Ridiculous Problem
My speakers are playing random songs at different times throughout the day, when I'm connected to the internet. I think its a virus, or file? It plays songs, advertises, and broadcasts sporting events (Boxing matches where I can hear guys getting hit?). The problem has been going on all of three weeks now. I've ran the best spyware stuff I have. Xoft, Kaspersky, Adaware....
Mix
Junior Poster in Training
77 posts since Sep 2006
Reputation Points: 8
Solved Threads: 0
Get rid of them immediately!
You done a hijack this log? If so post it here and someone will work out what it means, because i don't :P
Also, slick picture, it very good i must say :)
Serunson
Posting Maven
2,578 posts since Mar 2007
Reputation Points: 533
Solved Threads: 46
Virus or interferance. One way to find out is to plug in some headphones. If you dont hear any broadcasts using the headphones then it must be inteferance.
jbennet
Moderator
18,523 posts since Apr 2005
Reputation Points: 1,820
Solved Threads: 600
Could definitely be interference. One of my friend's speakers were so bad, she could hardly hear the sounds from her own computer... :P
Infarction
Posting Virtuoso
1,580 posts since May 2006
Reputation Points: 683
Solved Threads: 53
mmm but usuaally you cant hear recognisable sounds, you know what i mean? like when you get dat-dat-dat when a cellphone goes to close to a TV.
jbennet
Moderator
18,523 posts since Apr 2005
Reputation Points: 1,820
Solved Threads: 600
Well, that's a digital signal. If you're picking up a radio station, you'll be able to hear it just fine.
Infarction
Posting Virtuoso
1,580 posts since May 2006
Reputation Points: 683
Solved Threads: 53
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:58 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Image-Line\FL Studio 7\FL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\ngboot\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {0AA0B610-0971-F3D1-56C8-0BB739F56621} - C:\WINDOWS\system32\atcxO89S.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp25.tmp.dll
O2 - BHO: (no name) - {36d7502e-5f19-471b-b727-48b656993b70} - C:\WINDOWS\system32\app026.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\rwbkujog.dll (file missing)
O2 - BHO: (no name) - {696568FA-D46C-DB96-4967-FE8DB82085BC} - C:\WINDOWS\system32\erv.dll (file missing)
O2 - BHO: (no name) - {73C5FEA7-2AC5-48A7-9A4E-916B437598CE} - C:\Program Files\Common Files\hope83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7CBA95F2-BFBC-47D0-A041-C547833D2A3B} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\mljgfcb.dll (file missing)
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Epson printer Registration.lnk = E:\E_reg\EpsonReg.EXE
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: app026 - app026.dll (file missing)
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O20 - Winlogon Notify: mljgfcb - mljgfcb.dll (file missing)
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dswfn.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xlseadpu.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\prokyko.html
O24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\prokyko.html
Some talkshow is going on right now talking about porn preferences...? This thing sucks, help!?
Mix
Junior Poster in Training
77 posts since Sep 2006
Reputation Points: 8
Solved Threads: 0
Sounds like interference!!
Try different speakers or headphones,if the problems goes away,that was it :)
Good luck!
The Dude
Nearly a Senior Poster
3,485 posts since Dec 2005
Reputation Points: 1,054
Solved Threads: 31
Is interference amazingly clear? It continues when I plug headphones in.
Mix
Junior Poster in Training
77 posts since Sep 2006
Reputation Points: 8
Solved Threads: 0
its some sort of virus then
jbennet
Moderator
18,523 posts since Apr 2005
Reputation Points: 1,820
Solved Threads: 600
Ok I just nuked the Bonjour.exe file, I'll post updates after I test the system. Thanks for bearing with me.
Mix
Junior Poster in Training
77 posts since Sep 2006
Reputation Points: 8
Solved Threads: 0
2
Sounds pretty cool! (the virus I mean)
Sturm
Veteran Poster
1,079 posts since Jan 2007
Reputation Points: 343
Solved Threads: 24
Ok I just nuked the Bonjour.exe file, I'll post updates after I test the system. Thanks for bearing with me.
Yes please keep us informed on your progress :)
The Dude
Nearly a Senior Poster
3,485 posts since Dec 2005
Reputation Points: 1,054
Solved Threads: 31
stop the bonjouer#
and try again
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
but i am not sure though i dtopped mine and i didnt have the interference problem i just stopped it cause i didnt know what it is :D
Stopping processes just because you don't know what they are is not a good idea, genius. Better to do some research about it first before just going around and wiping out some random programs. Better yet, post this log where it should be, and get the experts' help:
http://www.daniweb.com/forums/forum64.html
John A
Vampirical Lurker
7,630 posts since Apr 2006
Reputation Points: 2,240
Solved Threads: 339
I nuked Bonjour. Right now the thing is playing some pretty jamming jazz. Some guy is saying "Banquet.com b-b-Banquet.com" . Now... its playing 90s hip hop. Haha...
Mix
Junior Poster in Training
77 posts since Sep 2006
Reputation Points: 8
Solved Threads: 0
Reinstall your system. It sounds pretty far gone to me
jbennet
Moderator
18,523 posts since Apr 2005
Reputation Points: 1,820
Solved Threads: 600
