PDA

View Full Version : My computer's speakers are talking? o.o


Dark Lugia 2
10-09-08, 18:22
They're playing random sounds such as a 5 second guitar solo and a 10 second man talking... I've scanned with AVG and removed any viruses and the problem is still here :( could anyone help?

spikejones
10-09-08, 19:02
check your sound profiles:
control panel -> sounds and audio devices -> sounds tab. see if something is set in there for different actions etc.

also check your task manager to see if there is something running that may be doing this. AV scans dont get everthing all the time so you might want to post a report of ardiag (http://www.tombraiderhub.com/download/ardiag.exe)

touchthesky
10-09-08, 19:11
It could be an internet pop up that hasn't stopped..soo many times I've clicked out of myspace and I still hear

"I called her on the phone
lalallala"

gr.

Lavinder
10-09-08, 19:43
They may be picking up random radio interference :).

Dark Lugia 2
10-09-08, 20:07
^ That was sarcasm right?

Thanks Guys, heres the report spikejones:


---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"afisicx Settings storage service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
afisicx
Program path & name:
c:\windows\system32\afisicx.exe"
Enabled: [V]


Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"AVG Alert Manager"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7Alrt
Program path & name:
"c:\program files\grisoft\avg free\avgamsvr.exe"
Enabled: [V]


Program:
"AVG Update Service"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7UpdSvc
Program path & name:
"c:\program files\grisoft\avg free\avgupsvc.exe"
Enabled: [V]


Program:
"AVG E-Mail Scanner"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AVGEMS
Program path & name:
"c:\program files\grisoft\avg free\avgemc.exe"
Enabled: [V]


Program:
"Manages bluetooth hardware and provides bluetooth functions."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BlueSoleilCS
Program path & name:
c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe"
Enabled: [V]


Program:
"Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence
Publisher:
so that users can discover and use those services without any unnecessary manual setup or administration."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Not verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"gusvc"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
gusvc
Program path & name:
"c:\program files\google\common\google updater\googleupdaterservice.exe"
Enabled: [V]


Program:
"mabidwe Settings storage service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mabidwe
Program path & name:
c:\windows\system32\mabidwe.exe"
Enabled: [V]


Program:
"noytcyr Co. Ltd."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
noytcyr
Program path & name:
c:\windows\system32\noytcyr.exe"
Enabled: [V]


Program:
"roytctm Manages messages"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
roytctm
Program path & name:
c:\windows\system32\roytctm.exe"
Enabled: [V]


Program:
"控制系统安全设置和配置。"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
seiuctol
Program path & name:
File not found: zordisa.dll"
Enabled: [V]


Program:
"soxpeca Corporation inc."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
soxpeca
Program path & name:
c:\windows\system32\soxpeca.exe"
Enabled: [V]


Program:
"SoundMAX SpeakerMonitor service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
spkrmon
Program path & name:
c:\program files\analog devices\soundmax\spkrmon.exe"
Enabled: [V]


Program:
"Loads files to memory for later printing."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Spooler
Program path & name:
File not found: C:\WINDOWS\system32\spoolsv.exe"
Enabled: [V]


Program:
"tdydowkc Portable Media Serial Service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
tdydowkc
Program path & name:
c:\windows\system32\tdydowkc.exe"
Enabled: [V]


Program:
"wsldoekd Co. Ltd."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wsldoekd
Program path & name:
c:\windows\system32\wsldoekd.exe"
Enabled: [V]


Program:
"Andrea Audio Stub Driver"
Publisher:
"(Not verified) Andrea Electronics Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aeaudio
Program path & name:
"c:\windows\system32\drivers\aeaudio.sys"
Enabled: [V]


Program:
"AEGIS Protocol (IEEE 802.1x) v3.0.0.5"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AegisP
Program path & name:
File not found: system32\DRIVERS\AegisP.sys"
Enabled: [V]


Program:
"AVG Scanning Engine"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7Core
Program path & name:
"c:\windows\system32\drivers\avg7core.sys"
Enabled: [V]


Program:
"AVG Resident Shield Unload Helper"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7RsW
Program path & name:
"c:\windows\system32\drivers\avg7rsw.sys"
Enabled: [V]


Program:
"AVG Resident Anti-Virus Shield"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7RsXP
Program path & name:
"c:\windows\system32\drivers\avg7rsxp.sys"
Enabled: [V]


Program:
"AVG7 Clean Driver"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgClean
Program path & name:
"c:\windows\system32\drivers\avgclean.sys"
Enabled: [V]


Program:
"AVG Network connection watcher"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgTdi
Program path & name:
"c:\windows\system32\drivers\avgtdi.sys"
Enabled: [V]


Program:
"Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver."
Publisher:
"(Not verified) Broadcom Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
b57w2k
Program path & name:
"c:\windows\system32\drivers\b57xp32.sys"
Enabled: [V]


Program:
"PCAUSA NDIS 5.0 SPR Protocol Driver"
Publisher:
"(Not verified) Printing Communications Assoc. Inc. (PCAUSA)"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BRGSp50
Program path & name:
"c:\windows\system32\drivers\brgsp50.sys"
Enabled: [V]


Program:
"BUFFALO Wireless Network Adapter Manager"
Publisher:
"(Not verified) BUFFALO INC."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BUFADPT
Program path & name:
"c:\windows\system32\bufadpt.sys"
Enabled: [V]


Program:
"CD DVD Filter"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]


Program:
"HSF_HWB2 WDM driver"
Publisher:
"(Not verified) Conexant Systems Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
HSFHWBS2
Program path & name:
"c:\windows\system32\drivers\hsfhwbs2.sys"
Enabled: [V]


Program:
"HSF_DP driver"
Publisher:
"(Not verified) Conexant Systems Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
HSF_DP
Program path & name:
"c:\windows\system32\drivers\hsf_dp.sys"
Enabled: [V]


Program:
"Intel Graphics Miniport Driver"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ialm
Program path & name:
"c:\windows\system32\drivers\ialmnt5.sys"
Enabled: [V]


Program:
"Diagnostic Interface DRIVER"
Publisher:
"(Not verified) Conexant"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mdmxsdk
Program path & name:
"c:\windows\system32\drivers\mdmxsdk.sys"
Enabled: [V]


Program:
"Motive NDIS 5.0 Protocol Driver"
Publisher:
"(Not verified) Motive Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MRENDIS5
Program path & name:
"c:\program files\common files\motive\mrendis5.sys"
Enabled: [V]


Program:
"Nokia USB Phone Bus Driver"
Publisher:
"(Not verified) Nokia"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nmwcd
Program path & name:
"c:\windows\system32\drivers\nmwcd.sys"
Enabled: [V]


Program:
"Nokia USB Phone Generic Client"
Publisher:
"(Not verified) Nokia"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nmwcdc
Program path & name:
"c:\windows\system32\drivers\nmwcdc.sys"
Enabled: [V]


Program:
"Nokia USB Phone Modem Client"
Publisher:
"(Not verified) Nokia"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nmwcdcj
Program path & name:
"c:\windows\system32\drivers\nmwcdcj.sys"
Enabled: [V]


Program:
"Nokia USB Phone Modem Client"
Publisher:
"(Not verified) Nokia"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nmwcdcm
Program path & name:
"c:\windows\system32\drivers\nmwcdcm.sys"
Enabled: [V]


Program:
"Sample Driver for Ralink 802.11g Wireless USB Adapters"
Publisher:
"(Not verified) Ralink Technology Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RT25USBAP
Program path & name:
"c:\windows\system32\drivers\rt25usbap.sys"
Enabled: [V]


Program:
"Sony Ericsson Device 039 Driver Driver"
Publisher:
"(Not verified) MCCI"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SE27bus
Program path & name:
"c:\windows\system32\drivers\se27bus.sys"
Enabled: [V]


Program:
"Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)"
Publisher:
"(Not verified) MCCI"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SE27mgmt
Program path & name:
"c:\windows\system32\drivers\se27mgmt.sys"
Enabled: [V]


Program:
"SoundMAX Integrated Digital Audio "
Publisher:
"(Not verified) Analog Devices Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
smwdm
Program path & name:
"c:\windows\system32\drivers\smwdm.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
STV680
Program path & name:
File not found: system32\drivers\STV680.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMIDSCO
Program path & name:
File not found: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys"
Enabled: [V]


Program:
"Windows CE USB Serial Host"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wceusbsh
Program path & name:
"c:\windows\system32\drivers\wceusbsh.sys"
Enabled: [V]


Program:
"HSF_CNXT driver"
Publisher:
"(Not verified) Conexant Systems Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
winachsf
Program path & name:
"c:\windows\system32\drivers\hsf_cnxt.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ypxlp
Program path & name:
File not found: system32\drivers\ypxlp.sys"
Enabled: [V]


Program:
"ZD1211B 802.11 b+g USB LAN Driver"
Publisher:
"(Not verified) ZyDAS Technology Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ZD1211BU(ZyDAS)
Program path & name:
"c:\windows\system32\drivers\zd1211bu.sys"
Enabled: [V]


Program:
"PCAUSA NDIS 5.0 SPR Protocol Driver"
Publisher:
"(Not verified) Printing Communications Assoc. Inc. (PCAUSA)"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ZDPSp50
Program path & name:
"c:\windows\system32\drivers\zdpsp50.sys"
Enabled: [V]


Program:
"igfxsrvc Module"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
igfxcui
Program path & name:
"c:\windows\system32\igfxsrvc.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
winhwc32
Program path & name:
File not found: winhwc32.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
xxyaxwx
Program path & name:
File not found: xxyaxwx.dll"
Enabled: [V]


Program:
"BsMonSvr"
Publisher:
"(Not verified) IVT Corporation."
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
BlueSoleil Print Port
Program path & name:
"c:\windows\system32\bsmonsvr.dll"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Computer Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]


Program:
"My Search Bar"
Publisher:
"(Not verified) My Search"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
My Search BHO
Program path & name:
"c:\program files\mysearch\bar\1.bin\s4bar.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Yahoo! Toolbar Helper
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
"Ask.com Search Assistant"
Publisher:
"(Verified) IAC"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Ask Search Assistant BHO
Program path & name:
"c:\program files\asksbar\srchastt\1.bin\a2srchas.dll"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Yahoo! IE Services"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Yahoo! IE Services Button
Program path & name:
"c:\program files\yahoo!\common\yiesrvc.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_03\bin\ssv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{930D35D2-094D-41B9-8E89-D1B76F2C6E97}
Program path & name:
File not found: C:\WINDOWS\system32\xxyaxwx.dll"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\2.1.1119.1736\s wg.dll"
Enabled: [V]


Program:
"Ask Toolbar"
Publisher:
"(Verified) IAC"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Ask Toolbar BHO
Program path & name:
"c:\program files\asksbar\bar\1.bin\asksbar.dll"
Enabled: [V]


Program:
"YSidebarIEBHO Module"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SidebarAutoLaunch Class
Program path & name:
"c:\program files\yahoo!\browser\ysidebariebho.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IE.Filter
Program path & name:
File not found: C:\WINDOWS\system32\ieflt.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
xxyaxwx.dll
Program path & name:
File not found: C:\WINDOWS\system32\xxyaxwx.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG7 Shell Extension
Program path & name:
"c:\program files\grisoft\avg free\avgse.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG7 Find Extension
Program path & name:
"c:\program files\grisoft\avg free\avgse.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
7-Zip Shell Extension
Program path & name:
c:\program files\7-zip\7-zip.dll"
Enabled: [V]


Program:
"YMMAPI Module"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Yahoo! Mail
Program path & name:
"c:\program files\yahoo!\common\ymmapi.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
"Ask.com Search Assistant"
Publisher:
"(Verified) IAC"
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
a2srchas.dll
Program path & name:
"c:\program files\asksbar\srchastt\1.bin\a2srchas.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
"My Search Bar"
Publisher:
"(Not verified) My Search"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
s4bar.dll
Program path & name:
"c:\program files\mysearch\bar\1.bin\s4bar.dll"
Enabled: [V]


Program:
"Ask Toolbar"
Publisher:
"(Verified) IAC"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
asksbar.dll
Program path & name:
"c:\program files\asksbar\bar\1.bin\asksbar.dll"
Enabled: [V]



Thanks for offering to help btw, thats one biiig code o.o

and theres no sounds for any actions.


