My speakers are playing random songs at different times throughout the day, when I'm connected to the internet. I think its a virus, or file? It plays songs, advertises, and broadcasts sporting events (Boxing matches where I can hear guys getting hit?). The problem has been going on all of three weeks now. I've ran the best spyware stuff I have. Xoft, Kaspersky, Adaware....
Mix
-2
Junior Poster in Training
Recommended Answers
Jump to Poststop the bonjouer#
and try again
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
but i am not sure though i dtopped mine and i didnt have the interference problem i just stopped it cause i didnt know what it is …
Jump to Poststop the bonjouer#
and try again
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
but i am not sure though i dtopped mine and i didnt have the interference problem i just stopped it cause i didnt know what it is :DStopping processes …
Jump to PostI nuked Bonjour. Right now the thing is playing some pretty jamming jazz. Some guy is saying "Banquet.com b-b-Banquet.com" . Now... its playing 90s hip hop. Haha...
Ha, I didn't …
Jump to PostI've got a pretty cool setup btw, Joe. Have a Slackware virtual machine and going to get a Gentoo.
Good for you. Gentoo and Slackware are a couple of my favorite Linux distros.
Update: I just reran Hijack this and did as directed in the virus forums, and I ran …
Jump to PostWell, I'm at a loss for what to suggest. Hopefully the virus experts will keep helping you remove this.
All 30 Replies
Serunson
413
Posting Maven
Get rid of them immediately!
You done a hijack this log? If so post it here and someone will work out what it means, because i don't :P
Also, slick picture, it very good i must say :)
jbennet
1,618
Most Valuable Poster
Team Colleague
Featured Poster
Virus or interferance. One way to find out is to plug in some headphones. If you dont hear any broadcasts using the headphones then it must be inteferance.
Infarction
503
Posting Virtuoso
Could definitely be interference. One of my friend's speakers were so bad, she could hardly hear the sounds from her own computer... :P
jbennet
1,618
Most Valuable Poster
Team Colleague
Featured Poster
mmm but usuaally you cant hear recognisable sounds, you know what i mean? like when you get dat-dat-dat when a cellphone goes to close to a TV.
Infarction
503
Posting Virtuoso
Well, that's a digital signal. If you're picking up a radio station, you'll be able to hear it just fine.
Mix
-2
Junior Poster in Training
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:58 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Image-Line\FL Studio 7\FL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\ngboot\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {0AA0B610-0971-F3D1-56C8-0BB739F56621} - C:\WINDOWS\system32\atcxO89S.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp25.tmp.dll
O2 - BHO: (no name) - {36d7502e-5f19-471b-b727-48b656993b70} - C:\WINDOWS\system32\app026.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\rwbkujog.dll (file missing)
O2 - BHO: (no name) - {696568FA-D46C-DB96-4967-FE8DB82085BC} - C:\WINDOWS\system32\erv.dll (file missing)
O2 - BHO: (no name) - {73C5FEA7-2AC5-48A7-9A4E-916B437598CE} - C:\Program Files\Common Files\hope83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7CBA95F2-BFBC-47D0-A041-C547833D2A3B} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\mljgfcb.dll (file missing)
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Epson printer Registration.lnk = E:\E_reg\EpsonReg.EXE
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: app026 - app026.dll (file missing)
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O20 - Winlogon Notify: mljgfcb - mljgfcb.dll (file missing)
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dswfn.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xlseadpu.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\prokyko.html
O24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\prokyko.htmlSome talkshow is going on right now talking about porn preferences...? This thing sucks, help!?
The Dude
944
Nearly a Senior Poster
Sounds like interference!!
Try different speakers or headphones,if the problems goes away,that was it :)
Good luck!
Mix
-2
Junior Poster in Training
Is interference amazingly clear? It continues when I plug headphones in.
jbennet
1,618
Most Valuable Poster
Team Colleague
Featured Poster
its some sort of virus then
hamada_1990
68
Posting Pro in Training
stop the bonjouer#
and try again
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
but i am not sure though i dtopped mine and i didnt have the interference problem i just stopped it cause i didnt know what it is :D
Mix
-2
Junior Poster in Training
Ok I just nuked the Bonjour.exe file, I'll post updates after I test the system. Thanks for bearing with me.
hamada_1990
68
Posting Pro in Training
ok sure i just need you to raise my reputation always flag me positive cause i intend to be rude to some people and they are flagging me negative because i do nothig but being rude but i can't stop i just like it so always flah me positive ok :) and gimme the report next time
Sturm
commented:
this definetely won't raise your rep. Having better grammar might though.
+0
christina>you
commented:
People give you bad rep because you don't know how to type correct grammar. Well and because you're rude too... but that doesn't mean you can't change. I think you just don't care.
-4
arjunsasidharan
commented:
Well he is trying his best to type in some of the english words that he knows. Stop bad reppin him.
+2
Sturm
270
Veteran Poster
2
Sounds pretty cool! (the virus I mean)
The Dude
944
Nearly a Senior Poster
Ok I just nuked the Bonjour.exe file, I'll post updates after I test the system. Thanks for bearing with me.
