I've got an extended family member's netbook (Windows XP Home) here with me, delivered to me in a state of disarray, infested with all sorts of junk, slow, and if it were my machine it would be prime for a reformat, anyway I digress...
I've scanned it with every tool known to mankind, removed 99% of the guff, manually edited out bits that scanners couldn't remove, and got it pretty clean, but there is one "problem" that continues to manifest itself.
Upon boot, the volume slider for "wave" volume is set to 0%, svchost then launches at least two instances of iexplore.exe, with a switch of -embedded (meaning it launches blind without a UI).
Nothing in the world seems to be picking up this hijacked svchost launch, which leads me to believe it is a rootkit, but even the typical rootkit scanners fail to reveal anything related. McAfee's rootkit detective finds nothing, neither does Trend Micro's. Microsoft's "malicious software removal tool" also finds nada.
I'm running out of ideas now.
Oh FWIW, if I replace the executable iexplore.exe (in the normal place c:\Program Files\Internet Explorer) with notepad.exe, renamed to iexplore, the volume mute problem ceases to exist, however svchost still attempts to launch "iexplore" (now notepad) constantly, resulting in a nice error ding from windows as it tries to launch notepad with a switch it doesn't understand.
I've scanned it with every tool known to mankind, removed 99% of the guff, manually edited out bits that scanners couldn't remove, and got it pretty clean, but there is one "problem" that continues to manifest itself.
Upon boot, the volume slider for "wave" volume is set to 0%, svchost then launches at least two instances of iexplore.exe, with a switch of -embedded (meaning it launches blind without a UI).
Nothing in the world seems to be picking up this hijacked svchost launch, which leads me to believe it is a rootkit, but even the typical rootkit scanners fail to reveal anything related. McAfee's rootkit detective finds nothing, neither does Trend Micro's. Microsoft's "malicious software removal tool" also finds nada.
I'm running out of ideas now.
Oh FWIW, if I replace the executable iexplore.exe (in the normal place c:\Program Files\Internet Explorer) with notepad.exe, renamed to iexplore, the volume mute problem ceases to exist, however svchost still attempts to launch "iexplore" (now notepad) constantly, resulting in a nice error ding from windows as it tries to launch notepad with a switch it doesn't understand.
