Internet Explorer running in background

This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.


Thread Starter
Nov 9, 2011

Internet Explorer keeps running in the background, I end the the process in task manager and within minutes it reopens again. The longer I leave it, the more memory it seems to use.

I have run AVG, Spybot and Malwarebytes, all of which came up with nothing.

I recently had a problem with a google redirect virus, which i think i have fixed, but it may be related.

If you need any more information just let me know and I should be able to swiftly get it for you.

Thanks in advance,


Tech Support Guy System Info Utility version
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 Processor 3000+, x86 Family 15 Model 47 Stepping 2
Processor Count: 1
RAM: 2046 Mb
Graphics Card: NVIDIA GeForce 6600, 512 Mb
Hard Drives: C: Total - 152625 MB, Free - 80532 MB;
Motherboard:, KN8 Series(NF-CK804)
Antivirus: AVG Anti-Virus Free Edition 2012, Updated: Yes, On-Demand Scanner: Enabled
Apr 7, 2010
Hi mr_mr_r, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Let's see if you can get these to run.

Download OTL to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following

    %systemroot%\*. /mp /s
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lîk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %PROGRAMFILES%\Common Files\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with
  • both OTL log
  • aswMBR.log


Thread Starter
Nov 9, 2011
I have run OTL.exe please find attached results.

However when I try and run aswMBR.exe nothing happens, any idea why this might be?

Let me know if you need any more information.

Thanks in advance



Apr 7, 2010
Hi mr_mr_r,

Please copy and paste your logs into your replies unless specifically requested to attach them. It's much easier to work with them when they are posted.

Do you have a blank CD and a usb device such as a flashdrive?

I see you have used TDSSKiller, please post the log. It can be found at C:\ TDSSKiller.[Version]_[Date]_[Time]_log.txt

It may be malware or your security programs may be interfering with aswMBR. Delete the copy you have and disable AVG, Spybot's Teatimer and Windows Defender.

Download a new copy and try it again. Run this fix first.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
ipconfig /flushdns /c
Then click the Run Fix button at the top

  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL log and a new HJT fix log.

Please post back with
  • TDSSKiller log
  • OTL log
  • aswMBR log if you were able to get it to run.


Thread Starter
Nov 9, 2011

Firstly apologies for not posting the previous results properly, and yes I do have blank CDs and a flashdrive.

You are right in that I did download tddskiller, however much like aswMBR i was unable to get it to run. I have disabled AVG, windows defender and spybot but still nothing happens when I run both .exe files.

When I ran OTL with your below code it crashed the system, however upon restart OTL opened up with the below code in a notepad, I assume this is what you are after:

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr not found.
File\Folder C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matt\Desktop\Viral\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\Viral\cmd.txt deleted successfully.
========== COMMANDS ==========


User: Administrator

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4327060 bytes
->FireFox cache emptied: 3424148 bytes

User: Matt
->Temp folder emptied: 2551421 bytes
->Temporary Internet Files folder emptied: 6100090 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41193425 bytes
->Google Chrome cache emptied: 10069688 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 832 bytes

User: NetworkService
->Temp folder emptied: 825116 bytes
->Temporary Internet Files folder emptied: 79078690 bytes

User: user
->Temp folder emptied: 920639749 bytes
->Temporary Internet Files folder emptied: 444396716 bytes
->Java cache emptied: 17552591 bytes
->FireFox cache emptied: 19178936 bytes
->Apple Safari cache emptied: 1019904 bytes
->Flash cache emptied: 23758 bytes

%systemdrive% .tmp files removed: 356994 bytes
%systemroot% .tmp files removed: 5235263 bytes
%systemroot%\System32 .tmp files removed: 871953 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 797 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 42613013 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2210304 bytes

Total Files Cleaned = 1,528.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version log created on 11112011_093429

Files\Folders moved on Reboot...
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
Apr 7, 2010
Hi mr_mr_r,

No problem.

Ok we'll use a CD that we will make bootable. We also need a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.

You will also need to use FireFox to download a file as Internet Explorer seems to mangle the download.

If you have an problems with these steps please let me know. These may look complicated but it's fairly straight forward and for the most part automated.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe by double clicking it.
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD

Using FireFox, please download and save dumpit to your usb device.

