PC Help Headquarters: Computer is slowly disintegrating - PC Help Headquarters

Jump to content

  • (2 Pages) +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Computer is slowly disintegrating

#1
User is offline   Chris Williams 
Posted 31 July 2010 - 06:41 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
I heard about this site through a yahoo post and decided to give it a shot. Hopefully you guys will be able to help with my problems. First off, my speakers just suddenly stopped working while on the internet. They work fine in windows media player but for youtube and other music sites I get no sound at all. Second problem is I'm always getting a message via google chrome which tells me it's redirecting me or "Oops! Google Chrome could not connect to www.google.com" which makes me think I have a virus. I've tried several virus scans which found trojans, malware and spyware and supposedly got rid of it but I'm still having the same problem. Third, whenever I reboot my computer it freezes for about an hour or two. Could someone please help me? It would be greatly appreciated. Thanks!

This post has been edited by Chris Williams: 31 July 2010 - 06:46 PM

0

#2
User is offline   noop 
Posted 31 July 2010 - 06:52 PM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
Hello Chris and welcome to PC Help Headquarters! :)

1. Sound Problem
What web browser are you using when the sound doesn't work? (Ie. Google Chrome, Firefox, Internet Explorer)

2. Google Chrome
This does sound like Google Chrome has possibly been hijacked by a virus. Please read below.

3. Viruses
To troubleshoot this, could you please run a HiJackThis scan and paste the results here? This scan will allow me to verify whether or not you have a virus currently running and/or if your web browsers have been hijacked by a virus.
Here is a step-by-step guide on how to run and post the HiJackThis log. (You don't have to post this in the HiJackThis forum, you may post the scan log in this thread.) http://www.pchelphq....gs-for-posting/

Looking forward to your reply,
Noop
Posted Image Posted Image
0

#3
User is offline   Chris Williams 
Posted 31 July 2010 - 07:10 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
The sound doesn't work for any of the browsers. I tried it on both Chrome and I.E.

Not sure if I'm doing this right but....


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Lisa Williams\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\POPFile\popfileib.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Lisa Williams\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...09&m=el1200-06w
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...09&m=el1200-06w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...09&m=el1200-06w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...09&m=el1200-06w
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.230.163.203 www.google.com
O1 - Hosts: 67.230.163.203 google.com
O1 - Hosts: 67.230.163.203 google.com.au
O1 - Hosts: 67.230.163.203 www.google.com.au
O1 - Hosts: 67.230.163.203 google.be
O1 - Hosts: 67.230.163.203 www.google.be
O1 - Hosts: 67.230.163.203 google.com.br
O1 - Hosts: 67.230.163.203 www.google.com.br
O1 - Hosts: 67.230.163.203 google.ca
O1 - Hosts: 67.230.163.203 www.google.ca
O1 - Hosts: 67.230.163.203 google.ch
O1 - Hosts: 67.230.163.203 www.google.ch
O1 - Hosts: 67.230.163.203 google.de
O1 - Hosts: 67.230.163.203 www.google.de
O1 - Hosts: 67.230.163.203 google.dk
O1 - Hosts: 67.230.163.203 www.google.dk
O1 - Hosts: 67.230.163.203 google.fr
O1 - Hosts: 67.230.163.203 www.google.fr
O1 - Hosts: 67.230.163.203 google.ie
O1 - Hosts: 67.230.163.203 www.google.ie
O1 - Hosts: 67.230.163.203 google.it
O1 - Hosts: 67.230.163.203 www.google.it
O1 - Hosts: 67.230.163.203 google.co.jp
O1 - Hosts: 67.230.163.203 www.google.co.jp
O1 - Hosts: 67.230.163.203 google.nl
O1 - Hosts: 67.230.163.203 www.google.nl
O1 - Hosts: 67.230.163.203 google.no
O1 - Hosts: 67.230.163.203 www.google.no
O1 - Hosts: 67.230.163.203 google.co.nz
O1 - Hosts: 67.230.163.203 www.google.co.nz
O1 - Hosts: 67.230.163.203 google.pl
O1 - Hosts: 67.230.163.203 www.google.pl
O1 - Hosts: 67.230.163.203 google.se
O1 - Hosts: 67.230.163.203 www.google.se
O1 - Hosts: 67.230.163.203 google.co.uk
O1 - Hosts: 67.230.163.203 www.google.co.uk
O1 - Hosts: 67.230.163.203 google.co.za
O1 - Hosts: 67.230.163.203 www.google.co.za
O1 - Hosts: 67.230.163.203 www.google-analytics.com
O1 - Hosts: 67.230.163.203 www.bing.com
O1 - Hosts: 67.230.163.203 search.yahoo.com
O1 - Hosts: 67.230.163.203 www.search.yahoo.com
O1 - Hosts: 67.230.163.203 uk.search.yahoo.com
O1 - Hosts: 67.230.163.203 ca.search.yahoo.com
O1 - Hosts: 67.230.163.203 de.search.yahoo.com
O1 - Hosts: 67.230.163.203 fr.search.yahoo.com
O1 - Hosts: 67.230.163.203 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Lisa Williams\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe -t
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O4 - Startup: ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
0

#4
User is offline   noop 
Posted 31 July 2010 - 07:18 PM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
Perfect! This is exactly what we need.

Now exit out of all of your browsers and delete these items from HiJackThis

(Copy and paste this into notepad)
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.230.163.203 www.google.com
O1 - Hosts: 67.230.163.203 google.com
O1 - Hosts: 67.230.163.203 google.com.au
O1 - Hosts: 67.230.163.203 www.google.com.au
O1 - Hosts: 67.230.163.203 google.be
O1 - Hosts: 67.230.163.203 www.google.be
O1 - Hosts: 67.230.163.203 google.com.br
O1 - Hosts: 67.230.163.203 www.google.com.br
O1 - Hosts: 67.230.163.203 google.ca
O1 - Hosts: 67.230.163.203 www.google.ca
O1 - Hosts: 67.230.163.203 google.ch
O1 - Hosts: 67.230.163.203 www.google.ch
O1 - Hosts: 67.230.163.203 google.de
O1 - Hosts: 67.230.163.203 www.google.de
O1 - Hosts: 67.230.163.203 google.dk
O1 - Hosts: 67.230.163.203 www.google.dk
O1 - Hosts: 67.230.163.203 google.fr
O1 - Hosts: 67.230.163.203 www.google.fr
O1 - Hosts: 67.230.163.203 google.ie
O1 - Hosts: 67.230.163.203 www.google.ie
O1 - Hosts: 67.230.163.203 google.it
O1 - Hosts: 67.230.163.203 www.google.it
O1 - Hosts: 67.230.163.203 google.co.jp
O1 - Hosts: 67.230.163.203 www.google.co.jp
O1 - Hosts: 67.230.163.203 google.nl
O1 - Hosts: 67.230.163.203 www.google.nl
O1 - Hosts: 67.230.163.203 google.no
O1 - Hosts: 67.230.163.203 www.google.no
O1 - Hosts: 67.230.163.203 google.co.nz
O1 - Hosts: 67.230.163.203 www.google.co.nz
O1 - Hosts: 67.230.163.203 google.pl
O1 - Hosts: 67.230.163.203 www.google.pl
O1 - Hosts: 67.230.163.203 google.se
O1 - Hosts: 67.230.163.203 www.google.se
O1 - Hosts: 67.230.163.203 google.co.uk
O1 - Hosts: 67.230.163.203 www.google.co.uk
O1 - Hosts: 67.230.163.203 google.co.za
O1 - Hosts: 67.230.163.203 www.google.co.za
O1 - Hosts: 67.230.163.203 www.google-analytics.com
O1 - Hosts: 67.230.163.203 www.bing.com
O1 - Hosts: 67.230.163.203 search.yahoo.com
O1 - Hosts: 67.230.163.203 www.search.yahoo.com
O1 - Hosts: 67.230.163.203 uk.search.yahoo.com
O1 - Hosts: 67.230.163.203 ca.search.yahoo.com
O1 - Hosts: 67.230.163.203 de.search.yahoo.com
O1 - Hosts: 67.230.163.203 fr.search.yahoo.com
O1 - Hosts: 67.230.163.203 au.search.yahoo.com
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx


So you will check those, and then click on the Fix Checked button. Once done, reboot your PC.