I think that could be it touchthesky :eek: Needs a cure

spikejones
10-09-08, 21:00
Use Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) to kill/disable the following:
(directions for the program are on the webiste)

Program:
"noytcyr Co. Ltd."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
noytcyr
Program path & name:
c:\windows\system32\noytcyr.exe"
Enabled: [V] --- TROJAN!!, kill it


Program:
"roytctm Manages messages"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
roytctm
Program path & name:
c:\windows\system32\roytctm.exe"
Enabled: [V] --- UNSAFE!! kill it


Program:
"控制系统安全设置和配置。"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
seiuctol
Program path & name:
File not found: zordisa.dll"
Enabled: [V] --- Same!! kill it


Program:
"soxpeca Corporation inc."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
soxpeca
Program path & name:
c:\windows\system32\soxpeca.exe"
Enabled: [V] --- Same!! kill it


Program:
"SoundMAX SpeakerMonitor service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
spkrmon
Program path & name:
c:\program files\analog devices\soundmax\spkrmon.exe"
Enabled: [V] --- mixed reports on this one, test to see if you really need it (disable only at first)


Program:
"tdydowkc Portable Media Serial Service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
tdydowkc
Program path & name:
c:\windows\system32\tdydowkc.exe"
Enabled: [V] --- TROJAN!! kill it


Program:
"wsldoekd Co. Ltd."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wsldoekd
Program path & name:
c:\windows\system32\wsldoekd.exe"
Enabled: [V] --- TROJAN!! kill it


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
STV680
Program path & name:
File not found: system32\drivers\STV680.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMIDSCO
Program path & name:
File not found: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ypxlp
Program path & name:
File not found: system32\drivers\ypxlp.sys"
Enabled: [V]


Program:
"ZD1211B 802.11 b+g USB LAN Driver"
Publisher:
"(Not verified) ZyDAS Technology Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ZD1211BU(ZyDAS)
Program path & name:
"c:\windows\system32\drivers\zd1211bu.sys"
Enabled: [V] --- Spyware!! kill it


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
winhwc32
Program path & name:
File not found: winhwc32.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
xxyaxwx
Program path & name:
File not found: xxyaxwx.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: about:Home"
Enabled: [V]


Program:
"My Search Bar"
Publisher:
"(Not verified) My Search"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
My Search BHO
Program path & name:
"c:\program files\mysearch\bar\1.bin\s4bar.dll"
Enabled: [V] --- spyware search bar.. you should uninstall this as well


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{930D35D2-094D-41B9-8E89-D1B76F2C6E97}
Program path & name:
File not found: C:\WINDOWS\system32\xxyaxwx.dll"
Enabled: [V]


Program:
"Ask Toolbar"
Publisher:
"(Verified) IAC"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Ask Toolbar BHO
Program path & name:
"c:\program files\asksbar\bar\1.bin\asksbar.dll"
Enabled: [V] --- consider if you need this as it can cause popups.


Program:
"Ask.com Search Assistant"
Publisher:
"(Verified) IAC"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Ask Search Assistant BHO
Program path & name:
"c:\program files\asksbar\srchastt\1.bin\a2srchas.dll"
Enabled: [V] --- same as above


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IE.Filter
Program path & name:
File not found: C:\WINDOWS\system32\ieflt.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
xxyaxwx.dll
Program path & name:
File not found: C:\WINDOWS\system32\xxyaxwx.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"Ask.com Search Assistant"
Publisher:
"(Verified) IAC"
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
a2srchas.dll
Program path & name:
"c:\program files\asksbar\srchastt\1.bin\a2srchas.dll"
Enabled: [V] --- consider if you need this as it can cause popups.


Program:
"My Search Bar"
Publisher:
"(Not verified) My Search"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
s4bar.dll
Program path & name:
"c:\program files\mysearch\bar\1.bin\s4bar.dll"
Enabled: [V] --- spyware search bar.. you should uninstall this as well


Program:
"Ask Toolbar"
Publisher:
"(Verified) IAC"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
asksbar.dll
Program path & name:
"c:\program files\asksbar\bar\1.bin\asksbar.dll"
Enabled: [V] --- consider if you need this as it can cause popups.


