Iexplore.exe is Running in the Background, Music and Ads Are Playing Over My Speakers - ComputerProblems.org Free Computer Support & Technology Discussion

kuma.lk · #1 (**permalink**) 04-08-2009, 01:19 AM

Hi,
I need some guidence to see if I have an "All Clear" on this problem:

iexplore.exe runs in the background, I see it in Task Manager, even when I don't have Internet Explorer 7 running and disconnected from the internet.
Also, music and ads are playing over my speakers at random. I see no processes running in Task Manager other than the suspicious iexplore.exe.

I followed the Malware Removal Guide - Please Read Before Posting.

The steps got rid of the symptoms but I am looking for an "All Clear" or further guidence. Please help...

Here are the results:

SuperAntiSpyware log:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 03/20/2009 at 02:22 PM
Application Version : 4.25.1014
Core Rules Database Version : 3807
Trace Rules Database Version: 1762
Scan type : Complete Scan
Total Scan Time : 00:40:16
Memory items scanned : 400
Memory threats detected : 0
Registry items scanned : 5596
Registry threats detected : 0
File items scanned : 76956
File threats detected : 6
Adware.Tracking Cookie
C:\Documents and Settings\corol\Cookies\corol@mediaplex[1].txt
C:\Documents and Settings\corol\Cookies\corol@serving-sys[2].txt
C:\Documents and Settings\corol\Cookies\corol@bs.serving-sys[1].txt
C:\Documents and Settings\corol\Cookies\corol@ad.yieldmanager[2].txt
C:\Documents and Settings\corol\Cookies\corol@tribalfusion[1].txt
C:\Documents and Settings\corol\Cookies\corol@atdmt[2].txt

Malwarebytes' Anti-Malware (MBAM) log:
Malwarebytes' Anti-Malware 1.34
Database version: 1878
Windows 5.1.2600 Service Pack 3
3/20/2009 2:52:31 PM
mbam-log-2009-03-20 (14-52-31).txt
Scan type: Quick Scan
Objects scanned: 71671
Time elapsed: 2 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\SYSTEM32\lowsec (Spyware.StolenData) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\SYSTEM32\lowsec\local.ds (Spyware.StolenData) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lowsec\user.ds (Spyware.StolenData) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACmqpulnxe.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACqbpjxvek.dat (Trojan.Agent) -> Quarantined and deleted successfully.

HijackThis (HJT) log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:33 PM, on 3/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\juice.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Calico Screen Printing & Embroidery
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1236909326187
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 5199 bytes

I appreciate your help!!!!
Thank you
__________________________________________________ __________________________________________________ _____
Disney's holes
guitar stores

Maurice · #2 (**permalink**) 04-08-2009, 01:41 AM

It does seem that you had a trojan of some sort running on the system. IE should not launch on its own and certainly you shouldn't have beeh hearing sounds etc like that.

I would run a couple of FREE online anti-virus scans. Note that these only detect viruses/malware but do NOT remove them.

Try ALL of these:-

Trend Micro

Free Virus Scan - Kaspersky Lab

Free online antivirus. Download ActiveScan 2.0 and clean your PC. Panda Security

I would also get a copy of AdAware and run that too
Ad-Aware Free - Download security software for spyware removal - Lavasoft

Let us know how it goes.

ps on the face of it the HiJack this log looks to be clean.

eagle1 · #3 (**permalink**) 06-01-2009, 07:50 AM

probably a weak earth point... usb's are earthed to the case in a desktop as its metal but a laptop case is plastic.. if it was me i would solder a wire from the usb's negative or outer case of the usb to the earth point i had this exact problem on my desktop and that fixed my problem. also if you can try turning down the volume on your laptop then turn the volume up on your speaker system your plugged into it if you can. that might not give the crackling sound as bad. oviusly opening the laptop might void your warrantly something to bear in mind if you do this

kuma.lk · #4 (**permalink**) 06-04-2009, 12:32 AM

Thank you for your reply.