Once your PC is rebooted, we will want to look into getting Windows XP fully up to date to prevent some more viruses as well.
Posted Image Posted Image
0

#5
User is offline   Chris Williams 
Posted 31 July 2010 - 07:26 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
Im slightly nervous that my computer will freeze up like always when I reboot. What should I do? Reboot anyway?
0

#6
User is offline   noop 
Posted 31 July 2010 - 07:47 PM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
Yes, please reboot it.
Posted Image Posted Image
0

#7
User is offline   Chris Williams 
Posted 02 August 2010 - 02:26 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
Sorry for the delay. It took 2 hours for my computer to restart and then it took me forever to find this website again. What do I do now?
0

#8
User is offline   noop 
Posted 02 August 2010 - 11:51 PM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
Could you please run one more hijackthis log. Also, are you familiar with Windows Updates?
Posted Image Posted Image
0

#9
User is offline   Chris Williams 
Posted 03 August 2010 - 03:54 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
Not really familiar with windows update.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\Lisa Williams\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...09&m=el1200-06w
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...09&m=el1200-06w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...09&m=el1200-06w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...09&m=el1200-06w
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.230.163.203 www.google.com
O1 - Hosts: 67.230.163.203 google.com
O1 - Hosts: 67.230.163.203 google.com.au
O1 - Hosts: 67.230.163.203 www.google.com.au
O1 - Hosts: 67.230.163.203 google.be
O1 - Hosts: 67.230.163.203 www.google.be
O1 - Hosts: 67.230.163.203 google.com.br
O1 - Hosts: 67.230.163.203 www.google.com.br
O1 - Hosts: 67.230.163.203 google.ca
O1 - Hosts: 67.230.163.203 www.google.ca
O1 - Hosts: 67.230.163.203 google.ch
O1 - Hosts: 67.230.163.203 www.google.ch
O1 - Hosts: 67.230.163.203 google.de
O1 - Hosts: 67.230.163.203 www.google.de
O1 - Hosts: 67.230.163.203 google.dk
O1 - Hosts: 67.230.163.203 www.google.dk
O1 - Hosts: 67.230.163.203 google.fr
O1 - Hosts: 67.230.163.203 www.google.fr
O1 - Hosts: 67.230.163.203 google.ie
O1 - Hosts: 67.230.163.203 www.google.ie
O1 - Hosts: 67.230.163.203 google.it
O1 - Hosts: 67.230.163.203 www.google.it
O1 - Hosts: 67.230.163.203 google.co.jp
O1 - Hosts: 67.230.163.203 www.google.co.jp
O1 - Hosts: 67.230.163.203 google.nl
O1 - Hosts: 67.230.163.203 www.google.nl
O1 - Hosts: 67.230.163.203 google.no
O1 - Hosts: 67.230.163.203 www.google.no
O1 - Hosts: 67.230.163.203 google.co.nz
O1 - Hosts: 67.230.163.203 www.google.co.nz
O1 - Hosts: 67.230.163.203 google.pl
O1 - Hosts: 67.230.163.203 www.google.pl
O1 - Hosts: 67.230.163.203 google.se
O1 - Hosts: 67.230.163.203 www.google.se
O1 - Hosts: 67.230.163.203 google.co.uk
O1 - Hosts: 67.230.163.203 www.google.co.uk
O1 - Hosts: 67.230.163.203 google.co.za
O1 - Hosts: 67.230.163.203 www.google.co.za
O1 - Hosts: 67.230.163.203 www.google-analytics.com
O1 - Hosts: 67.230.163.203 www.bing.com
O1 - Hosts: 67.230.163.203 search.yahoo.com
O1 - Hosts: 67.230.163.203 www.search.yahoo.com
O1 - Hosts: 67.230.163.203 uk.search.yahoo.com
O1 - Hosts: 67.230.163.203 ca.search.yahoo.com
O1 - Hosts: 67.230.163.203 de.search.yahoo.com
O1 - Hosts: 67.230.163.203 fr.search.yahoo.com
O1 - Hosts: 67.230.163.203 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Lisa Williams\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
0

