Computer Playing Random Audio + Google Results Redirected

Hi
I am sure this only started this morning....
My computer is playing random audio to me, with no applications starting up, simply playing it in the background. On a couple of occasions it has been a kind of advert for 'sim rugby'.
Plus google search results are redirecting me to other search sites when I click on them!

I really need help as I need this laptop for an important meeting tomorrow!

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:36, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesCisco SystemsSSL VPN Clientagent.exe
C:Program FilesCiscoCisco AnyConnect VPN Clientvpnagent.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesEPSONEBAPIeEBSVC.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesGoogleUpdate1.2.183.13GoogleCrashHandler.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesSuper_DVD_Creator_9.8NMSAccessU.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesO2binsprtsvc.exe
C:Program FilesSigmaTelC-Major AudioDellXPM_5515v131WDMStacSV.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSsystem32vmnat.exe
C:Program FilesIntelWirelessBinWLKeeper.exe
C:Program FilesVMwareVMware Playervmware-authd.exe
C:WINDOWSsystem32vmnetdhcp.exe
C:WINDOWSexplorer.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesDellTPadApMsgFwd.exe
C:Program FilesDellTPadHidFind.exe
C:Program FilesDellTPadApntex.exe
C:WINDOWSsystem32ctfmon.exe
C:Program Filesinternet exploreriexplore.exe
C:Documents and Settingsalex.doyleMy DocumentsPersonalHijackThis.exe
C:Program FilesIncrediMailbinIncMail.exe
C:Program FilesIncrediMailbinIMApp.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://citrix.open.acc/
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll
O4 - HKLM..Run: [SigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMstsystra.exe
O4 - HKLM..Run: [Apoint] C:Program FilesDellTPadApoint.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [Memeo AutoBackup] C:Program FilesMemeoAutoBackupMemeoLauncher2.exe --silent
O4 - HKLM..Run: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
O4 - HKLM..Run: [VMware hqtray] "C:Program FilesVMwareVMware Playerhqtray.exe"
O4 - HKLM..Run: [EPSON Stylus CX3600 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM..Run: [EPSON Stylus CX3600 Series (Copy 1)] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9BE.EXE /P35 "EPSON Stylus CX3600 Series (Copy 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM..Run: [RoxWatchTray] "C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [O2] "C:Program FilesO2binsprtcmd.exe" /P O2
O4 - HKLM..Run: [Memeo Backup] C:Program FilesMemeoAutoBackupMemeoLauncher2.exe --silent
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [EEventManager] C:PROGRA~1EPSONS~1EVENTM~1EEventManager.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..RunOnce: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..RunOnce: [RealUpgradeHelper] "C:Program FilesCommon FilesRealUpdate_OBupgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [RealUpgradeHelper] "C:Program FilesCommon FilesRealUpdate_OBupgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'Default user')
O4 - Startup: Windows Updater.lnk = C:Documents and Settingsalex.doyleLocal SettingsTempJDstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:Program FilesAdvanced JPEG Compressorajcieex.htm
O9 - Extra button: Ãâ·Ñ¾«²ÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:windowssystem32lspueb.dll' missing
O15 - Trusted Zone: http://ebis.coa.local
O15 - Trusted Zone: http://vpn.coasolutions.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn.coasolutions.com/CACHE/stc/1/binaries/stcweb.cab
O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} (ilhtrapp Object) - http://dvrlink.net/webdvr/webdvr2.13.1.10_28.0.0.0.cab
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} (XeWare Control) - http://aylcrm01/crm/Plugin/eWarePluginX.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.coasolutions.com/CACHE/stc/2/binaries/vpnweb.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222708302796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222709889656
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} (InstallerWeb Control) - https://vpn.coasolutions.com/CACHE/sdesktop...ies/instweb.cab
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} (CSD ActiveX Installer) - https://webvpn.coasolutions.com/CACHE/sdesk...ies/instweb.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553740000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Bra...018/flashax.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://coasolutionsuk.webex.com/client/T26...bex/ieatgpc.cab
O17 - HKLMSystemCCSServicesTcpipParameters: Domain = coa.local
O17 - HKLMSoftware..Telephony: DomainName = coa.local
O17 - HKLMSystemCCSServicesTcpip..{0F573FF9-5AD4-47A2-B204-BE5C09525E9E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLMSystemCCSServicesTcpip..{A65900DF-E4D9-41C2-8FA2-5F4CDC51A74F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = coa.local
O17 - HKLMSystemCS1ServicesTcpip..{0F573FF9-5AD4-47A2-B204-BE5C09525E9E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLMSystemCS2ServicesTcpipParameters: Domain = coa.local
O17 - HKLMSystemCS2ServicesTcpip..{0F573FF9-5AD4-47A2-B204-BE5C09525E9E}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:Program FilesCommon FilesEPSONEBAPIeEBSVC.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: Google Update Service (gupdate1ca0aae388599ec) (gupdate1ca0aae388599ec) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:Program FilesSuper_DVD_Creator_9.8NMSAccessU.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:Program FilesRoxioDigital Home 9RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:Program FilesRoxioDigital Home 9RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:Program FilesO2binsprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:Program FilesSigmaTelC-Major AudioDellXPM_5515v131WDMStacSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:Program FilesCisco SystemsSSL VPN Clientagent.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:Program FilesCommon FilesSupportsoftbinssrc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:Program FilesVMwareVMware Playervmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:WINDOWSsystem32vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:Program FilesCommon FilesVMwareVMware Virtual Image Editingvmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:WINDOWSsystem32vmnat.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:Program FilesCiscoCisco AnyConnect VPN Clientvpnagent.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:Program FilesIntelWirelessBinWLKeeper.exe

--
End of file - 15332 bytes

forgot to say, I've already run MBAM too...

Merged posts. ~ OB

Edited by Orange Blossom, 23 November 2009 - 06:52 PM.

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:

• Click on the My Controls link at the top of the page to enter your control panel.
• Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
• Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
• Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with the link to this thread.

Everyone else please start a new topic.