Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Random IE script popup errors and radom audio playing.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Random IE script popup errors and radom audio playing.

Unread postby J003223 » April 27th, 2011, 12:45 pm

Random IE script errors on the desktop without IE running from various wesites. Unrelated (I think) I'm get random audio clips at random times regardless if any programs are running. I was watching the task mgr when one such clip played however, didn't see any additional processes start or stop.

DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by AMD DUO at 22:07:50.43 on Tue 04/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.688 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\AMD DUO\My Documents\J003223\Apps\DDS\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 1166289359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 9369520265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\amdduo~1\applic~1\mozilla\firefox\profiles\9cic1jpr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2011-4-7 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2011-4-7 5248]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2010-5-30 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-5-30 52224]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-5-30 13696]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-26 98392]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2011-04-26 22:35:02 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2011-04-26 22:35:02 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2011-04-26 22:35:02 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-04-26 22:32:28 -------- d-----w- c:\program files\CCleaner
2011-04-26 21:00:32 4 ---ha-w- C:\aaw7boot.cmd
2011-04-26 19:04:16 -------- d-----w- c:\program files\Trend Micro
2011-04-26 04:02:18 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-26 03:57:30 -------- d-----w- c:\docume~1\amdduo~1\locals~1\applic~1\Sunbelt Software
2011-04-26 03:06:16 -------- d-----w- c:\program files\Quick Web Player
2011-04-25 03:46:18 -------- d-----w- c:\docume~1\amdduo~1\applic~1\ElevatedDiagnostics
2011-04-24 21:46:13 -------- d-----w- c:\docume~1\amdduo~1\applic~1\Registry Mechanic
2011-04-24 20:55:53 -------- d-----w- c:\program files\WiseFixer
2011-04-18 07:35:10 -------- d-----w- c:\windows\Big City Adventure San Francisco
2011-04-18 07:35:09 -------- d-----w- c:\program files\Big City Adventure San Francisco
2011-04-18 07:33:44 -------- d-----w- c:\program files\Big City Adventure - Sydney Australia
2011-04-17 04:50:05 -------- d-----w- c:\docume~1\amdduo~1\applic~1\Gestalt Games
2011-04-10 08:11:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Gogii
2011-04-10 05:27:32 -------- d-----w- c:\docume~1\amdduo~1\locals~1\applic~1\JollyBear
2011-04-10 05:27:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\JollyBear
2011-04-10 04:52:52 -------- d-----w- c:\docume~1\amdduo~1\locals~1\applic~1\My Games
2011-04-08 02:21:32 -------- d-----w- c:\docume~1\amdduo~1\locals~1\applic~1\ATI
2011-04-08 01:39:05 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-08 01:38:38 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-08 01:38:14 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-08 01:38:14 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-08 01:38:14 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-08 01:38:14 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-08 01:38:14 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-04-08 01:38:14 117760 ------w- c:\windows\system32\prntvpt.dll
2011-04-08 01:38:13 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-04-08 01:38:13 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-04-08 01:29:12 -------- d-----w- C:\ATI
2011-04-08 00:59:31 -------- d-----w- c:\program files\Amnesia - The Dark Descent
2011-04-08 00:28:34 -------- d-----w- c:\docume~1\amdduo~1\locals~1\applic~1\Symantec
2011-04-08 00:26:26 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-04-08 00:26:08 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-08 00:26:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2011-04-07 21:38:26 5248 ----a-w- c:\windows\system32\drivers\d346prt.sys
2011-04-07 21:38:26 156800 ----a-w- c:\windows\system32\drivers\d346bus.sys
2011-04-07 21:38:04 -------- d-----w- c:\windows\Downloaded Installations
2011-04-07 00:12:15 -------- d-----w- c:\docume~1\amdduo~1\applic~1\GameInvest
2011-04-05 05:53:31 -------- d-----w- c:\docume~1\amdduo~1\applic~1\Top Evidence
.
==================== Find3M ====================
.
2011-03-23 22:37:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-23 22:37:33 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2006-02-28 12:00:00 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
.
============= FINISH: 22:08:19.57 ===============
You do not have the required permissions to view the files attached to this post.
J003223
Active Member
 
Posts: 5
Joined: April 26th, 2011, 3:32 pm
Advertisement
Register to Remove

Re: Random IE script popup errors and radom audio playing.

Unread postby Wingman » April 27th, 2011, 12:55 pm

Posting Logs as Attachments

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The instructions for running DDS found HERE, state how we need you to post the logs, so we can help you.

The section Logs posted as attachments explains why you should not post attachments unless the helper assisting you requests that you do so.

If you still require assistance, please start a new topic and copy and paste your DDS logs (DDS.txt and Attach.txt) and wait for a new helper. Thank you for your understanding.

This topic is now closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware