Help ><

**Criosist** · 2008-11-25 10:03

Thank you in advance for any help given in the future.

the only websites i ever use are:
Blue gartr
KI
Halifax
Uni website
FFXI encylopedia

today i have started to get chinese speaking randomly on my PC ie coming through the speakers which sounds very much like advertisements, its about 40 seconds long and goes about every1 minute i dont know how i got this but i was listening to radio 1 and i started hearing it so i closed everything and i still got it like i had 0 taskbars open but then i closed the process Iexplore and it stopped but restarted the process itself.

im scanning my PC now but worried about the integrity of my FFXI account now lol

has any1 else experienced or heard of anything like this ?

i know its running through IE but not sure how i got it yet i will edit after ive scanned

EDIT*****

Infections Found
Family Id Name Category TAI
936 Win32.Trojan.Agent Malware 10
[185555] File: c:\windows.0\system32\wmdmpmsvc.dll
[185555] Process Hash: c:\windows.0\system32\wmdmpmsvc.dll

1001 Win32.TrojanDownloader.Agent Malware 10
[216380] File: C:\WINDOWS.0\system32\sprint.dll

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Administrator\Recent Count: 155
[2] MRU Registry Key: S-1-5-21-1275210071-1563985344-839522115-500\Software\Microsoft\Search Assistant\ACMru\5603 Count: 2
[3] MRU Registry Key: S-1-5-21-1275210071-1563985344-839522115-500\Software\Microsoft\Internet Explorer\TypedURLs Count: 5

EDIT***

i believe that after deleting the above Malware that it has stopped but i am unsure as of now

(just in case any1 was wondering , yes ive been getting the crappy messages from Hugecheap in my inbox)

**The Stig** · 2008-11-25 10:06

Where do you live?

My speakers here pick up the emergency services stuff now and again (not sure how or why).

Otherwise, we'll need a Hijack log.

**Criosist** · 2008-11-25 10:07

in Kent in the United Kingdom i use realplayer to listen to radio 1 except the chinese talking still goes on after i close realplayer but has stopped since i started a scan

**Guyverarmor** · 2008-11-25 10:10

Post the Hijack scan if you can, so we can try to help a little more.

**Akucaen** · 2008-11-25 10:13

Humor me since something /kinda/ similar happens to me. Next time it starts up talking, open your task manager and see if WMP is running?

One thing it'll do sometimes is whether I'm listening to audio/video on any codec and go to close the player, the process will stay open and continue to play. I can use my keyboard controls to stop, start, and advance the playing file, but I can't see it since the visual part of the software closed (but the process remains and still playing.)

But that's not probably it.

Download Spybot Search & Destroy: (Spybot - Search & Destroy - Free software downloads and reviews - CNET Download.com) and run a full scan on your computer.
Run a scan with Windows Defender (if your version of windows isn't pirated, otherwise it won't download and install)

See if either of those turn up any results, then post back here.

**Criosist** · 2008-11-25 10:13

sorry but i dont know what a hijack log is ><

**Criosist** · 2008-11-25 10:16

Logfile of HijackThis v1.99.1
Scan saved at 16:14:51, on 25/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\PnkBstrA.exe
C:\WINDOWS.0\system32\PnkBstrB.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS.0\system32\taskmagr.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sky.com - Home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = RapidShare: Easy Filehosting
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS.0\system32\SkypeComm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: RocketDock.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - Home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1183199954991
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1183200024507
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS.0\system32\btxppanel.dll
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
O21 - SSODL: WinCfgUi - {588D0AF1-7FEE-65EA-30EF-0BC25E858974} - C:\Program Files\wxjdtr\WinCfgUi.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.0\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS.0\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

**Afrohatch** · 2008-11-25 10:17

Originally Posted by Criosist

sorry but i dont know what a hijack log is ><

Trend Micro HijackThis - Free software downloads and reviews - CNET Download.com

Hijackthis. It's a program that shows every single running application on your PC. Very effective for pinpointing and flushing problems.

**Criosist** · 2008-11-25 10:28

hmmm well im sure its stopped now although ive had a process called qrsxapez.exe that i havent been able to remove for ages lol but the chinese "Ad" has seemed to have stopped

**The Stig** · 2008-11-25 10:30

Well, before i look into it, the OP said it's stopped now, so I guess case closed?

Otherwise, a quick glance screams to me "you should reformat your PC". =(

**Mizango** · 2008-11-25 10:32

Tweak your MSconfig startups, you clearly have a chink in your setup.

**Penthesilea** · 2008-11-25 10:34

I get something strange like this, but it's a random internet radio or radio transmission. It's not being picked up by my speakers. It'll start, so I'll close explorer which kills it, then I'll get it again 5 minutes later, but it starts with the same exact thing as before. Different days it's different broadcasts. Spybot S&D doesn't find anything, and I have no idea how to read a hijack this log.

Btw, this might be better suited for technical section of the forums.

**tyven** · 2008-11-25 10:38

Originally Posted by Mizango

Tweak your MSconfig startups, you clearly have a chink in your setup.

I SEE WHAT YOU DID THERE!

Thread: Help ><

Thread Tools

Help ><

Similar Threads

WAR/NIN help plz

Ouch, Call for help on Cassie{/comfort}

Need help on money making methods

Latest Threads

Up & Coming Threads

Hottest Threads