I've apparently 'contracted' sort sort of hidden app/virus which occasionally will play a random snippet of sound. Very annoying. It sounds like someone breathing into or swishing a live mic. At first I though it might have been something done via the internet, but even if I disable my connection or unplug the cable I'm still gettting it. Once every half hour to hour or so. Sort of like that old 'screamer' virus for the Mac.
I'm using Win XP. Any advice on how to track this thing down? Virus software aint finding it. Are there any programs that allow one to track and/or block requests to the win. audio/sound device? It appears to work with the audio device - even if I'm listening to tunes it gets mixed in.
Thanks
Full Version: Windows audio virus
I had similar problem, and I found out it came from one flash picture on my web browser, which I always keep open - and few pages are always loaded, with flash commercials which reloaded every now and then.
Check that out. My computer would start talking to me that I REALLY HAVE TO BUY something, I can't recall what... it scared sh*it out of me first time
Check that out. My computer would start talking to me that I REALLY HAVE TO BUY something, I can't recall what... it scared sh*it out of me first time
You could always post a HijackThis log on a security forum, then a malware expert could tell you if there's an infection on your PC. There's HijackThis analysis on the CCleaner Forums done by a handful of knowledgeable and helpful people.
I'd suggest running HijackThis to track down any suspicious task running in the background that might access your computer's audio system. If you're unsure about which tasks to be problematic ones, simply upload the log or paste it here using the codebox and /codebox commands. Maybe one of us finds the naughty process that causes the problem.
Edit: Andavari was faster.
Edit: Andavari was faster.
If you are lucky this place will nab it http://housecall.trendmicro.com/ . If not, update your spyware and ad-aware software. After that I suggest you get real friendly with Hijack-This! found here http://merijn.org/programs.php#hijackthis . Merijn has other security related programs that I use.
Here's the output from 'hijackthis' (again). thanks for any advice.
Logfile of HijackThis v1.99.1
Scan saved at 7:20:31 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\boo_files\misc\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...;N=PLEM&O=I
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: Registration Call of Juarez.LNK = C:\Program Files\Ubisoft\Techland\Call of Juarez\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
CODE
Logfile of HijackThis v1.99.1
Scan saved at 7:20:31 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\boo_files\misc\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...;N=PLEM&O=I
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: Registration Call of Juarez.LNK = C:\Program Files\Ubisoft\Techland\Call of Juarez\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
QUOTE (FloggedSynapse @ Feb 1 2007, 23:26) 
(...)
The entry of MSN Messenger in Windows is "msnmsgr.exe",you can fix with sure this two entrys.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Ever when apear file missing you can fix the entrys, these entrys can be used by hijacks....
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
And the last One[can be the guilty by the sounds that you heard]:
O11 - Options group: [INTERNATIONAL] International*
QUOTE (Diow @ Feb 1 2007, 20:52)
QUOTE (FloggedSynapse @ Feb 1 2007, 23:26)
(...)
The entry of MSN Messenger in Windows is "msnmsgr.exe",you can fix with sure this two entrys.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Ever when apear file missing you can fix the entrys, these entrys can be used by hijacks....
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
And the last One[can be the guilty by the sounds that you heard]:
O11 - Options group: [INTERNATIONAL] International*
Thank you!!! (and everyone else)
I tried to 'fix' these items using hijackthis, but I'm still getting harassed.
Is there some low-level way to track access to the audio device?
I'd say that Winamp is your problem. I used to be a fan of Winamp until I received spyware that opened Nullsoft's website. I also experienced those sounds every half-hour that you describe, only mine came from the Nullsoft pop-ups. You didn't describe that but I don't trust Winamp anymore. Also, I don't trust Azureus.
These are entries I remove from other's computers and they never even notice the difference:
Also, I suggest you install CCleaner. Set it to delete ALL files it deems necessary in "Cleaner Settings", and make sure you remember all your passwords to your websites. Then run a complete issues scan and remove all issues on your computer. You will have to run that three or four times. You need not set it to delete all your needless files again.
[Edit] As a replacement: FooBar2000 for music and VLC for videos.
These are entries I remove from other's computers and they never even notice the difference:
CODE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
Also, I suggest you install CCleaner. Set it to delete ALL files it deems necessary in "Cleaner Settings", and make sure you remember all your passwords to your websites. Then run a complete issues scan and remove all issues on your computer. You will have to run that three or four times. You need not set it to delete all your needless files again.
[Edit] As a replacement: FooBar2000 for music and VLC for videos.
C:\WINDOWS\ALCXMNTR.EXE 
Fix this one! Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers.
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEFix this one! Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
The audio drivers apparently include some evil spyware. But it's unlikely that fixing these two entries will solve your actual problem.