You may want to print out this part as you will not be able to view these instructions.
  • Leave the usb device attached to the computer
  • Boot the infected computer with the CD you just burned
    • with the CD in the computer, restart the computer
    • The computer must be set to boot from the CD,depending on your computer you can either do this by pressing F12 and selecting the CD as the first boot option or it can be set in the BIOS
  • Once you have the computer set to boot from the CD allow it to boot
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
    (you will be able to tell if it the right one as the screen will populate with your files)
  • Locate the file you downloaded and saved earlier, dumpit
  • double click it to run it
  • a black window will open, follow the instructions to close the window when it's finished
  • a file called should now be placed in the right hand panel
  • Click the Home icon at top
  • Remove the CD and click Power off
  • Click restart

Once the computer has rebooted open the usb device and attach the file to your next reply.

Apr 7, 2010
Hi mr_mr_r,

Do you have aretail copy og XP? We need to use a utility that is on the disk. If you don't have a disk let me know, I'll give you instructions to create the utility we need on a disk.



Thread Starter
Nov 9, 2011
I've had a look but can't seem to find a windows XP disk, I think it came preinstalled.

Could you tell me the instructions to create the utility.

Thanks in advance,

Apr 7, 2010
Hi mr_mr_r

Please read the instuctions and ask any questions if they are not clear.

To make the disk:

Burn recovery console cd
  1. Download file to your drive and extract it to its own folder (c:\recoverycd for example).
  2. Download floppy disk setup package xp pro for your operating system (XP pro) and save it to the folder you extracted the zip to.
  3. Rename the floppy disk setup package to Bootdisk.exe.
  4. Insert a blank cd into your burner.
  5. Double-click the RecoveryCD.bat file and follow the prompts to burn a cd that will allow you to boot to the recovery console.
To use the disk:

Once the CD is made use it to boot the computer.
  • Make sure the computer is set to boot from the CD (you may have that option with the F12 key or will need to set in in the bios)
  • Insert the CD you made into the computer
  • Reboot the computer
1. Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
2. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
3. You should now see a list of installations and the prompt "Which Windows Installation would you like to log on to?"
Select the appropriate number for the Windows installation that you want to repair. If you only have one, press 1.
4. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

You should now have a C:\windows> prompt

type the following command and hit enter


5. Answer Y when it asks you if you want to write a new MBR
6. Type EXIT and hit enter to reboot your machine

Your computer will now boot to windows. Once it has please try running aswMBR again and post the log.


Thread Starter
Nov 9, 2011
Thanks for the detailed instructions, all as you said, find aswMBR log below:

aswMBR version Copyright(c) 2011 AVAST Software
Run date: 2011-11-16 13:05:38
13:05:38.781 OS Version: Windows 5.1.2600 Service Pack 3
13:05:38.781 Number of processors: 1 586 0x2F02
13:05:38.781 ComputerName: MIKEPC UserName: Matt
13:05:43.093 Initialize success
13:07:25.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007e
13:07:25.109 Disk 0 Vendor: MAXTOR_STM3160215A 3.AAD Size: 152627MB BusType: 3
13:07:25.125 Disk 0 MBR read successfully
13:07:25.125 Disk 0 MBR scan
13:07:25.125 Disk 0 Windows XP default MBR code
13:07:25.125 Disk 0 scanning sectors +312576705
13:07:25.203 Disk 0 scanning C:\windows\system32\drivers
13:07:35.000 Service scanning
13:07:36.406 Modules scanning
13:07:51.546 Disk 0 trace - called modules:
13:07:51.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
13:07:51.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a931ab8]
13:07:51.562 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000080[0x8a91baf8]
13:07:51.562 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\0000007e[0x8a9b3030]
13:07:52.062 Scan finished successfully
13:08:18.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\Viral\MBR.dat"
13:08:18.062 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\Viral\aswMBR.txt"


Thread Starter
Nov 9, 2011
Everything seems to be running fine, I haven't noticed Internet Explorer running in the background for a while and it appears as though my google redirect virus seems to have gone for good.

Has it all been cleansed away then?

Apr 7, 2010
Hi mr_mr_r,

Sometimes these infections bring friends to the party.

Please read through the instructions to familarize youself with what to expect when the tool runs.

Please download ComboFix from Link 1or Link 2 to C:\.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to C:\**

  • If you are using Firefox, make sure that your download settings are as follows:
    -Tools->Options->Main tab

    -Set to "Always ask me where to Save the files".
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:​

Click on Yes, to continue scanning for malware.​

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.​

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.​

Please post back with
  • combofix log
How is the computer?


