCode: 1e
BCP1: FFFFFFFFC0000005
BCP2: FFFFFA8005CC63EF
BCP3: 0000000000000000
BCP4: 000000007EFA003C
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\090513-22838-01.dmp
C:\Users\Darklingmother\AppData\Local\Temp\WER-47954-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.9.2
Run by Darklingmother at 10:26:27 on 2013-09-05
.
============== Running Processes ================
.
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Darklingmother\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe,
BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [504FBF66C78FEA1359737A766D9784DF3D0C2B82._service_run] "C:\Users\Darklingmother\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\4596D60284F62747F6E6370275966496 : DHCPNameServer = 38.108.87.36 68.67.52.94
TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\461667964616E646C6162756E616D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\8656C6C6F5E6F6 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\86F6D656F5E65647 : DHCPNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\95D43414D275C414E4 : DHCPNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\C41602155796E64716 : DHCPNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{AE977351-4B3E-4006-A0FF-FA03BD63E25E}\C4740265359313030243740264446434 : DHCPNameServer = 198.224.187.135 198.224.186.135
TCP: Interfaces\{C487D366-FF5B-4FFF-93BF-F5B2B1EAB69C} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-09-05 00:16:58 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AF0E917-B31F-4503-96A1-69519DF0CA96}\mpengine.dll
2013-09-04 22:04:24 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-04 22:04:03 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D75A2C6D-5A80-4B20-A63D-5CE3C8FBCD4C}\mpengine.dll
2013-09-04 22:03:00 9515512 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-09-04 22:01:15 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-04 13:49:27 -------- d-----w- C:\Users\Darklingmother\AppData\Local\Microsoft Games
2013-09-03 03:37:34 -------- d-sh--w- C:\found.001
2013-09-03 03:22:18 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06C6CD04-1F1F-4991-9012-0F599B1DBC1D}\gapaengine.dll
2013-08-31 00:30:01 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-08-30 22:49:01 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-30 22:47:52 -------- d-----w- C:\ProgramData\Search Protection
2013-08-30 22:47:50 -------- d-----w- C:\ProgramData\blekko toolbars
2013-08-30 22:47:49 -------- d-----w- C:\Users\Darklingmother\AppData\Local\adawarebp
2013-08-30 22:47:48 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-08-30 22:47:31 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-08-30 22:47:10 -------- d-----w- C:\Program Files (x86)\Lavasoft
2013-08-30 22:26:17 -------- d-----w- C:\Users\Darklingmother\AppData\Roaming\LavasoftStatistics
2013-08-30 22:22:32 -------- d-----w- C:\Users\Darklingmother\AppData\Roaming\Ad-Aware Antivirus
2013-08-26 18:54:47 -------- d-----w- C:\temp
2013-08-15 23:00:44 -------- d-----w- C:\Windows\System32\MRT
2013-08-15 04:30:06 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-15 04:30:05 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-15 04:30:05 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-15 04:30:04 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-15 04:30:03 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-15 04:30:03 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-15 04:30:02 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-15 04:30:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-15 04:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-15 04:28:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-15 04:27:53 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-15 04:27:51 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-15 04:26:50 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-15 04:26:48 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-15 04:26:41 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-15 04:26:41 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-08-15 04:26:37 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-15 04:21:32 -------- d-----w- C:\Users\Darklingmother\AppData\Roaming\Malwarebytes
2013-08-15 04:20:02 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-15 04:19:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-15 04:19:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-12 19:03:12 -------- d-----w- C:\Windows\SysWow64\Extensions
2013-08-12 19:03:11 -------- d-----w- C:\Windows\SysWow64\searchplugins
2013-08-10 19:35:42 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-08-10 19:31:58 -------- d-----w- C:\ProgramData\Symantec
2013-08-10 19:31:45 -------- d-----w- C:\ProgramData\Norton
2013-08-10 19:31:41 -------- d-----w- C:\ProgramData\NortonInstaller
2013-08-10 19:31:41 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-08-10 19:31:34 -------- d-----w- C:\ProgramData\Babylon
.
==================== Find3M ====================
.
2013-08-02 22:58:20 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-17 21:01:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 21:01:06 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 10:33:06.30 ===============
 
I hope I have added enough from the other posted help that you will be able to chase the crazy radio out of my system
 

Attachments

  • attach.txt
    54.6 KB · Views: 0
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Pleas re-read our preliminaries: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

1. All logs have to be pasted not attached.
2. The very first steps requires you have some AV program running. I don't see any.
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back