I guess that some event is automatically triggered from time to time that causes Windows to play the mentioned sound back. Did you check the "Program Events" list under "System Control/Sounds and Audio Devices/Sounds" (might slightly differ on your machine, I'm just translating the German version's contents) for any new sounds that were activated by a program you had recently installed on your machine?
Nullsoft did quite a good job at fixing security issues in the past (judging by the version history). To make sure nothing nasty happens select "Not connected to the Internet" and block Winamp's internet access via a firewall, at least I for my part do so since I don't have any use for its online features anyway. I've been using Winamp for around 6 years now and I'm still happy with this audio player. Not quite sure how you got that spyware thing.
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
The audio drivers apparently include some evil spyware. But it's unlikely that fixing these two entries will solve your actual problem.
I guess that some event is automatically triggered from time to time that causes Windows to play the mentioned sound back. Did you check the "Program Events" list under "System Control/Sounds and Audio Devices/Sounds" (might slightly differ on your machine, I'm just translating the German version's contents) for any new sounds that were activated by a program you had recently installed on your machine?
QUOTE
I'd say that Winamp is your problem. I used to be a fan of Winamp until I received spyware that opened Nullsoft's website. I also experienced those sounds every half-hour that you describe, only mine came from the Nullsoft pop-ups. You didn't describe that but I don't trust Winamp anymore. Also, I don't trust Azureus.
Nullsoft did quite a good job at fixing security issues in the past (judging by the version history). To make sure nothing nasty happens select "Not connected to the Internet" and block Winamp's internet access via a firewall, at least I for my part do so since I don't have any use for its online features anyway. I've been using Winamp for around 6 years now and I'm still happy with this audio player. Not quite sure how you got that spyware thing.
QUOTE (SamHain86 @ Feb 2 2007, 15:30)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
I've found that NeroCheck is a "good" program to have run at startup, it corrects cases where evil software has messed up your CD drivers (Games with starforce, iTunes, etc.) rendering the drive unusable.
I've had this too.. Turned out it was the search function of the explorer windows.. If I search I get the little helpful doggy at the bottom of the window, then every once in a while I get the swishing sound from him.. It's always hidden so I've no idea what he does at this time, but he does somethinh.. Oh just seen it now (I opened it to just check) and he scratches his ear 
Spent ages wondering what this noise was at first
Spent ages wondering what this noise was at first
QUOTE (SamHain86 @ Feb 2 2007, 00:30)
I'd say that Winamp is your problem. I used to be a fan of Winamp until I received spyware that opened Nullsoft's website. I also experienced those sounds every half-hour that you describe, only mine came from the Nullsoft pop-ups. You didn't describe that but I don't trust Winamp anymore. Also, I don't trust Azureus.
These are entries I remove from other's computers and they never even notice the difference:
Also, I suggest you install CCleaner. Set it to delete ALL files it deems necessary in "Cleaner Settings", and make sure you remember all your passwords to your websites. Then run a complete issues scan and remove all issues on your computer. You will have to run that three or four times. You need not set it to delete all your needless files again.
[Edit] As a replacement: FooBar2000 for music and VLC for videos.
These are entries I remove from other's computers and they never even notice the difference:
CODE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
Also, I suggest you install CCleaner. Set it to delete ALL files it deems necessary in "Cleaner Settings", and make sure you remember all your passwords to your websites. Then run a complete issues scan and remove all issues on your computer. You will have to run that three or four times. You need not set it to delete all your needless files again.
[Edit] As a replacement: FooBar2000 for music and VLC for videos.
Removing these entrys you are making these programs don't start up with windows, making more fast the initializing of windows , if someone think that is not necessary these programs startin' up with windows can fix them.....
At the suggestion rridgely @ ccforums I ran a 'kaspersky' scan. It took a long time, but I appear to have some sort of tojan - my symantec antivirus is infected with 'Trojan.Win32.Agent.vg'. LOL! Any suggestions on what to do. Good grief.
Here's the output from kaspersky, in case anyone has a clue.
(...)
I know this is getting OT, but I'm desperate.
Here's the output from kaspersky, in case anyone has a clue.
(...)
I know this is getting OT, but I'm desperate.
Your Symantec anti-virus app is not infected.
"Quarantine" is the directory where your AV stores infected files, and this directory is not scanned, of course. Just open the control program of your AV and delete all files in the Quarantine if this bothers you.
Back to your problem: it's probably what m00 said. The annoying dog of the Explorer search. Right-click that bastard and make him leave for good.
QUOTE
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B600000.VBN Infected: Trojan.Win32.Agent.vg skipped
"Quarantine" is the directory where your AV stores infected files, and this directory is not scanned, of course. Just open the control program of your AV and delete all files in the Quarantine if this bothers you.
