Jump to content

IE running in background, random audio clips playing

Recommended Posts

Hi, I have seen this problem all over the internet and was wondering if you could help me..

Internet Explorer is running on my PC when I don't even use the browser, I try to end the process via Task Manager and it almost instantly reappears. I am also hearing random audio clips every 15-30 minutes even when all internet browsers are closed which drives me insane. Any ideas on what could be causing this?


Link to post
Share on other sites

  • Staff


Please do the following:

Please download DDS from either of these links



and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.


Please include the contents of the following in your next reply:




Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Link to post
Share on other sites

  • Staff


Please run the following:

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Uncheck the Whitlelist boxes next to Registry, Services, Drivers, and known DLL's
  • Place a check next to List Drivers MD5
  • Press Scan button.
  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
  • now press the search button
  • when the search is complete, search.txt will also be written to your USB
  • type exit and reboot the computer normally
  • please copy and paste both logs in your reply.(FRST.txt and Search.txt)

Link to post
Share on other sites

  • Staff


Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\OEM\...\Run: [tmp455A] "C:\Users\OEM\AppData\Local\Temp\tmp4559.tmp.exe" [x]
HKU\OEM\...\Run: [tmp7752] "C:\Users\OEM\AppData\Local\Temp\tmp7751.tmp.exe" [x]
HKU\OEM\...\Run: [tmp4D07] "C:\Users\OEM\AppData\Local\Temp\tmp4D06.tmp.exe" [x]
HKU\OEM\...\Run: [tmpCB2B] "C:\Users\OEM\AppData\Local\Temp\tmpCACD.tmp.exe" [x]
HKU\OEM\...\Run: [{21FB968C-E0EA-68C7-E04B-482E4D0E28A2}] C:\Users\OEM\AppData\Roaming\Uzuc\vyhy.exe [141312 2010-03-21] ()
HKU\OEM\...\Run: [tmp8881] "C:\Users\OEM\AppData\Local\Temp\tmp8880.tmp.exe" [x]
HKU\OEM\...\Run: [tmpD0C7] "C:\Users\OEM\AppData\Local\Temp\tmpD0C6.tmp.exe" [x]
HKU\OEM\...\Run: [tmpEF6D] "C:\Users\OEM\AppData\Local\Temp\tmpEEF0.tmp.exe" [x]
HKU\OEM\...\Run: [tmp6D92] "C:\Users\OEM\AppData\Local\Temp\tmp6D91.tmp.exe" [x]
HKU\OEM\...\Run: [HKCU] C:\Users\OEM\AppData\Roaming\Winbooterr\svchost.exe [280064 2005-09-23] ()
HKU\OEM\...\Run: [tmp8640] "C:\Users\OEM\AppData\Local\Temp\tmp8610.tmp.exe" [683008 2012-04-11] (i?hllrKIrKGšllIGSGlIl?oššrhinN)
HKLM\...\Policies\Explorer\Run: [Policies] C:\Users\OEM\AppData\Roaming\Winbooterr\svchost.exe [280064 2005-09-23] ()
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
NETSVC: websenseuserservice -> C:\Windows\system32\sqlagent$sony_mediamgr.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
2012-07-06 21:27 - 2012-07-06 21:27 - 00000000 ____D C:\Users\OEM\Downloads\Adobe Photoshop CS5 Extended (Crack + Instructions)
2012-06-20 03:19 - 2012-05-23 16:18 - 00084480 ____A C:\Windows\SysWOW64\TI22sGJa.exe
2012-06-20 03:19 - 2012-05-23 16:18 - 00084480 ____A C:\Windows\SysWOW64\pBSM5m1r.exe
2012-06-20 03:19 - 2012-05-23 16:18 - 00084480 ____A C:\Windows\SysWOW64\cXclsvs5.exe
cmd: del /a/f/q c:\windows\tasks\at*.job
2012-05-23 16:18 - 2012-05-23 16:50 - 00084480 ____A C:\Users\All Users\3867K7JY.exe
2012-05-20 17:18 - 2012-05-20 17:18 - 00439107 ____A C:\Users\OEM\Downloads\- Hotmail Password Hacker 3.0.rar
2012-05-19 22:40 - 2012-05-19 22:38 - 10567741 ____A C:\Users\OEM\Downloads\Pro Facebook Hack v 1.5 2012.rar
2012-05-19 22:39 - 2012-05-19 22:35 - 20971520 ____A (Microsoft Corporation) C:\Users\OEM\Downloads\Facebook_Hacker_v3.0.exe
2012-05-19 21:47 - 2012-05-19 21:47 - 00377477 ____A C:\Users\OEM\Downloads\Facebook Multi Extractor.zip
2012-05-19 21:39 - 2012-05-19 21:38 - 00844642 ____A C:\Users\OEM\Downloads\Facebook Password Hacker v1.3.rar
2012-05-19 21:30 - 2012-05-19 21:30 - 00026112 ____A C:\Users\OEM\Downloads\HACKERTOOLS.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

  • Staff

yes please,

run it in safe mode

To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Link to post
Share on other sites

  • Staff

Please have a look at C:\ComboFix.txt, see if there is a log there,

the FRST Fix didn't look quite right, so let's run OTL and have a look at that, then we may need to run FRST again

Please run the following:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    %systemroot%\*. /rp /s
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.