Solve : I'm not sure, but I need help? – InterviewSolution

InterviewSolution

1.	Solve : I'm not sure, but I need help?
Answer» I'm almost COMPLETELY computer ILLITERATE, so I'm not sure where to ask for help with this. I've been having a strange problem with my computer that STARTED when I downloaded a game from the internet. For no apparent reason I suddenly start hearing some type of program, sounds like a radio or TV broadcast, playing over my speakers, and then it stops only to start up again at random intervals. I also don't see anything, it's just a sound. I recently got a DSL internet connection, and I think it is using that to make the program work, but I don't know how to stop it. I tried deleting the game, but I keep hearing the program, even when I close my internet window. Any advice would be most appreciated. Thanks in advance.Try restarting the computer? What antivirus do you have and run a full scan. Does the problem still happen when you disconnect from the internet (and then restarting)I've restarted the computer 5 times. I use AVG free and I scanned 3 times today, it comes up clean. I also use AVG free Anti-spyware, but it hasn't helped. How can you disconnect from a DSL internet connection? I have tried removing my ethernet cable from my modem, but again it doesn't help. I just close my internet explorer windows.Download HijackThis: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download Click on Download HijackThis Installer Post HijackTHis log.Hope I did it right... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:15 PM, on 4/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Nexon\Mabinogi\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: (no name) - {F0102993-9826-C387-512F-ED1BB0071695} - C:\WINDOWS\system32\jvm.dll (file missing) O2 - BHO: (no name) - {031E8EF1-3514-34E9-382C-1DE4BFB0E8C8} - C:\WINDOWS\system32\lmjm.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {29ACA570-40C9-1B3B-E8E1-31A60B5B909E} - C:\WINDOWS\system32\krng.dll (file missing) O2 - BHO: (no name) - {2BFAF773-4ACE-4968-E8E1-31A60B5B969A} - C:\WINDOWS\system32\xql.dll (file missing) O2 - BHO: (no name) - {31E55F30-E9A5-E102-82FB-C46936AE8FC3} - C:\WINDOWS\system32\amyr.dll (file missing) O2 - BHO: (no name) - {32FFD737-75C5-656C-FEFE-178A3B6ACDF9} - C:\WINDOWS\system32\rlruxgz.dll (file missing) O2 - BHO: (no name) - {50FD43F8-AB19-A0E2-678C-87AD0B7BE3C3} - C:\WINDOWS\system32\jbdkaskb.dll (file missing) O2 - BHO: (no name) - {741AC613-62E3-744C-859B-516E855288A7} - C:\WINDOWS\system32\pjqff.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {89DDFA84-1738-43CB-4A3B-3CC62D4966C5} - C:\WINDOWS\system32\doaazse.dll (file missing) O2 - BHO: (no name) - {8DF6F6DF-062A-4380-14DD-65AD390978F7} - C:\WINDOWS\system32\rhunfh.dll (file missing) O2 - BHO: (no name) - {8F8BF5D6-1169-439C-4E3B-3CC62D493297} - C:\WINDOWS\system32\fvscoa.dll (file missing) O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll O2 - BHO: (no name) - {A41CE5D2-5D32-0F9D-13DB-72F2BE5040CF} - C:\WINDOWS\system32\jguehat.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {B88FC2AC-2E4A-7FB9-62E4-5180783A00C1} - C:\WINDOWS\system32\sun.dll (file missing) O2 - BHO: (no name) - {B8B737C8-C33E-8BC5-5534-FBA4286D45F8} - C:\WINDOWS\system32\uftczc.dll (file missing) O2 - BHO: (no name) - {C0A5C7B6-7D06-2EA6-23F8-0045057A229B} - C:\WINDOWS\system32\mkcpuuw.dll (file missing) O2 - BHO: (no name) - {F0102993-9826-C387-512F-ED1BB0071695} - C:\WINDOWS\system32\jvm.dll (file missing) O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265NYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100886880636 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168574706123 O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab O21 - SSODL: UnknownVolume - {84997789-71bf-44ad-826b-0b27d63e432f} - C:\WINDOWS\Resources\UnknownVolume.dll O23 - Service: a-squared Free Service (a2free) - Unknown owner - G:\Apps\Antispyware\a-squared Free\a2service.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- End of file - 10182 bytesYou have quiet a few infections... Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Post new HijackThis log.SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/10/2008 at 01:17 AM Application Version : 4.0.1154 Core Rules Database Version : 3435 Trace Rules Database Version: 1427 Scan type : Complete Scan Total Scan Time : 01:46:16 Memory items scanned : 171 Memory threats detected : 0 Registry items scanned : 5717 Registry threats detected : 3 File items scanned : 64719 File threats detected : 63 Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][3].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt Trojan.Net-MU/Gen HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName Adware.ClickSpring C:\WINDOWS\system32\RGSVR3~1.EXE Malwarebytes' Anti-Malware 1.11 Database version: 606 Scan type: Full Scan (C:\\|F:\\|) Objects scanned: 94479 Time elapsed: 28 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 18 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 8 Files Infected: 20 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\Resources\UnknownVolume.dll (Trojan.Clicker) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84997789-71bf-44ad-826b-0b27d63e432f} (Trojan.Clicker) -> Delete on reboot. HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\UnknownVolume (Trojan.Clicker) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1020\A0189041.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1020\A0189043.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1022\A0190061.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1022\A0190062.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1022\A0190063.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1022\A0190064.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1022\A0190065.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1022\A0190066.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1026\A0190139.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{148BB4EB-497F-42F0-8136-73653F3B9ECC}\RP1033\A0194218.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images\10578DCE.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\Resources\UnknownVolume.dll (Trojan.Clicker) -> Delete on reboot. C:\WINDOWS\system32\ClickToFindandFixErrors_4.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully. I've noticed when I restart, an internet window opens up and asks me for my podcast login information. I don't have that, and I don't even know what a podcast is, so I've been closing the window and ignoring it. But I was wondering if that could be the cause of the weird sounds I keep hearing. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:32:24 AM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Nexon\Mabinogi\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\system32\WgaTray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: (no name) - {F0102993-9826-C387-512F-ED1BB0071695} - C:\WINDOWS\system32\jvm.dll (file missing) O2 - BHO: (no name) - {031E8EF1-3514-34E9-382C-1DE4BFB0E8C8} - C:\WINDOWS\system32\lmjm.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {29ACA570-40C9-1B3B-E8E1-31A60B5B909E} - C:\WINDOWS\system32\krng.dll (file missing) O2 - BHO: (no name) - {2BFAF773-4ACE-4968-E8E1-31A60B5B969A} - C:\WINDOWS\system32\xql.dll (file missing) O2 - BHO: (no name) - {31E55F30-E9A5-E102-82FB-C46936AE8FC3} - C:\WINDOWS\system32\amyr.dll (file missing) O2 - BHO: (no name) - {32FFD737-75C5-656C-FEFE-178A3B6ACDF9} - C:\WINDOWS\system32\rlruxgz.dll (file missing) O2 - BHO: (no name) - {50FD43F8-AB19-A0E2-678C-87AD0B7BE3C3} - C:\WINDOWS\system32\jbdkaskb.dll (file missing) O2 - BHO: (no name) - {741AC613-62E3-744C-859B-516E855288A7} - C:\WINDOWS\system32\pjqff.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {89DDFA84-1738-43CB-4A3B-3CC62D4966C5} - C:\WINDOWS\system32\doaazse.dll (file missing) O2 - BHO: (no name) - {8DF6F6DF-062A-4380-14DD-65AD390978F7} - C:\WINDOWS\system32\rhunfh.dll (file missing) O2 - BHO: (no name) - {8F8BF5D6-1169-439C-4E3B-3CC62D493297} - C:\WINDOWS\system32\fvscoa.dll (file missing) O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll O2 - BHO: (no name) - {A41CE5D2-5D32-0F9D-13DB-72F2BE5040CF} - C:\WINDOWS\system32\jguehat.