Back to your problem: it's probably what m00 said. The annoying dog of the Explorer search. Right-click that bastard and make him leave for good.
Anti-virus can (as far as I know) often give false positives when scanning the files of other anti-virus, since they have virus patterns, to identify virus.
However if you really think you got something, I'd recommend a format and re-installation. You can never be sure that you got it all removed. Especially if it's a sneaky virus/trojan/worm, which something that infects anti-virus programs definitely can be classified as.
May I recommend an OS which isn't a virtual magnet for malware?
However if you really think you got something, I'd recommend a format and re-installation. You can never be sure that you got it all removed. Especially if it's a sneaky virus/trojan/worm, which something that infects anti-virus programs definitely can be classified as.
May I recommend an OS which isn't a virtual magnet for malware?
@abasher: That's nonsense. I clearly said that the file that was detected is in a Quarantine directory. This means it has already been detected before by his anti-virus app. It's not a threat anymore unless he does something really stupid: deactivate his on-demand virus scanner, rename the file and execute it.
Extension - VBN: Norton Corporate Anti-Virus Quarantined File
http://filext.com/detaillist.php?extdetail=VBN
Extension - VBN: Norton Corporate Anti-Virus Quarantined File
http://filext.com/detaillist.php?extdetail=VBN
QUOTE (abasher @ Feb 2 2007, 10:08)
May I recommend an OS which isn't a virtual magnet for malware?
Agreed. Linux is looking better and better.
The Kaspersky log is not showing that your system is infected... don't get paranoid over a quarantined trojan. It won't help you with your current problem.
On topic: Have tried what m00 said yet?
On topic: Have tried what m00 said yet?
QUOTE (Fandango @ Feb 2 2007, 10:31)
The Kaspersky log is not showing that your system is infected... don't get paranoid over a quarantined trojan. It won't help you with your current problem.
On topic: Have tried what m00 said yet?
On topic: Have tried what m00 said yet?
Yes. I also powercycled my computer for the first time in ... well many days.
Want to thank everyone for their help. So far I haven't been afflicted with the weird noises.
I'll just have to wait and see. I hate getting my ears raped.Diow - what were those options you advised I check in hijackthis? There were the windows messenger ones, as well as O11 International thingie. Do you have any additional info on these?
QUOTE (FloggedSynapse @ Feb 2 2007, 17:50)
QUOTE (Fandango @ Feb 2 2007, 10:31)
The Kaspersky log is not showing that your system is infected... don't get paranoid over a quarantined trojan. It won't help you with your current problem.
On topic: Have tried what m00 said yet?
Yes. I also powercycled my computer for the first time in ... well many days.
Want to thank everyone for their help. So far I haven't been afflicted with the weird noises.
I'll just have to wait and see. I hate getting my ears raped.Diow - what were those options you advised I check in hijackthis? There were the windows messenger ones, as well as O11 International thingie. Do you have any additional info on these?
Just to test.. Open a folder on your machine, and then select the search function with the little doggy and see if it make the same noise you were hearing before when he scratches his ear...
QUOTE (m00 @ Feb 2 2007, 10:54)
Just to test.. Open a folder on your machine, and then select the search function with the little doggy and see if it make the same noise you were hearing before when he scratches his ear...
Damn, this is really embarassing. You know I think it was the doggie. At least if his scratching is random that's what it was. Sometimes I'd get a few scratches in row. Now I feel stoopid.
Well, I learned some new things. And I ran ccleaner and got rid of close to 200 megs of unused goo.
I think hearing is a more intimate sense than seeing. Audio blurts and 'popups' annoy me more than the visual ones. The ears are always open.
Again, thanks for all the help.
Flash ads with sound are surely one of the most vicious things that have been invented in the last couple of years...
And I'm also glad you got rid of the dog. At last.
And I'm also glad you got rid of the dog. At last.
QUOTE (Fandango @ Feb 2 2007, 17:14)
@abasher: That's nonsense. I clearly said that the file that was detected is in a Quarantine directory. This means it has already been detected before by his anti-virus app. It's not a threat anymore unless he does something really stupid: deactivate his on-demand virus scanner, rename the file and execute it.
In retrospect, yes, it might have been nonsense. But your comment was posted while I was writing mine and I did just read what FloggedSynapse wrote, not all the log.
Regarding my statement, it isn't general nonsense [ref. 1,...couldn't find any more right now], just in the context.
Glad that it turned out for the better, FloggedSynapse.
QUOTE (abasher @ Feb 2 2007, 20:19)
In retrospect, yes, it might have been nonsense. But your comment was posted while I was writing mine and I did just read what FloggedSynapse wrote, not all the log.
Alright, I see. I take back what I said.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.