Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sound Wave mutes itself, clicking noise, and random ie pop ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 Lylah

Lylah

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 15 August 2010 - 03:46 PM

Hi,
So awhile ago i realized the sound on my laptop wasn't working and thought it was my speakers but then realized "Wave" under volume control keeps getting muted. When I unmute it, there's constant clicking noise and random ie pop ups. after about 20 seconds, the wave gets muted again. i also noticed that under windows task manager ---> processes, IEXPLORER.exe is running as SYSTEM. The anti-virus programs i used did not catch any viruses. I did try system restoring my computer but the problem is still there. Can anyone help me figure out what the problem is? Thanks in advance!!



DDS (Ver_10-03-17.01) - FAT32x86
Run by Lulu at 15:13:31.06 on Sun 08/15/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.354 [GMT -5:00]

AV: Norton AntiVirus 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe 4
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
svchost.exe 4
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lulu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Documents and Settings\Lulu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\Lulu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lulu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lulu\My Documents\Downloads\Defogger.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Documents and Settings\Lulu\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://global.acer.com
mDefault_Page_URL = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton antivirus\NavShExt.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\lulu\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [LaunchApp]
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [<NO NAME>]
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2005-8-27 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 192112]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169584]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2005-10-22 139888]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-8-13 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-15 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100814.002\NAVENG.Sys [2010-8-15 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100814.002\NavEx15.Sys [2010-8-15 1362608]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2005-8-27 334984]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 SAVScan;Symantec AVScan;c:\program files\norton antivirus\SAVScan.exe [2005-8-27 198368]

=============== Created Last 30 ================

2010-08-15 20:07:02 0 ----a-w- c:\documents and settings\lulu\defogger_reenable
2010-08-15 18:47:38 503808 ----a-w- c:\windows\system32\MSVCP71.DL1
2010-08-15 18:47:38 348160 ----a-w- c:\windows\system32\MSVCR71.DL1
2010-08-15 18:47:38 1060864 ----a-w- c:\windows\system32\MFC71.DL1
2010-08-15 18:44:58 0 d-sh--w- C:\FOUND.000
2010-08-13 07:55:44 6 ----a-w- C:\ISACER.ID
2010-08-13 07:54:55 92 ----a-w- c:\windows\GridV.UNI
2010-08-13 07:44:03 602112 ----a-w- c:\windows\system32\Acer.Empowering.Windows.Forms_v820.dll
2010-08-13 07:42:50 552 ----a-w- c:\windows\system32\setup.iss
2010-08-13 07:42:50 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-08-13 07:42:50 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2010-08-13 07:42:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2010-08-13 07:42:50 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2010-08-13 07:42:50 1168896 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2010-08-13 07:24:27 83 ----a-w- c:\windows\LManager.UNI
2010-08-13 07:24:26 0 d-----w- c:\program files\Launch Manager
2010-08-13 07:23:18 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-08-13 07:23:17 94298 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-08-13 07:23:17 82013 ----a-w- c:\windows\system32\SynCOM.dll
2010-08-13 07:23:17 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-08-13 07:23:17 192672 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-08-13 07:23:17 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-08-13 07:23:17 0 d-----w- c:\program files\Synaptics
2010-08-13 07:22:14 74752 ----a-w- c:\windows\system32\drivers\ESM7SK.sys
2010-08-13 07:22:13 61056 ----a-w- c:\windows\system32\drivers\EMS7SK.sys
2010-08-13 07:22:11 37888 ----a-w- c:\windows\system32\drivers\ESD7SK.sys
2010-08-13 07:22:10 119936 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2010-08-13 07:20:59 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-08-13 07:20:59 140731 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2010-08-13 07:20:59 12544 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-08-13 07:19:38 53248 ----a-w- c:\windows\system32\acpimof.dll
2010-08-13 07:19:38 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2010-08-13 07:17:56 69632 ----a-w- c:\windows\Alcmtr.exe
2010-08-13 06:06:22 0 d-----w- c:\docume~1\lulu\applic~1\Symantec
2010-08-13 05:59:39 0 d-----w- c:\program files\Norton AntiVirus
2010-08-13 05:59:21 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2010-08-13 05:59:14 87768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-13 05:59:14 108168 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-13 05:59:02 0 d-----w- c:\program files\Symantec
2010-08-13 05:59:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-08-13 05:58:49 0 d-----w- c:\program files\common files\Symantec Shared
2010-08-13 05:57:29 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-08-13 04:46:17 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-08-13 04:46:02 78720 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-08-13 04:41:44 84 ----a-w- c:\windows\EMEAPAGE.INI
2010-08-13 04:41:44 180224 ----a-w- c:\windows\ADDITEM.EXE
2010-08-13 04:41:44 159821 ----a-w- c:\windows\EMEAPAGE.EXE
2010-08-13 04:41:41 163840 ----a-w- c:\windows\AExec.exe
2010-08-13 04:41:40 589824 ----a-w- c:\windows\AntiV.EXE
2010-08-13 04:41:40 2790 ----a-w- c:\windows\AntiV.INI
2010-08-13 04:41:39 633446 ----a-w- c:\windows\GVista.exe
2010-08-13 04:41:07 118784 ----a-w- c:\windows\system32\Uci32105.dll
2010-08-13 04:41:05 990592 ----a-w- c:\windows\system32\drivers\HSF_DPV.sys
2010-08-13 04:41:04 727808 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-08-13 04:41:04 208384 ----a-w- c:\windows\system32\drivers\HSFHWAZL.sys
2010-08-13 04:39:42 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2010-08-13 04:39:42 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-08-13 04:39:37 147456 ----a-w- c:\windows\UNINST32.EXE
2010-08-13 04:39:01 1744416 ----a-w- c:\windows\system32\SET104.tmp
2010-08-13 04:39:00 114688 ----a-w- c:\windows\system32\SET116.tmp
2010-08-13 04:38:55 204800 ----a-w- c:\windows\system32\SET11F.tmp
2010-08-13 04:38:52 2732608 ----a-w- c:\windows\system32\SET101.tmp
2010-08-13 04:38:51 86016 ----a-w- c:\windows\system32\SET113.tmp
2010-08-13 04:38:51 41984 ----a-w- c:\windows\system32\SET11C.tmp
2010-08-13 04:38:51 401408 ----a-w- c:\windows\system32\SET110.tmp
2010-08-13 04:38:51 286720 ----a-w- c:\windows\system32\SETFB.tmp
2010-08-13 04:38:51 258048 ----a-w- c:\windows\system32\SETF8.tmp
2010-08-13 04:37:47 253952 ----a-w- c:\windows\AArrange.exe

==================== Find3M ====================


============= FINISH: 15:13:57.09 ===============

Attached Files


Edited by Lylah, 15 August 2010 - 03:50 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:19 PM

Posted 15 August 2010 - 05:05 PM

Good evening. smile.gif

Please download MBRCheck.exe by a_d_13 from here and save it to your Desktop.
  • Double click the file to begin the scan.
  • A Command Window will open and after the scan has completed you will be prompted to select further action - please exit in the stated manner.
  • A text file called MBRCheck_date/time.txt can be found on the Desktop. I'd like you to post the contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Preformat.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see a folder with a .vbs file in it. Double click Preformat.vbs to run it and a text file called Preformat.txt should be created in the same folder - either that or you'll get an error message.
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:19 PM

Posted 20 August 2010 - 02:30 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users