Thread Starter
Nov 9, 2011
Please find below the log.txt

I think there may have been a slight issue when running it, after pressing yes to the Microsoft Windows Recovery Console, a pop up box came up saying something about unable to complete, I did screenshot it but it didn't work. I closed this window then the scan ran as usual, don't know if this is anything major.


ComboFix 11-11-17.01 - Matt 17/11/2011 9:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1544 [GMT 0:00]
Running from: C:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Matt\Application Data\PriceGong
c:\documents and settings\Matt\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Matt\My Documents\~WRL0754.tmp
c:\documents and settings\Matt\My Documents\~WRL1515.tmp
c:\documents and settings\Matt\My Documents\~WRL2140.tmp
c:\documents and settings\Matt\My Documents\~WRL3208.tmp
c:\documents and settings\Matt\WINDOWS
c:\documents and settings\user\WINDOWS
c:\program files\Common Files\Uninstall
c:\program files\popcorn Terms.html
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
2011-11-11 09:30 . 2011-11-11 09:30 -------- d-----w- C:\_OTL
2011-11-09 11:05 . 2011-11-09 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-10-10 14:22 . 2005-10-07 13:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 06:23 . 2011-07-11 00:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21 . 2011-07-11 00:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 04:06 . 2011-01-05 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2007-09-28 06:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2011-09-26 10:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-23 10:31 . 2011-07-25 14:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 05:30 . 2011-07-11 00:13 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00 . 2009-09-11 09:06 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-26 13:43 . 2011-08-26 13:43 204800 ----a-w- c:\documents and settings\Matt\Application DatazERBbpajkL.exe
2011-08-22 23:48 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-10 13:45 . 2011-09-22 09:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
2006-12-19 19:46 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-08-25 2622784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-24 68856]
"EPSON Stylus Photo RX520 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^ 3.2.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\ 3.2.lnk
backup=c:\windows\pss\ 3.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 11:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 11:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-08 21:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-28 23:43 8466432 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-06-28 23:43 81920 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-06-28 23:43 1626112 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2007-10-23 04:11 524288 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-24 09:44 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"WinDefend"=2 (0x2)
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\ABIT\\FlashMenu\\FlashMenu.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"23115:TCP"= 23115:TCP:BitComet 23115 TCP
"23115:UDP"= 23115:UDP:BitComet 23115 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 00:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [11/07/2011 00:13 32592]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [26/07/2006 10:41 16640]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/07/2011 00:13 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 00:14 295248]
R2 ASTRA32;ASTRA32 Kernel Driver;c:\program files\ASTRA32\astra32.sys [23/11/2004 19:45 23488]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 05:09 192776]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [17/06/2005 10:11 24064]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14/11/2008 01:11 17184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 00:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 00:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11/07/2011 00:14 16720]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [17/06/2005 10:11 17664]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/05/2010 11:39 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [21/04/2007 14:44 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/05/2010 11:39 136176]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
Contents of the 'Scheduled Tasks' folder
2011-11-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-28 08:09]
2011-10-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2011-11-17 c:\windows\Tasks\User_Feed_Synchronization-{A1125C4A-B044-4DD6-BC32-C7A380345BF3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
2011-11-17 c:\windows\Tasks\User_Feed_Synchronization-{C7A3B0EC-B3CE-4CFC-A7F8-2BA1F8509EC0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
------- Supplementary Scan -------
uStart Page = hxxp://
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer =
TCP: Interfaces\{0CE516B5-2538-4006-8136-CB763F6FFBD2}: NameServer =,
TCP: Interfaces\{C6D48E6C-2D08-4A27-83F0-6E03512E3D68}: NameServer =,
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\gp6f2lex.default\
FF - prefs.js: network.proxy.type - 0
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-eBayToolbar - c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2011-11-17 09:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
@DACL=(02 0000)
@DACL=(02 0000)
Completion time: 2011-11-17 09:42:13
ComboFix-quarantined-files.txt 2011-11-17 09:41
Pre-Run: 85,272,264,704 bytes free
Post-Run: 85,261,611,008 bytes free
- - End Of File - - CFF3920550AD5AF977A0E61F7C76AE22
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online