#10
User is offline   noop 
Posted 05 August 2010 - 01:59 AM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
You need to remove these again:

O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.230.163.203 www.google.com
O1 - Hosts: 67.230.163.203 google.com
O1 - Hosts: 67.230.163.203 google.com.au
O1 - Hosts: 67.230.163.203 www.google.com.au
O1 - Hosts: 67.230.163.203 google.be
O1 - Hosts: 67.230.163.203 www.google.be
O1 - Hosts: 67.230.163.203 google.com.br
O1 - Hosts: 67.230.163.203 www.google.com.br
O1 - Hosts: 67.230.163.203 google.ca
O1 - Hosts: 67.230.163.203 www.google.ca
O1 - Hosts: 67.230.163.203 google.ch
O1 - Hosts: 67.230.163.203 www.google.ch
O1 - Hosts: 67.230.163.203 google.de
O1 - Hosts: 67.230.163.203 www.google.de
O1 - Hosts: 67.230.163.203 google.dk
O1 - Hosts: 67.230.163.203 www.google.dk
O1 - Hosts: 67.230.163.203 google.fr
O1 - Hosts: 67.230.163.203 www.google.fr
O1 - Hosts: 67.230.163.203 google.ie
O1 - Hosts: 67.230.163.203 www.google.ie
O1 - Hosts: 67.230.163.203 google.it
O1 - Hosts: 67.230.163.203 www.google.it
O1 - Hosts: 67.230.163.203 google.co.jp
O1 - Hosts: 67.230.163.203 www.google.co.jp
O1 - Hosts: 67.230.163.203 google.nl
O1 - Hosts: 67.230.163.203 www.google.nl
O1 - Hosts: 67.230.163.203 google.no
O1 - Hosts: 67.230.163.203 www.google.no
O1 - Hosts: 67.230.163.203 google.co.nz
O1 - Hosts: 67.230.163.203 www.google.co.nz
O1 - Hosts: 67.230.163.203 google.pl
O1 - Hosts: 67.230.163.203 www.google.pl
O1 - Hosts: 67.230.163.203 google.se
O1 - Hosts: 67.230.163.203 www.google.se
O1 - Hosts: 67.230.163.203 google.co.uk
O1 - Hosts: 67.230.163.203 www.google.co.uk
O1 - Hosts: 67.230.163.203 google.co.za
O1 - Hosts: 67.230.163.203 www.google.co.za
O1 - Hosts: 67.230.163.203 www.google-analytics.com
O1 - Hosts: 67.230.163.203 www.bing.com
O1 - Hosts: 67.230.163.203 search.yahoo.com
O1 - Hosts: 67.230.163.203 www.search.yahoo.com
O1 - Hosts: 67.230.163.203 uk.search.yahoo.com
O1 - Hosts: 67.230.163.203 ca.search.yahoo.com
O1 - Hosts: 67.230.163.203 de.search.yahoo.com
O1 - Hosts: 67.230.163.203 fr.search.yahoo.com
O1 - Hosts: 67.230.163.203 au.search.yahoo.com


Windows updates is used to fix security holes/bugs with the Windows Operating system. This can definitely help secure your system.

To do so, click Start->All Programs->Windows Updates. This will bring up Internet Explorer.and bring you to the Windows Update web page. On that page, click on the Express button; this will scan your machine and check for the latest updates from Microsoft. Once it is done checking for updates, check all of the updates and click Review and Install (may be worded differently).

You will want to install all of these. They are free from Microsoft.
Posted Image Posted Image
0

#11
User is offline   Chris Williams 
Posted 05 August 2010 - 06:58 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
The hijack this is not deleting any of the things I check. When I reboot and scan again the same things pop off. Also, I still have no sound from my internet. I did install the windows updates.
0

#12
User is offline   noop 
Posted 05 August 2010 - 11:40 PM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
What are you exactly doing when you try to delete the hijackthis entries? Could you please describe your steps, step-by-step.