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {B88FC2AC-2E4A-7FB9-62E4-5180783A00C1} - C:\WINDOWS\system32\sun.dll (file missing) O2 - BHO: (no name) - {B8B737C8-C33E-8BC5-5534-FBA4286D45F8} - C:\WINDOWS\system32\uftczc.dll (file missing) O2 - BHO: (no name) - {C0A5C7B6-7D06-2EA6-23F8-0045057A229B} - C:\WINDOWS\system32\mkcpuuw.dll (file missing) O2 - BHO: (no name) - {F0102993-9826-C387-512F-ED1BB0071695} - C:\WINDOWS\system32\jvm.dll (file missing) O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265NYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100886880636 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168574706123 O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Unknown owner - G:\Apps\Antispyware\a-squared Free\a2service.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- End of file - 10117 bytes Let me check HJT, first...* Is Windows firewall ON? * Uninstall AT&T Internet Security Wizard. Instructions here: http://securityhelp.bellsouth.net/index.php?ToDo=view&Frame=1&questId=368&catId=61 1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with ), no actual program will be removed): - R3 - URLSearchHook: (no name) - {F0102993-9826-C387-512F-ED1BB0071695} - C:\WINDOWS\system32\jvm.dll (file missing) - O2 - BHO: (no name) - {031E8EF1-3514-34E9-382C-1DE4BFB0E8C8} - C:\WINDOWS\system32\lmjm.dll (file missing) - O2 - BHO: (no name) - {29ACA570-40C9-1B3B-E8E1-31A60B5B909E} - C:\WINDOWS\system32\krng.dll (file missing) - O2 - BHO: (no name) - {2BFAF773-4ACE-4968-E8E1-31A60B5B969A} - C:\WINDOWS\system32\xql.dll (file missing) - O2 - BHO: (no name) - {31E55F30-E9A5-E102-82FB-C46936AE8FC3} - C:\WINDOWS\system32\amyr.dll (file missing) - O2 - BHO: (no name) - {32FFD737-75C5-656C-FEFE-178A3B6ACDF9} - C:\WINDOWS\system32\rlruxgz.dll (file missing) - O2 - BHO: (no name) - {50FD43F8-AB19-A0E2-678C-87AD0B7BE3C3} - C:\WINDOWS\system32\jbdkaskb.dll (file missing) - O2 - BHO: (no name) - {741AC613-62E3-744C-859B-516E855288A7} - C:\WINDOWS\system32\pjqff.dll (file missing) - O2 - BHO: (no name) - {89DDFA84-1738-43CB-4A3B-3CC62D4966C5} - C:\WINDOWS\system32\doaazse.dll (file missing) - O2 - BHO: (no name) - {8DF6F6DF-062A-4380-14DD-65AD390978F7} - C:\WINDOWS\system32\rhunfh.dll (file missing) - O2 - BHO: (no name) - {8F8BF5D6-1169-439C-4E3B-3CC62D493297} - C:\WINDOWS\system32\fvscoa.dll (file missing) - O2 - BHO: (no name) - {A41CE5D2-5D32-0F9D-13DB-72F2BE5040CF} - C:\WINDOWS\system32\jguehat.dll (file missing) - O2 - BHO: (no name) - {B88FC2AC-2E4A-7FB9-62E4-5180783A00C1} - C:\WINDOWS\system32\sun.dll (file missing) - O2 - BHO: (no name) - {B8B737C8-C33E-8BC5-5534-FBA4286D45F8} - C:\WINDOWS\system32\uftczc.dll (file missing) - O2 - BHO: (no name) - {C0A5C7B6-7D06-2EA6-23F8-0045057A229B} - C:\WINDOWS\system32\mkcpuuw.dll (file missing) - O2 - BHO: (no name) - {F0102993-9826-C387-512F-ED1BB0071695} - C:\WINDOWS\system32\jvm.dll (file missing) - O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265NYUS - O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe - O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe 4. Click on Fix checked* button. 5. Restart computer. 9. Post new HijackThis log.I think my Windows firewall is on, as I never turned it off, but I don't even know how to tell... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:40:58 PM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Nexon\Mabinogi\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100886880636 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168574706123 O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Unknown owner - G:\Apps\Antispyware\a-squared Free\a2service.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- End of file - 7847 bytes Very well HJT log is clean. 1. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that POPS up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 2. Restart computer. 3. Turn System Restore on. Create new Restore Point. 4. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner 6. Download, and install free ThreatFire: http://www.threatfire.com/, which will give you real-time protection against malwares. It won't interfere with your antivirus, nor firewall. 7. Let me know, how your computer is doing. Thank you so much! The noise has stopped, and my computer is running a lot better as well. Thank you again.Good news

Discussion

No Comment Found

Related InterviewSolutions