Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Soundmix.exe

Started by Flegias , May 22 2009 01:51 AM

  • Please log in to reply

#1
Flegias
Posted 22 May 2009 - 01:51 AM

Flegias

    Member

  • Member
  • PipPip
  • 32 posts
Hello!
You already cleaned my pcs many times! I'm sure you will successfully do another time.


Kaspersky AV detect soundmix.exe as a trojan but it isn't able to disinfect it.

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.45.37, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\ArchestrA\aaLogger.exe
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\File comuni\ArchestrA\NTServApp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\EzButton\CPLDBL10.EXE
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe
F:\Common\S7ubtoox\s7ubtstx.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\soundmix.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\XIPDRV.exe
C:\Programmi\File comuni\ArchestrA\slssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\usbconsole.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Common\Sqlany\dbsrv50.exe
F:\Common\Sqlany\dbclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 61.129.115.198 www.xldd.com
O1 - Hosts: 61.129.115.198 www.ojiang.com
O1 - Hosts: 61.129.115.198 www.shuixian.net
O1 - Hosts: 61.129.115.198 www.xlarea.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Programmi\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [FLIR Systems Camera Monitor] "C:\Programmi\FLIR Systems\Device Drivers\T3Mon.exe"
O4 - HKLM\..\Run: [S7UB Start] "F:\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [soundmix] C:\WINDOWS\system32\soundmix.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - F:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} (CrazyTalk4 Control) - http://plug-in.reall.../CrazyTalk4.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1235735312031
O16 - DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} (TVSLiveControl Class) - http://217.133.17.20...l/webViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0693CDD4-F05E-4F02-BB6F-51B84BE39957}: NameServer = 151.99.125.1
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\aaLogger.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Programmi\File comuni\ArchestrA\NTServApp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MobiLink IILServer - Novatel Wireless, Inc. - C:\Programmi\Novatel Wireless\MobiLink\iilserver.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - F:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\slssvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Programmi\FLIR Systems\Device Drivers\T3Srv.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Programmi\File comuni\ArchestrA\wwnetdde.exe
O23 - Service: Xway TCP/IP (XipConnect) - Schneider Automation - C:\WINDOWS\system32\XipConnect.exe

--
End of file - 8940 bytes
  • 0

Advertisements

#2
kahdah
Posted 07 June 2009 - 11:32 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Flegias

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP