Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 1363

Aug 14th, 2008

random sounds playing

Expand Post »

hi
i have this problem that my computer keeps playing random sounds without any programs being open. can someone take a look at my hijackthis log and see if they no whats wrong plz.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:46, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\T5Y5JSQB\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O2 - BHO: QXK Olive - {DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} - C:\WINDOWS\wnlmdakqlag.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [44603773356157056278707414575606] C:\Program Files\AV9\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212255894203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1212256110515
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JS...ws-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: byXRihGY - byXRihGY.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9400 bytes

Similar Threads

Computer freezes while playing games in Troubleshooting Dead Machines
Random sounds playing.. in Viruses, Spyware and other Nasties
Odd shutdown/booting problem. in Troubleshooting Dead Machines
hijack log mcinfo.exe errors/ drive errors/slow computer in Viruses, Spyware and other Nasties
Random restarts during game playing in Windows NT / 2000 / XP

matty sal19

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

19 posts
since Aug 2008

Permalink

Aug 14th, 2008

Re: random sounds playing

Hi, I'll be helping you to remove the malware in your computer.

You are a victim of Antivirus 2009.
Antivirus 2009 is a fraudulent antivirus which displays false positives of having found malware in your system.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results. Copy paste the results here so that I can review it.

So in your next reply, please include :

A new HijackThis log
Log from MBAM

Cyber Punk

Reputation Points: 10

Solved Threads: 9

Junior Poster

Offline

173 posts
since Jul 2008

Permalink

Aug 14th, 2008

Re: random sounds playing

ive done what you said and the results were:

hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:23, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O2 - BHO: QXK Olive - {DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} - C:\WINDOWS\wnlmdakqlag.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [44603773356157056278707414575606] C:\Program Files\AV9\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212255894203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212256110515
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1213988128520&h=e867768c2a693df8b8d26b10c76b2f37/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: byXRihGY - byXRihGY.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9287 bytes

mbam log:
Malwarebytes' Anti-Malware 1.24
Database version: 1052
Windows 5.1.2600 Service Pack 2

16:09:17 14/08/2008
mbam-log-8-14-2008 (16-09-08).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 149845
Time elapsed: 3 hour(s), 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 21
Files Infected: 53

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d37d6c1a-7ba4-47f4-9bf2-75031e257df6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc15gj0e7bc (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> No action taken.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\FixThemNow (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\All Users\Application Data\FixThemNow\Data (Rogue.FixThemNow) -> No action taken.
C:\Program Files\FixThemNow (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\Owner\Application Data\FixThemNow (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\Owner\Application Data\FixThemNow\Logs (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Owner\Application Data\rhc15gj0e7bc\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Files Infected:
C:\WINDOWS\system32\sfigcins.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\snicgifs.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\510BQ5YH\ico[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UNT3XS40\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UNT3XS40\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP78\A0024138.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP80\A0024336.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP80\A0024337.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP80\A0024340.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP80\A0024341.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP81\A0024427.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP81\A0024428.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP81\A0024429.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP81\A0024430.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ijmamobb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kxbqek.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mvimgvcf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oehqkf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ovyteq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRIxuuT.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wbiuquff.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wbsmsjph.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\FixThemNow\Data\ac (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\All Users\Application Data\FixThemNow\Data\em (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\All Users\Application Data\FixThemNow\Data\oid (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\All Users\Application Data\FixThemNow\Data\user (Rogue.FixThemNow) -> No action taken.
C:\Program Files\FixThemNow\swupd.log (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\Owner\Application Data\FixThemNow\Logs\update.log (Rogue.FixThemNow) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\winsrc.dll (Adware.Toolbar) -> No action taken.
C:\WINDOWS\wr.txt (Malware.Trace) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.

matty sal19

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

19 posts
since Aug 2008

Permalink

Aug 14th, 2008

Re: random sounds playing

Hi, MBAM is not able to remove this infection.

Let's first get rid of Vundo.

Please download VundoFix.exe by Atribune from Atribune and save it to your desktop.

Double click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Fix Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt

Last edited by Cyber Punk; Aug 14th, 2008 at 12:38 pm.

Cyber Punk

Reputation Points: 10

Solved Threads: 9

Junior Poster

Offline

173 posts
since Jul 2008

Permalink

Aug 14th, 2008

Re: random sounds playing

when i scanned for vundo it said that none was found???i tried it again and it did the same thing. what should i do?

matty sal19

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

19 posts
since Aug 2008

Permalink

Aug 14th, 2008

Re: random sounds playing

Please download ATF Cleaner...by Atribune.
It is set up to clean IE, FireFox and Opera, detecting the browsers you have and grays out the other(s).

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
Click the Empty Selected button.
- If you use Firefox browser
- Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
- Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- If you use Opera browser
- Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
- Click the Empty Selected button.
  NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Reply OK to the box with the total bytes removed...
Click Exit on the Main menu to close the program.