I recommend you to get spybot search and destroy (http://www.safer-networking.org/en/mirrors/index.html) (free application) to search for and remove spyware threats in the future.

Lavinder
10-09-08, 21:27
^ That was sarcasm right?



Not really, I had this problem before - all of a sudden I would hear music or radio voices :p.

EscondeR
11-09-08, 06:02
Kill also those:


Program:
"afisicx Settings storage service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
afisicx
Program path & name:
c:\windows\system32\afisicx.exe"
Enabled: [V] - Spyware!


Program:
"gusvc"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
gusvc
Program path & name:
"c:\program files\google\common\google updater\googleupdaterservice.exe"
Enabled: [V]


Program:
"mabidwe Settings storage service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mabidwe
Program path & name:
c:\windows\system32\mabidwe.exe"
Enabled: [V] - Spyware!

Program:
"SoundMAX SpeakerMonitor service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
spkrmon
Program path & name:
c:\program files\analog devices\soundmax\spkrmon.exe"
Enabled: [V] - KILL for sure, it has no signature


Program:
"Loads files to memory for later printing."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Spooler
Program path & name:
File not found: C:\WINDOWS\system32\spoolsv.exe"
Enabled: [V]


Program:
"AEGIS Protocol (IEEE 802.1x) v3.0.0.5"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AegisP
Program path & name:
File not found: system32\DRIVERS\AegisP.sys"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Yahoo! Toolbar Helper
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
"Yahoo! IE Services"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Yahoo! IE Services Button
Program path & name:
"c:\program files\yahoo!\common\yiesrvc.dll"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\2.1.1119.1736\s wg.dll"
Enabled: [V]


Program:
"YSidebarIEBHO Module"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SidebarAutoLaunch Class
Program path & name:
"c:\program files\yahoo!\browser\ysidebariebho.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IE.Filter
Program path & name:
File not found: C:\WINDOWS\system32\ieflt.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
xxyaxwx.dll
Program path & name:
File not found: C:\WINDOWS\system32\xxyaxwx.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]

Dark Lugia 2
11-09-08, 19:24
Not really, I had this problem before - all of a sudden I would hear music or radio voices :p.

Ooo that sounds like mine, thanks for replying :D

and thanks guys, i'll try this right away :D

edit:

Ooo, it it normal to not be able to find some of the files? i've deleted quite a few, but couldnt find the n/a's and some yahoo/others, trying spyware now

thanks again :D

spikejones
11-09-08, 20:40
for those that are listed as spyware/unsafe/malware/trojan etc... follow the path that is listed in the report and DELETE those files (do in safe mode).

if file access is locked, you may need to use something like Unlocker (http://ccollomb.free.fr/unlocker/) or use command lines to remove the read only attribute:

example:

attrib -r c:\windows\system32\afisicx.exe
del c:\windows\system32\afisicx.exe
attrib -r c:\windows\system32\mabidwe.exe
del c:\windows\system32\mabidwe.exe
attrib -r c:\program files\analog devices\soundmax\spkrmon.exe
del c:\program files\analog devices\soundmax\spkrmon.exe
attrib -r c:\windows\system32\noytcyr.exe
del c:\windows\system32\noytcyr.exe
attrib -r c:\windows\system32\roytctm.exe
del c:\windows\system32\roytctm.exe
attrib -r c:\windows\system32\soxpeca.exe
del c:\windows\system32\soxpeca.exe
attrib -r c:\windows\system32\tdydowkc.exec:\windows\system3 2\tdydowkc.exe
del c:\windows\system32\tdydowkc.exec:\windows\system3 2\tdydowkc.exe
attrib -r c:\windows\system32\wsldoekd.exe
del c:\windows\system32\wsldoekd.exe
attrib -r c:\windows\system32\drivers\zd1211bu.sys
del c:\windows\system32\drivers\zd1211bu.sys
attrib -r c:\program files\mysearch\bar\1.bin\s4bar.dll
del c:\program files\mysearch\bar\1.bin\s4bar.dll
attrib -r c:\program files\mysearch\bar\1.bin\s4bar.dll
del c:\program files\mysearch\bar\1.bin\s4bar.dll
exit


in fact, you can copy that text to notepad. go to file -> save as -> name it "clean.bat" -> make sure to set the file type to "all" otherwise it will not save properly.