Good work on the Windows Updates! :) Those should help immensely.

As for the sound, I am guessing this is part of the problem with the spyware. It looks like it has attacked your web browsers and that could be screwing them up, which is causing the sound issues. Right now my plan of attack is to rid your system of viruses/spyware, and then reset your browsers back to factory defaults and assess where we are at.

I see you do have AVG Antivirus/Spyware installed. Is it up to date? Have you scheduled a full system scan lately?

I personally am not a fan of AVG and recommend Avast! antivirus as it is probably one of the most proactive antivirus solutions out there. I can help you uninstall AVG and install Avast to schedule a boot scan which will definitely help cleanup your system.

Please don't give up, this can be very frustrating, but trust me we will make progress :)
noop
Posted Image Posted Image
0

#13
User is offline   Chris Williams 
Posted 06 August 2010 - 04:44 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
I get this message when I run Hi Jack this. "For some reason your system denied write access to the host files. If any Hijacked domains are in this file, HiJack this may not be able to fix this. If this happens you need to edit the files yourself. To do this click start, run and type: notepad "C:\windows\System32\drivers\etc\hosts"
and press enter. Find the line HJC reports and delete them. Save the file as "hosts" with quotes and reboot."

I did that yesterday and when I rebooted and scanned again, the files where still there.

This post has been edited by Chris Williams: 06 August 2010 - 04:44 PM

0

#14
User is offline   Chris Williams 
Posted 06 August 2010 - 07:24 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
Unistalled AVG and downloaded Avast and it found nothing. *sigh* Yeah this really is frustrating. What do I do now?
0

#15
User is offline   noop 
Posted 07 August 2010 - 05:32 PM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
Ok, so with avast I want you to schedule a boot scan. To do that, click on the Avast icon in the bottom right, Click on the Scan Computer button->Boot-time scan. On this screen, Select your C:\ drive to scan, and then click the Schedule now button. Your computer will restart and this will do a full system scan. If it finds nasty stuff, use your keyboard to select Delete, Yes to all (I believe you press a number on your keyboard). Once this is done, we should download a program named MalwareBytes and scan for spyware.

Download Malwarebytes Free Edition from here > http://www.pchelphq.com/topic/457-software-update-malwarebytes-anti-malware-146/ During the installation of Malwarebytes just accept all the defaults, such as installation location, if you want desktop icons of not, you can clean all of this up later on. The most important thing is, you get this program installed, updated, and running. At the end of the installation make sure that update Malwarebytes and run Malwarebytes check boxes are checked and click finish.
Posted Image

Malwarebytes will now update its virus definitions and to the latest version if needed, then the program will run. Make sure your on the scanner tab and Preform a Quick Scan is selected, then click the scan button.
Posted Image

The scan should only take a couple of minutes, so be patient. Once the scan is finished you will get a window that looks like this. Click on the "show results" button.
Posted Image

On the scan results windows make sure that there are green check marks in the boxes beside all of the infections, and click the "remove selected" button.
Posted Image