Yes please keep us informed on your progress :)
John A
1,896
Vampirical Lurker
Team Colleague
stop the bonjouer#
and try again
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
but i am not sure though i dtopped mine and i didnt have the interference problem i just stopped it cause i didnt know what it is :D
Stopping processes just because you don't know what they are is not a good idea, genius. Better to do some research about it first before just going around and wiping out some random programs. Better yet, post this log where it should be, and get the experts' help:
Mix
-2
Junior Poster in Training
I nuked Bonjour. Right now the thing is playing some pretty jamming jazz. Some guy is saying "Banquet.com b-b-Banquet.com" . Now... its playing 90s hip hop. Haha...
jbennet
1,618
Most Valuable Poster
Team Colleague
Featured Poster
Reinstall your system. It sounds pretty far gone to me
hamada_1990
68
Posting Pro in Training
2
Sounds pretty cool! (the virus I mean)
god damn it i mistaked in the gimme i met give me and the flah is a flag **** all of you giving me bad rep
hamada_1990
68
Posting Pro in Training
2
Sounds pretty cool! (the virus I mean)
god damn it i mistaken in the gimme i met give me and the flah is a flag **** all of you giving me bad rep
jbennet
1,618
Most Valuable Poster
Team Colleague
Featured Poster
You double posted
hamada_1990
68
Posting Pro in Training
by mistake i thought i didn't post in the beginning
xander85
LMAO!! Hilarious... That sucks!!! :D
John A
1,896
Vampirical Lurker
Team Colleague
I nuked Bonjour. Right now the thing is playing some pretty jamming jazz. Some guy is saying "Banquet.com b-b-Banquet.com" . Now... its playing 90s hip hop. Haha...
Ha, I didn't think deleting Bonjour would have any effect. Bonjour.exe is an Apple process, and unless an antivirus software tells you that the executable file is infected, deleting it is rather pointless.
I noticed your thread in the Viruses forum, so good luck! Your best bet is the moderator crunchie, who helps pretty much everyone there clean up their systems. If he can't fix your system, there's probably no hope. Reformatting, as jbennet already stated, would be the easiest option.
Mix
-2
Junior Poster in Training
I've got a pretty cool setup btw, Joe. Have a Slackware virtual machine and going to get a Gentoo. I've just never seen anything like this, and I've been using computers for years.
Update: I just reran Hijack this and did as directed in the virus forums, and I ran Vondofix and rebooted. I connect to the wireless network, and it starts playing the Lone Ranger tune.
Mix
-2
Junior Poster in Training
.
LMAO!! Hilarious... That sucks!!! :D
Heh. It's especially funny when the heavy metal kicks in while I'm (trying) to concentrate.
2
Sounds pretty cool! (the virus I mean)
It's artwork.
John A
1,896
Vampirical Lurker
Team Colleague
I've got a pretty cool setup btw, Joe. Have a Slackware virtual machine and going to get a Gentoo.
Good for you. Gentoo and Slackware are a couple of my favorite Linux distros.
Update: I just reran Hijack this and did as directed in the virus forums, and I ran Vondofix and rebooted. I connect to the wireless network, and it starts playing the Lone Ranger tune.
Well, it looks like crunchie's replied to your post again with more instructions. :)
Mix
-2
Junior Poster in Training
When my pc first got infected it would play almost nonstop. The computrer was very laggy and loaded amazingly slow. It took 4-5 minutes to boot.
Since I've got some fairly decent security set up, I've managed to eliminate the bulk of the trojans. It was hundreds of bad files, trojans and viruses on the system. I destroyed the stuff that was slowing the computer down.
I've been able to, with the help of good tools and patience, destroy the spyware, etc... And I thought I was scotch free. The virus has been singing ever since the beginning and hasn't shut up for a month and a half.
Mix
-2
Junior Poster in Training
Good for you. Gentoo and Slackware are a couple of my favorite Linux distros.
Well, it looks like crunchie's replied to your post again with more instructions. :)
Well I know for certain that's not it. Even though "When u save" could lean a bit towards the adware side... it came weeks after the audio issue. I've made a brief synopsis for people to see what's going on; there's another post in the virus forum that has the exact same problem as I do.
Synopsis:When my pc first got infected it would play almost nonstop. The computer was very laggy and loaded amazingly slow. It took 4-5 minutes to boot.
Since I've got some fairly decent security set up, I've managed to eliminate the bulk of the trojans. It was hundreds of bad files, trojans and viruses on the system. I destroyed the stuff that was slowing the computer down.
I've been able to, with the help of good tools and patience, destroy the spyware, etc... And I thought I was scotch free. The virus has been singing ever since the beginning and hasn't shut up for a month and a half.
............................................................................
What I have used:
XoftSpy SE
Adaware SE
Active Virus Shield (Kaspersky)
Kaspersky web edition
Zone Alarm(firewall, virus scan, and security suite with highest settings)
Port blocker ( when I blocked the port the program was using it automagically changed its own port all with no sight of itself in any process menu!!!)
Windows Task Manager
Symantec Task Viewer
Hijack this!
Vundofix.exe
and Combofix.exe
.............................................................................
The program cant be seen in safe mode, either.
John A
1,896
Vampirical Lurker
Team Colleague
Well, I'm at a loss for what to suggest. Hopefully the virus experts will keep helping you remove this.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.