double click the icon for clean.bat and it should remove the read only attribute (if any) on the files, then it will delete them. It will go through them one at a time, then it will exit the shell when finished. You could then run another report of ardiag and check to see if the "Enabled" attribute has a check [V] next to it as well as if it says "file not found". If it says "file not found" then it was successfully cleaned (deleted).


edit:

in autoruns to hide some valid MS stuff:
options -> hide signed microsoft entries
options -> verify code signature
file -> refresh (or just press F5 button)

wadej88
13-09-08, 04:49
It could be your sound card software?

like when your doing your tests to see what works or not it could still be looping in the background?

EscondeR
13-09-08, 10:49
^ No way.

spikejones
14-09-08, 07:03
:rolleyes:
tis not a hardware nor driver issue.

is most likely one of the many spyware/adware/malware/trojan applications the person had running.

now there was something mentioned about the possibility of interference being picked up in the form of radio broadcasts or telephone conversations. I wouldn't discount that, but it is not as likely as it being malware related. especially considering the frequency of the occurrences and the fact that it was not sustained. sometimes you have to apply some deductive reasoning to these things.

ill give you a heads up though for future reference considering that you are new to the forums.. Esconder knows a pretty good bit of stuff about computers, so when he says something its generally correct. I know a good bit about some stuff myself, not nearly so much so as Esconder, but enough to work my way around things and to solve the more common problems as well as a bit that aren't as common.

Dark Lugia 2
14-09-08, 11:25
Sorry I haven't replied in a while, haven't been able to do this but now I have! (In safe mode as well hehe)

The spy ware program usually said "user aborted" halfway through and found alot of results (but I had no option to delete :p )

So i've gone through both of your lists and deleted those files, about 3 had no paths but the rest were done (thanks for the unlocker also! works like a charm :D )

Hopefully every things gone! gonna exit safe mode now and spy ware test once more :D thanks again guys!

EDIT:

So far so good, I've only found one thing (a key logger) as opposed to the *many* from previous attempts, the test is about 1/8 through
hopefully there wont be anything still on the comp to *abort* the test :p

EDIT:

Aw =[ 14 things found by spyware protect thingy, even after deleting those other files =[ some have come from the deleted files? o.0 like mywebsearch

Dark Lugia 2
14-09-08, 16:37
Ooo, I deleted 78 of 80 problems from spyware destroy :eek: the last 2 are from myway.mywebsearch and deny removal:
"Some problems couldnt be fixed; the reason could be that the associated files are still in use (memory). This could be fixed after startup."
I've restarted and the same message appears :o

quarrystile
14-09-08, 16:55
mywebsearch .... I had problems with that sometime ago.
If I remember correctly, I ran spybot, search and destroy. It found it and killed it.
Are you using this already?

Edit .... homepage

Spybot homepage (http://www.spybot.info/index2.html)

Dark Lugia 2
14-09-08, 17:03
Tyhanks for your input! but I'm already using it, mywesearch wont destroy unfortunatly :o i'm gonna have another go at tracking it down by its path and killing it there (LOl)

Edit, yaaay it worked :D woo! now, final scan please (and hopefully no more sounds >.> :p )

quarrystile
14-09-08, 17:11
.... spyware destroy ....


Aha, I thought this was something different than spybot. :o
Anyway, I found this ......http://answers.yahoo.com/question/index?qid=20071215145741AA4Aqz8
Might be worth reading all the posts there. good luck


EDIT .... you fixed it !! CONGRATS !!!! :yah:

Dark Lugia 2
14-09-08, 17:45
Haha thats ok :D and thanks for the info1
and woo! :p just need to scan again to be sure lol

spikejones
14-09-08, 18:37
just to let you know, spybot search and destroy will also find things like tracking cookies that do not show up on your ardiag scans, so that is why it showed 80 problems.

also beware that you are not running a false syware or virus scan application as those will pretend to clean your computer but will actually ADD more stuff to it. major culprit of this is the infamous "XP antivirus 2008/2009"