Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #16  
Old March 8th, 2014, 04:11 AM
SageWinard SageWinard is offline
Senior Member
 
Join Date: Aug 2010
Posts: 183
Also, I just got on the laptop, and I guess there is some audio playing from an unknown location. I don't know how to explain it, but there are no background programs running, i go into task manager and don't see anything, and it's just bits of broken sound, like kids at the park, ford commercials, and even the fatality flawless victory clip from mortal combat. Kinda creepy.
Reply With Quote


  #17  
Old March 8th, 2014, 04:15 AM
SageWinard SageWinard is offline
Senior Member
 
Join Date: Aug 2010
Posts: 183
yes, there are advertisments running in the background, it sounds like someone playing mortal combat, breathing into a microphone, and ford and need for speed film advertisments. Nothing is open, its weird.
Reply With Quote
  #18  
Old March 8th, 2014, 04:25 AM
SageWinard SageWinard is offline
Senior Member
 
Join Date: Aug 2010
Posts: 183
Also ran maleware bytes, i can certainly hear breathing. Its creepy.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.02.02

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Brandi :: BRANDI-PC [administrator]

3/7/2014 7:14:38 PM
mbam-log-2014-03-07 (19-14-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225375
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 19
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (1).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (10).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (11).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (12).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (13).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (14).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (15).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (16).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (2).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (3).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (4).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (5).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (6).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (7).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (8).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0 (9).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649207_0_0_0_0.exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649211_0_0_0_0 (1).exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.
C:\Users\Brandi\Downloads\HD_Player__CD5MTCD11541_ v3dg23mxz260z2649211_0_0_0_0.exe (PUP.Optional.Downloadius) -> Quarantined and deleted successfully.

(end)
Reply With Quote
  #19  
Old March 8th, 2014, 11:58 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,424
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
S2 DatamngrCoordinator2; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please open FRST and click on Fix.



After this, please open FRST again, copy and paste the following in the search field.

Code:
rpcss.*
Now please click on the Search button and post back with the Search.txt Logfile.
Reply With Quote
  #20  
Old March 8th, 2014, 07:18 PM
SageWinard SageWinard is offline
Senior Member
 
Join Date: Aug 2010
Posts: 183
Farbar Recovery Scan Tool (x64) Version: 07-03-2014
Ran by Brandi at 2014-03-08 10:13:57
Running from C:\Users\Brandi\Desktop
Boot Mode: Normal

================== Search: "rpcss.*" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b5 10f93cd21\rpcss.dll
[2009-10-06 12:49] - [2009-03-02 20:59] - 0717824 ____A (Microsoft Corporation) 857E04C16007E60FCC0803239C853E78

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2 ff64839ac\rpcss.dll
[2009-10-06 12:49] - [2009-03-02 20:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777 ff63d6f72\rpcss.dll
[2008-01-20 18:51] - [2008-01-20 18:51] - 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129 912422fc2\rpcss.dll
[2009-10-06 12:49] - [2009-03-02 20:35] - 0724992 ____A (Microsoft Corporation) 54FF562C2710BB610B019D723B16FB2A

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce 1f92f2ca2\rpcss.dll
[2009-10-06 12:49] - [2009-03-02 20:40] - 0724992 ____A (Microsoft Corporation) 007F8DE7AC0F9386C3FD2EC7DC87C37A

C:\Windows\winsxs\amd64_microsoft-windows-c..qfe-rpcss.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a25877e9de938b1b\rpcss.dll.mui
[2006-11-02 07:13] - [2006-11-02 07:13] - 0004096 ____A (Microsoft Corporation) 3427F7881A3234C8D6B161CDD047197E

C:\Windows\System32\rpcss.dll
[2009-10-06 12:49] - [2009-03-02 20:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

C:\Windows\System32\en-US\rpcss.dll.mui
[2006-11-02 07:13] - [2006-11-02 07:13] - 0004096 ____A (Microsoft Corporation) 3427F7881A3234C8D6B161CDD047197E

C:\Windows\SoftwareDistribution\Download\61da130e2 1aad3387c2fa3ca1d469de3\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08 bf35f3abe\rpcss.dll
[2009-10-20 11:27] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

C:\Windows\erdnt\cache64\rpcss.dll
[2014-03-02 11:56] - [2009-03-02 20:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

====== End Of Search ======
Reply With Quote
  #21  
Old March 9th, 2014, 07:12 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,424
Still audio ads?
Reply With Quote
  #22  
Old March 9th, 2014, 08:06 AM
SageWinard SageWinard is offline
Senior Member
 
Join Date: Aug 2010
Posts: 183
Im not hearing anything so far. Java is asking to execute jucheck.exe

norton keeps picking up on mutechrome.dll and something is eating the computers resources. I click into norton and it says its taking up high cpu resources.any suggestions?
Reply With Quote
  #23  
Old March 9th, 2014, 08:07 AM
SageWinard SageWinard is offline
Senior Member
 
Join Date: Aug 2010
Posts: 183
and yes, right after i posted this and clicke reply, the audio ads started playing. as if on CUE. :/ What causes that? Malware?
Reply With Quote
  #24  
Old March 10th, 2014, 08:05 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,424
I would completeley uninstall and reinstall Norton, or switch to a better av program. Norton is well known for those stuff.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Reply With Quote
  #25  
Old March 15th, 2014, 08:43 AM
SageWinard SageWinard is offline
Senior Member
 
Join Date: Aug 2010
Posts: 183
Before i take the next step, could you reccomend a good free antivirus program? I hear avast is good, i have used it before but i know it is a bit more resource heavy.
Reply With Quote
  #26  
Old March 15th, 2014, 11:11 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,424
When it must be free, I would say avast or MSE. I prefer Emsisoft, but it is not for free.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:19 PM.