Now, try running MBAM again.

Cyber Punk

Reputation Points: 10

Solved Threads: 9

Junior Poster

Offline

173 posts
since Jul 2008

Permalink

Aug 14th, 2008

Re: random sounds playing

You should run MBA-M as per the directions in the linky below:

Read me before posting a request for assistance

Note where it says: Be sure that everything is checked, and click Remove Selected.

Cheers

PhilliePhan

Moderator

Reputation Points: 169

Solved Threads: 106

Central Scrutinizer

Offline

1,576 posts
since Dec 2006

Permalink

Aug 15th, 2008

Re: random sounds playing

i think ive got rid of all of them.

mbam log:
Malwarebytes' Anti-Malware 1.24
Database version: 1052
Windows 5.1.2600 Service Pack 2

11:47:48 15/08/2008
mbam-log-8-15-2008 (11-47-48).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 143316
Time elapsed: 2 hour(s), 43 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP78\A0024138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP80\A0024336.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP80\A0024337.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP80\A0024340.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP80\A0024341.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP81\A0024427.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP81\A0024428.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP81\A0024429.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP81\A0024430.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

dss and hijackthis:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-15 11:57:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-15 11:57:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\KBD\kbd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\dss.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O2 - BHO: QXK Olive - {DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396} - C:\WINDOWS\wnlmdakqlag.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [44603773356157056278707414575606] C:\Program Files\AV9\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212255894203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1212256110515
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://dl8-cdn-01.sun.com/s/ESD42/JS...ws-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: byXRihGY - C:\WINDOWS\system32\byXRihGY.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10959 bytes

-- Files created between 2008-07-15 and 2008-08-15 -----------------------------

2008-08-15 08:43:25 686630 --a------ C:\dss.exe
2008-08-14 17:54:41 119808 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-08-14 17:42:04 0 d-------- C:\VundoFix Backups <VUNDOF~1>
2008-08-14 12:59:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-14 12:58:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 12:58:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 21:54:12 555330 --ahs---- C:\WINDOWS\system32\YFfLlUtv.ini2
2008-08-13 13:54:45 0 d-------- C:\Program Files\Trend Micro
2008-08-12 11:45:01 562502 --ahs---- C:\WINDOWS\system32\pVCKRXbc.ini2
2008-07-30 12:54:02 0 d-------- C:\Program Files\BFG
2008-07-30 12:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-30 12:51:22 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-07-30 12:44:24 0 d-------- C:\Program Files\Magic Ball 3

-- Find3M Report ---------------------------------------------------------------

2008-08-13 17:13:04 0 d-------- C:\Program Files\Messenger
2008-08-13 09:13:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-13 09:13:38 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-08-08 18:20:59 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-07-26 22:55:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-24 23:41:20 0 d-------- C:\Program Files\Symantec
2008-07-24 23:40:18 0 d-------- C:\Program Files\Common Files
2008-07-24 23:35:00 0 d-------- C:\Program Files\Norton AntiVirus
2008-07-21 21:06:46 0 d-------- C:\Program Files\ChickenInvadersROTYXmas
2008-07-15 19:32:12 0 d-------- C:\Program Files\DNA
2008-07-15 17:02:05 0 d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-07-12 14:47:34 0 d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2
2008-07-12 14:47:33 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-06-26 13:40:42 0 d-------- C:\Program Files\NavigationAdvisor
2008-06-24 18:24:49 0 d-------- C:\Program Files\ChickenInvaders3_at
2008-06-20 19:57:29 0 d-------- C:\Program Files\Java
2008-06-20 12:44:40 0 d-------- C:\Program Files\Adssite Advanced Toolbar
2008-06-16 23:16:33 2576 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF6C9A95-CDD0-4EFC-9C2A-B6CA365F7396}]
C:\WINDOWS\wnlmdakqlag.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 17:04]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [20/08/2004 15:51]
"KBD"="C:\HP\KBD\KBD.EXE" [11/02/2003 20:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [16/01/2004 20:16]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 21:43]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [29/06/2004 09:06 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [12/09/2003 20:13]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [20/08/2004 15:55]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [03/07/2008 20:46]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 01:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2004 01:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/05/2007 19:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [13/06/2008 18:27]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" []
"44603773356157056278707414575606"="C:\Program Files\AV9\av2009.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [07/06/2006 17:05:38]
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [13/05/2005 16:40:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 05:19:24]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [10/07/2005 19:40:07]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [10/07/2005 19:40:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRihGY]
byXRihGY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUlLfFY

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95d34b98-2f36-11dd-af78-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480

-- End of Deckard's System Scanner: finished at 2008-08-15 11:58:23 ------------

matty sal19

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

19 posts
since Aug 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: still getting surprise cold boot

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Problem with virus (possible multiple?)

DaniWeb Message

Cancel Changes

User Name
Password