Audio ads, traffixeng, iexplore.exe virus

Dear Experts,

I have been having multiple problems with my computer. About a month ago it started after I clicked on something on my facebook, (later learning it was probably a virus) and I was told I need to update my adobe flash player which might have been a fake. I have been constantly experiencing every 15 minutes phantom audio ads from out of nowhere even when I have no programs opened. The only way to stop it is going through my task manager and deleting one of the multiple iexplore.exe that are open. Also my Norton Internet Security keeps blocking this thing called Web Attack: Exploit Kit Redirect attacker: Traffixeng.com

It also keeps blocking this thing called Web Attack: Mass Iframe Injection Website 10 attacker: served-by.arcadeoldies.com/www/delivery/afr.php
Applicaton path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Sometimes when I restart the computer it runs scan disk for errors without me telling it to.

Here is my logs. Thank you.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Jack King at 16:43:49 on 2012-08-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1116 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Documents and Settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Jack King\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
uRun: [Sonic RecordNow! Deluxe]
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\jack king\local settings\application data\akamai\netsession_win.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPWPTOOLBOX] c:\program files\hewlett-packard\hp business inkjet 2800 series\toolbox\HPWPTBX.exe "-i"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\jackki~1\startm~1\programs\startup\dialog~1.lnk - c:\program files\vcom\powerdesk\pddlghlp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342651866000
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E2DF9E63-EE16-41BA-BD5F-A13638FE942E} : DhcpNameServer = 192.168.1.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [1979-12-31 251194]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-10 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-10 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120801.001\IDSXpx86.sys [2012-8-1 369632]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-31 106656]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120801.037\NAVENG.SYS [2012-8-2 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120801.037\NAVEX15.SYS [2012-8-2 1589752]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-4-4 19056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-1 250056]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-3-20 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-08-02 06:33:24 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{77762868-2edd-4363-8a3b-72753c8a9a78}\offreg.dll
2012-07-31 10:50:30 6891424 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{77762868-2edd-4363-8a3b-72753c8a9a78}\mpengine.dll
2012-07-28 21:55:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-28 21:55:48 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-26 05:34:19 -------- d-----w- c:\program files\ESET
2012-07-24 05:05:44 -------- d-----w- c:\documents and settings\jack king\application data\SpeedyPC Software
2012-07-24 05:05:44 -------- d-----w- c:\documents and settings\jack king\application data\DriverCure
2012-07-24 05:05:24 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-07-23 06:45:33 -------- d-----w- c:\program files\Oracle
2012-07-23 06:45:21 772544 ------w- c:\windows\system32\npDeployJava1.dll
2012-07-23 06:45:21 687600 ------w- c:\windows\system32\deployJava1.dll
2012-07-23 06:45:21 143872 ------w- c:\windows\system32\javacpl.cpl
2012-07-23 06:42:27 -------- d-----w- c:\documents and settings\jack king\local settings\application data\Adobe
2012-07-23 06:38:47 -------- d-----w- c:\windows\system32\Adobe
2012-07-23 06:38:11 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-23 06:38:11 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-07-22 21:15:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 07:01:37 -------- d-----w- c:\windows\SxsCaPendDel
2012-07-21 05:13:30 275696 ------w- c:\windows\system32\mucltui.dll
2012-07-21 05:13:30 214256 ------w- c:\windows\system32\muweb.dll
2012-07-21 05:13:30 17136 ------w- c:\windows\system32\mucltui.dll.mui
2012-07-21 01:55:25 -------- d-----w- c:\documents and settings\jack king\local settings\application data\ESET
2012-07-21 01:55:25 -------- d-----w- c:\documents and settings\jack king\application data\ESET
2012-07-20 19:31:11 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-07-20 19:31:08 -------- d-----w- c:\program files\Security Task Manager
2012-07-20 19:03:29 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-07-20 06:38:16 -------- d-----w- c:\program files\AVAST Software
2012-07-20 06:38:16 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-07-20 03:05:23 6891424 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-07-20 03:05:08 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-20 01:23:26 -------- d-----w- c:\program files\PC Tools
2012-07-20 01:19:12 203088 ------w- c:\windows\system32\drivers\PCTSD.sys
2012-07-20 01:19:12 -------- d-----w- c:\program files\common files\PC Tools
2012-07-20 00:11:23 -------- d-----w- c:\documents and settings\jack king\local settings\application data\NPE
2012-07-20 00:08:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-20 00:08:48 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-19 05:58:15 -------- d-----w- c:\documents and settings\jack king\application data\Curiolab
2012-07-19 05:56:07 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-07-19 05:56:06 -------- d-----w- c:\documents and settings\jack king\application data\TestApp
2012-07-19 02:52:26 -------- d-----w- c:\program files\Trojan Remover
2012-07-19 01:55:18 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-07-19 01:55:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-18 05:17:36 605968 ------w- c:\windows\system32\ztv7z.dll
2012-07-18 05:17:35 77312 ------w- c:\windows\system32\ztvunace26.dll
2012-07-18 05:17:35 77072 ------w- c:\windows\system32\ztvcabinet.dll
2012-07-18 05:17:35 75264 ------w- c:\windows\system32\unacev2.dll
2012-07-18 05:17:35 185616 ------w- c:\windows\system32\ztvunrar39.dll
2012-07-18 05:17:35 169744 ------w- c:\windows\system32\ztvunrar36.dll
2012-07-18 05:17:35 153088 ------w- c:\windows\system32\UNRAR3.dll
2012-07-18 05:17:31 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2012-07-06 16:09:36 -------- d-----w- c:\documents and settings\jack king\local settings\application data\Sun
2012-07-05 19:25:24 -------- d-----w- c:\documents and settings\jack king\application data\Malwarebytes
2012-07-05 19:25:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 07:59:29 94208 ------w- c:\windows\DUMP2f7c.tmp
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 16:44:40.06 ===============

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.