Once Malwarebytes removes the infections you will get a scan log telling you what has been removed. At this point, I would run one more HiJackThis scan and delete th ese keys if they are there:
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.230.163.203 www.google.com
O1 - Hosts: 67.230.163.203 google.com
O1 - Hosts: 67.230.163.203 google.com.au
O1 - Hosts: 67.230.163.203 www.google.com.au
O1 - Hosts: 67.230.163.203 google.be
O1 - Hosts: 67.230.163.203 www.google.be
O1 - Hosts: 67.230.163.203 google.com.br
O1 - Hosts: 67.230.163.203 www.google.com.br
O1 - Hosts: 67.230.163.203 google.ca
O1 - Hosts: 67.230.163.203 www.google.ca
O1 - Hosts: 67.230.163.203 google.ch
O1 - Hosts: 67.230.163.203 www.google.ch
O1 - Hosts: 67.230.163.203 google.de
O1 - Hosts: 67.230.163.203 www.google.de
O1 - Hosts: 67.230.163.203 google.dk
O1 - Hosts: 67.230.163.203 www.google.dk
O1 - Hosts: 67.230.163.203 google.fr
O1 - Hosts: 67.230.163.203 www.google.fr
O1 - Hosts: 67.230.163.203 google.ie
O1 - Hosts: 67.230.163.203 www.google.ie
O1 - Hosts: 67.230.163.203 google.it
O1 - Hosts: 67.230.163.203 www.google.it
O1 - Hosts: 67.230.163.203 google.co.jp
O1 - Hosts: 67.230.163.203 www.google.co.jp
O1 - Hosts: 67.230.163.203 google.nl
O1 - Hosts: 67.230.163.203 www.google.nl
O1 - Hosts: 67.230.163.203 google.no
O1 - Hosts: 67.230.163.203 www.google.no
O1 - Hosts: 67.230.163.203 google.co.nz
O1 - Hosts: 67.230.163.203 www.google.co.nz
O1 - Hosts: 67.230.163.203 google.pl
O1 - Hosts: 67.230.163.203 www.google.pl
O1 - Hosts: 67.230.163.203 google.se
O1 - Hosts: 67.230.163.203 www.google.se
O1 - Hosts: 67.230.163.203 google.co.uk
O1 - Hosts: 67.230.163.203 www.google.co.uk
O1 - Hosts: 67.230.163.203 google.co.za
O1 - Hosts: 67.230.163.203 www.google.co.za
O1 - Hosts: 67.230.163.203 www.google-analytics.com
O1 - Hosts: 67.230.163.203 www.bing.com
O1 - Hosts: 67.230.163.203 search.yahoo.com
O1 - Hosts: 67.230.163.203 www.search.yahoo.com
O1 - Hosts: 67.230.163.203 uk.search.yahoo.com
O1 - Hosts: 67.230.163.203 ca.search.yahoo.com
O1 - Hosts: 67.230.163.203 de.search.yahoo.com
O1 - Hosts: 67.230.163.203 fr.search.yahoo.com
O1 - Hosts: 67.230.163.203 au.search.yahoo.com

Posted Image Posted Image
0

#16
User is offline   Chris Williams 
Posted 08 August 2010 - 02:03 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
I did it. Malwarebytes found nothing as usual. I want to thank you though for continuing to work with me. What now though?
0

#17
User is offline   noop 
Posted 08 August 2010 - 08:52 PM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
Next, lets see if we can get your webbrowsers to work. Could you please open up internet explorer and click Tools->Internet Options. Click on the Delete button and check as many boxes as you are willing to (Definately check the Temporary internet files checkbox though). Then, Click on the Advanced tab and then click on Restore Advanced Settings button. After that, click on the Reset... button. (This wont delete your favorites and stuff unless you check the button.)

Reopen up Internet Explorer and tell me if you are able to hear Audio/Surf the web normally again. (We will work on the other browsers after this).

noop
Posted Image Posted Image
0

#18
User is offline   Chris Williams 
Posted 09 August 2010 - 07:40 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
That didn't work either. I still can't hear a thing. I'm thinking of restoring my computer to factory settings but kinda afraid that my sound still may not work. I'm not sure how to restore it either. I'm using a windows xp e machine.
0

#19
User is offline   Chris Williams 
Posted 09 August 2010 - 10:02 PM

  • Member
  • PipPip
  • Group: Members
  • Posts: 12
  • Joined: 31-July 10
Good news my sound is now working. My problem now is that I'm still occasionally getting redirected via google chrome. Hi Jack this keeps finding the same files that I delete over and over again.
0

#20
User is offline   noop 
Posted 11 August 2010 - 01:08 AM

  • Administrator
  • View gallery
  • Group: Administrators
  • Posts: 3,229
  • Joined: 24-August 09
  • LocationUSA
Lets give this a shot:
  • In Google Chrome; Click the Tools Posted Image menu.
  • Select Options.
  • Click the Under the Hood tab.
  • Click Reset to defaults.
  • In the confirmation dialog, verify your selection by clicking Reset to defaults.
  • Click Close.
Reopen Google Chrome and see if everything is working correctly.
Posted Image Posted Image
0

Share this topic:


  • (2 Pages) +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users