Here is the ComboFix log:
ComboFix 09-03-19.02 - corol 2009-03-21 6:17:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2602 [GMT -8:00]
Running from: c:\documents and settings\corol\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090320-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\system32\comrepl.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UACD.SYS
-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.
2009-03-20 19:49 . 2009-03-20 19:59 <DIR> d-------- c:\program files\QuickTime
2009-03-20 17:47 . 2009-03-21 05:34 <DIR> d-------- c:\program files\Unlocker
2009-03-20 17:16 . 2009-03-21 05:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-20 17:16 . 2009-03-21 06:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-20 16:50 . 2009-03-09 11:06 15,688 --a------ c:\windows\SYSTEM32\lsdelete.exe
2009-03-20 15:53 . 2009-03-09 11:06 64,160 --a------ c:\windows\SYSTEM32\DRIVERS\Lbd.sys
2009-03-20 15:52 . 2009-03-20 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-20 15:52 . 2009-03-20 15:52 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 15:26 . 2009-03-21 05:32 <DIR> d-------- c:\program files\Trend Micro
2009-03-20 15:07 . 2009-03-20 15:07 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-03-20 14:47 . 2009-03-21 05:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 14:47 . 2009-03-20 14:47 <DIR> d-------- c:\documents and settings\corol\Application Data\Malwarebytes
2009-03-20 14:47 . 2009-03-20 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-20 14:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-20 14:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-20 13:37 . 2009-03-21 05:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-20 13:37 . 2009-03-20 13:37 <DIR> d-------- c:\documents and settings\corol\Application Data\SUPERAntiSpyware.com
2009-03-20 13:37 . 2009-03-20 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-20 13:36 . 2009-03-20 13:36 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-20 13:26 . 2009-03-21 05:29 <DIR> d-------- c:\program files\CCleaner
2009-03-20 11:39 . 2009-03-21 05:29 <DIR> d-------- c:\program files\Alwil Software
2009-03-20 10:59 . 2009-03-21 05:28 <DIR> d-------- c:\program files\VS Revo Group
2009-03-19 07:58 . 2004-06-05 08:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-19 07:58 . 2004-06-05 08:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-03-19 07:58 . 2004-06-05 08:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-03-19 07:58 . 2009-03-19 07:58 <DIR> d-------- c:\documents and settings\Administrator
2009-03-18 11:12 . 2006-12-29 00:31 19,569 --a------ c:\windows\000002_.tmp
2009-03-16 15:53 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp
2009-03-14 08:46 . 2009-03-20 11:17 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-14 08:46 . 2009-03-20 11:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\windows\SYSTEM32\en
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\windows\l2schemas
2009-02-26 09:59 . 2009-02-26 09:59 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-26 09:39 . 2008-04-11 11:04 691,712 --------- c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-21 13:33 --------- d-----w c:\program files\Lavasoft
2009-03-21 13:31 --------- d-----w c:\program files\Java
2009-03-21 03:09 --------- d-----w c:\program files\iTunes
2009-03-18 20:14 --------- d-----w c:\documents and settings\corol\Application Data\MSN6
2009-03-16 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-16 18:20 --------- d-----w c:\program files\Symantec
2009-03-16 17:43 --------- d-----w c:\documents and settings\corol\Application Data\Intuit
2009-03-16 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-03-16 17:42 --------- d-----w c:\program files\Intuit
2009-03-16 17:42 --------- d-----w c:\program files\Common Files\Intuit
2009-03-16 17:08 --------- d-----w c:\program files\Common Files\Real
2009-03-16 17:05 --------- d-----w c:\program files\Common Files\Adobe
2009-03-16 16:37 --------- d-----w c:\program files\Hewlett-Packard
2009-03-16 16:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 22:43 --------- d-----w c:\documents and settings\corol\Application Data\AdobeAUM
2009-02-17 00:00 --------- d-----w c:\program files\NOS
2009-02-17 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-16 21:52 --------- d-----w c:\documents and settings\corol\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1
2009-02-16 21:18 --------- d-----w c:\documents and settings\corol\Application Data\AdobeUM
2008-11-14 17:25 194,512 ----a-w c:\documents and settings\corol\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-05 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-12 155648]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2005-12-30 114688]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2003-08-13 07:27 28672 c:\windows\SYSTEM32\DSentry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 09:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Amrpst51"=3 (0x3)
"Ab04tv3prlad"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\ntvdm.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2009-03-20 64160]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2009-03-20 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [2009-03-20 20560]
R2 HOSTNT;Hostnt;c:\windows\SYSTEM32\DRIVERS\hostnt.s ys [2004-12-04 4032]
R2 MHDRV;Mhdrv;c:\windows\SYSTEM32\DRIVERS\mhdrv.sys [2004-12-04 21696]
R2 RCMHDOG;RCMHDOG;c:\windows\SYSTEM32\DRIVERS\rcmhdo g.sys [2004-12-04 55528]
R3 UsbC;SafeNet MicroDog USB Device Driver;c:\windows\SYSTEM32\DRIVERS\rcusbwdm.sys [2004-12-23 50816]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S3 pctplsg;pctplsg;\??\c:\windows\SYSTEM32\DRIVERS\pc tplsg.sys --> c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\ TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 Ab04tv3prlad;Ab04tv3prlad; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C97751B1-BF63-4867-87FB-49B72502DBCD}]
c:\program files\Microsoft Office\Office10\OfficeXPFirstRun.vbs
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
MSConfigStartUp-AdobeVersionCue - c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.calicographics.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-03-21 06:20:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-443509043-1908569376-3055490635-1007\Software\Corel\WritingTools\9.1\User Word Lists\ø*S]
"Selected UWL"=hex:02,00
[HKEY_USERS\S-1-5-21-443509043-1908569376-3055490635-1007\Software\Corel\WritingTools\9.1\User Word Lists\ø*S\Word List 0]
"Name"="c:\\Documents and Settings\\corol\\My Documents\\Corel User Files\\WT9_1øœ.UWL"
"Enabled"=hex:01,00,00,00
[HKEY_USERS\S-1-5-21-443509043-1908569376-3055490635-1007\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\Tablet.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-03-21 6:23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-21 14:23:12
Pre-Run: 134,483,603,456 bytes free
Post-Run: 134,410,670,080 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
205 --- E O F --- 2009-03-18 20:59:53

Your help and guidence is greatly apprciated.

corporate entertainment
hard drive data recovery

Maurice · #5 (**permalink**) 06-04-2009, 12:50 AM

So tell me, what is the state of play here? Are you still having the original problem of IE loading up in the background? Are you still getting sounds playing even though you haven't triggered this?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Welcome to the ComputerProblems.org Free Computer Support & Technology Discussion.
Welcome to ComputerProblems.Org, your source for PC technical help and information! You are currently viewing our boards as a guest which gives you limited access to view most discussions. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, access our arcade and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support.