music and sounds playing on computer #?

abush New Helpee Posts: 42	music and sounds playing on computer #? Mar 30, 2014 10:17:59 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by abush on Mar 30, 2014 10:17:59 GMT -8 What would be the other causes for the computer to always sound like it's running or working hard?

Quads Malware Removalists In New Zealand Posts: 9,387	music and sounds playing on computer #? Mar 30, 2014 10:22:57 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Mar 30, 2014 10:22:57 GMT -8 Something new to a point that tools have not been updated for them, You did not select the TDLFS option in the parameters before scanning with TDSSkiller, for one anyway. Quads

abush New Helpee Posts: 42	music and sounds playing on computer #? Mar 30, 2014 12:41:18 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by abush on Mar 30, 2014 12:41:18 GMT -8 Ok. Thank you, again.

Quads Malware Removalists In New Zealand Posts: 9,387	music and sounds playing on computer #? Mar 30, 2014 15:13:03 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Mar 30, 2014 15:13:03 GMT -8 Is the system running slow also?? Quads

abush
New Helpee

Posts: 42

music and sounds playing on computer #? Mar 31, 2014 14:35:23 GMT -8

Post by abush on Mar 31, 2014 14:35:23 GMT -8

Not especially. Not like last time. It just seems like sometimes it runs harder than it should. Usually, I reboot and it seems okay and then when it starts, I just reboot again. Honestly, I probably need a new updated system.

Quads
Malware Removalists

In New Zealand

Posts: 9,387

music and sounds playing on computer #? Mar 31, 2014 14:49:33 GMT -8

Post by Quads on Mar 31, 2014 14:49:33 GMT -8

Hmmm you do have at lest 2 objects like you had last time, so I wonder id something is still TRYING and as it does so the system slows down, (It fails). which could also be why nothing much is appearing in logs

There are a couple of other things to check / fix later by what that log says, but will do those later, But now the Folders

Download Roguekiller www.bleepingcomputer.com/download/roguekiller/ On to the Desktop

Download Now
@ Authors Site

Start Roguekiller and it then goes though a Pre scan once it is finished that click the "Scan" button When it is finished click the "Report" button and then post back the report.

This is because at the moment with my test. Roguekiller is a cruder scan and remove program, but also has False Positives at times

Quads

abush
New Helpee

Posts: 42

music and sounds playing on computer #? Apr 3, 2014 12:27:11 GMT -8

Post by abush on Apr 3, 2014 12:27:11 GMT -8

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : www.adlice.com/contact/
Feedback : forum.adlice.com
Website : www.adlice.com/softwares/roguekiller/
Blog : www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : ANGIE [Admin rights]
Mode : Scan -- Date : 04/01/2014 16:12:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{471BDDFF-2E9A-4C4D-B34E-1DD65EAF5A00} : NameServer (150.198.129.47,150.198.129.49 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{471BDDFF-2E9A-4C4D-B34E-1DD65EAF5A00} : NameServer (150.198.129.47,150.198.129.49 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{471BDDFF-2E9A-4C4D-B34E-1DD65EAF5A00} : NameServer (150.198.129.47,150.198.129.49 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4537 : wscript.exe - C:\Users\ANGIE\AppData\Local\Temp\launchie.vbs //B -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x828E1823 -> HOOKED (Unknown @ 0x87360DA8)
[Address] SSDT[14] : NtAlertThread @ 0x8285A34F -> HOOKED (Unknown @ 0x87360E40)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8289669D -> HOOKED (Unknown @ 0x87D65490)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x828388A7 -> HOOKED (Unknown @ 0x8894F868)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x8280BB32 -> HOOKED (Unknown @ 0x873607A8)
[Address] SSDT[67] : NtCreateMutant @ 0x8286E993 -> HOOKED (Unknown @ 0x87360BD0)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x8280E349 -> HOOKED (Unknown @ 0x873605A0)
[Address] SSDT[78] : NtCreateThread @ 0x828DFE40 -> HOOKED (Unknown @ 0x87D65710)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x828B2ED4 -> HOOKED (Unknown @ 0x87360840)
[Address] SSDT[129] : NtDuplicateObject @ 0x82846579 -> HOOKED (Unknown @ 0x87D65578)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x826D2E75 -> HOOKED (Unknown @ 0x87D65320)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x82808F3F -> HOOKED (Unknown @ 0x87360C78)
[Address] SSDT[158] : NtImpersonateThread @ 0x8281E589 -> HOOKED (Unknown @ 0x87360D10)
[Address] SSDT[165] : NtLoadDriver @ 0x827B9E12 -> HOOKED (Unknown @ 0x87360970)
[Address] SSDT[177] : NtMapViewOfSection @ 0x8285E994 -> HOOKED (Unknown @ 0x87D65268)
[Address] SSDT[184] : NtOpenEvent @ 0x82847DF7 -> HOOKED (Unknown @ 0x87360B38)
[Address] SSDT[194] : NtOpenProcess @ 0x8286F12F -> HOOKED (Unknown @ 0x87D65688)
[Address] SSDT[195] : NtOpenProcessToken @ 0x8284FA58 -> HOOKED (Unknown @ 0x87707020)
[Address] SSDT[197] : NtOpenSection @ 0x8285F78C -> HOOKED (Unknown @ 0x87360A08)
[Address] SSDT[201] : NtOpenThread @ 0x8286A62B -> HOOKED (Unknown @ 0x87D65600)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x828683E2 -> HOOKED (Unknown @ 0x87360700)
[Address] SSDT[282] : NtResumeThread @ 0x82869C4A -> HOOKED (Unknown @ 0x87360ED8)
[Address] SSDT[289] : NtSetContextThread @ 0x828E12CF -> HOOKED (Unknown @ 0x87D65090)
[Address] SSDT[305] : NtSetInformationProcess @ 0x828629E6 -> HOOKED (Unknown @ 0x87D65128)
[Address] SSDT[317] : NtSetSystemInformation @ 0x82834F1E -> HOOKED (Unknown @ 0x873608D8)
[Address] SSDT[330] : NtSuspendProcess @ 0x828E175F -> HOOKED (Unknown @ 0x87360AA0)
[Address] SSDT[331] : NtSuspendThread @ 0x827E8945 -> HOOKED (Unknown @ 0x87360F70)
[Address] SSDT[334] : NtTerminateProcess @ 0x8283F16B -> HOOKED (Unknown @ 0x876E8058)
[Address] SSDT[335] : unknown @ 0x8286A660 -> HOOKED (Unknown @ 0x87360008)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x8285EC57 -> HOOKED (Unknown @ 0x87D651D0)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x8285BA27 -> HOOKED (Unknown @ 0x87D653C8)
[Address] SSDT[382] : NtCreateThreadEx @ 0x8286A115 -> HOOKED (Unknown @ 0x87360648)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87E71220)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87E7CE28)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x87E7CDB0)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87E71120)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x87E71198)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x87E7CC18)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x87E7CD28)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87E7CCA0)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87E764E0)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x87E76528)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250310AS ATA Device +++++
--- User ---
[MBR] 2810f80b0d308030f29a2f75f3dcdcae
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 MB
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 228129 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) TEAC USB HS-CF Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) TEAC USB HS-xD/SM USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) TEAC USB HS-MS Card USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) TEAC USB HS-SD Card USB Device +++++
--- User ---
[MBR] b8b7b76e260059b065e96be6be97fb43
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04012014_161240.txt >>

Quads Malware Removalists In New Zealand Posts: 9,387	music and sounds playing on computer #? Apr 3, 2014 13:37:04 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Apr 3, 2014 13:37:04 GMT -8 Hmmmm you are using a DNS settings that appears to be used last by Henry Ford Hospital MI USA. So maybe what is why Roguekiller has the address as not legit. Quads

abush New Helpee Posts: 42	music and sounds playing on computer #? Apr 4, 2014 13:26:33 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by abush on Apr 4, 2014 13:26:33 GMT -8 I use my computer to login remotely. Is there something that I should be doing different?

abush New Helpee Posts: 42	music and sounds playing on computer #? Apr 4, 2014 13:26:44 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by abush on Apr 4, 2014 13:26:44 GMT -8 log in remotely for work....

music and sounds playing on computer #?

Post by abush on Mar 30, 2014 10:17:59 GMT -8

Post by Quads on Mar 30, 2014 10:22:57 GMT -8

Post by abush on Mar 30, 2014 12:41:18 GMT -8

Post by Quads on Mar 30, 2014 15:13:03 GMT -8

Post by abush on Mar 31, 2014 14:35:23 GMT -8

Post by Quads on Mar 31, 2014 14:49:33 GMT -8

Post by abush on Apr 3, 2014 12:27:11 GMT -8

Post by Quads on Apr 3, 2014 13:37:04 GMT -8

Post by abush on Apr 4, 2014 13:26:33 GMT -8

Post by abush on Apr 4, 2014 13:26:44 GMT -8