Annoying Cid Popups

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Annoying Cid Popups

Options

soulesskiller21 View Member Profile	Feb 1 2008, 09:00 PM Post #1
Member Group: Members Posts: 56 Joined: 31-December 07 Member No.: 180,192	I'm pretty sure this 'LOP' thing ive heard so much about is on here but i also need help with my pc boot eiter way lets deal with the malware, spyware, whatever this is. Heres a Hijackthis file of my pc Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:55:08 PM, on 2/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\svehost.exe C:\program files\valve\steam\steam.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167256097594 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167257714156 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{09E6EA21-8327-4525-9F7E-9094DC47C9FC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9327CA-A005-4390-A256-1EA248F224C5}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{09E6EA21-8327-4525-9F7E-9094DC47C9FC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{09E6EA21-8327-4525-9F7E-9094DC47C9FC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS4\Services\Tcpip\..\{09E6EA21-8327-4525-9F7E-9094DC47C9FC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9192 bytes Oh and if u could tell me where i would need to post for bootfail help? thx

2 Pages

1 2 >

Replies (1 - 14)

Buckeye_Sam View Member Profile	Feb 2 2008, 09:09 AM Post #2
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop. Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet. Double click combofix.exe and follow the prompts. When it's done running it will produce a log for you. Please post that log in your next reply. Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

soulesskiller21 View Member Profile	Feb 2 2008, 11:02 AM Post #3
Member Group: Members Posts: 56 Joined: 31-December 07 Member No.: 180,192	ok ran the program heres the logfile ComboFix 08-02.02.5 - Timichael 2008-02-02 10:44:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT -5:00] Running from: C:\Documents and Settings\Timichael\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Common Files\companion wizard C:\Program Files\Common Files\companion wizard\CompWiz.xml C:\WINDOWS\system32\ayadd.bak1 C:\WINDOWS\system32\ayadd.bak2 C:\WINDOWS\system32\ayadd.ini2 C:\WINDOWS\system32\ayadd.tmp C:\WINDOWS\system32\ddaya.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\kddie.exe C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\svehost.exe C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))) . 2008-01-29 23:28 . 2008-01-29 23:28 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-29 23:28 . 2008-01-29 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-26 20:44 . 2008-01-26 20:44 94,208 --a------ C:\WINDOWS\DIIUnin.exe 2008-01-26 20:44 . 2008-01-26 20:56 35,015 --a------ C:\WINDOWS\DIIUnin.dat 2008-01-26 20:44 . 2008-01-26 20:44 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-01-26 20:39 . 2008-02-02 01:01 <DIR> d-------- C:\Program Files\Diablo II 2008-01-26 14:32 . 2008-01-26 20:57 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-01-26 14:26 . 2008-01-26 20:38 <DIR> d-------- C:\Program Files\Diablo 2 2008-01-26 13:48 . 2008-01-26 13:48 4,521 --a------ C:\INSTALL_Timichael_01000005.ERR 2008-01-23 16:37 . 2008-01-23 16:37 <DIR> d-------- C:\Documents and Settings\Timichael\Application Data\Sony 2008-01-23 16:37 . 2008-01-23 16:37 <DIR> d-------- C:\Documents and Settings\Timichael\Application Data\Publish Providers 2008-01-23 16:31 . 2008-01-23 16:31 <DIR> d-------- C:\Program Files\Vstplugins 2008-01-23 16:30 . 2008-01-23 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-01-23 16:19 . 2008-01-23 16:30 <DIR> d-------- C:\Program Files\Sony 2008-01-23 10:44 . 2008-01-23 10:44 <DIR> d-------- C:\Program Files\MSBuild 2008-01-23 10:40 . 2008-01-23 10:40 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-01-23 10:39 . 2008-01-23 10:39 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-01-23 10:39 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-01-23 10:35 . 2008-01-23 16:14 <DIR> d-------- C:\Program Files\Sony Setup 2008-01-23 10:35 . 2008-01-23 10:35 <DIR> d-------- C:\Documents and Settings\Timichael\Application Data\Sony Setup 2008-01-17 14:11 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-01-17 14:11 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-01-17 14:11 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-01-17 14:11 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-01-17 14:10 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2008-01-17 14:10 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2008-01-17 14:10 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-01-15 17:53 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2008-01-15 17:08 . 2008-01-15 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-15 17:07 . 2008-01-15 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-15 17:00 . 2008-01-15 17:00 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-01-12 12:29 . 2008-01-30 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs 2008-01-12 01:15 . 2008-01-12 01:15 <DIR> d-------- C:\temp 2008-01-12 00:42 . 2008-01-12 00:42 <DIR> d-------- C:\Program Files\THQ 2008-01-06 02:51 . 2008-01-06 02:57 94,208 --a------ C:\WINDOWS\ScUnin.exe 2008-01-06 02:51 . 2008-01-06 02:57 35,382 --a------ C:\WINDOWS\scunin.dat 2008-01-06 02:51 . 2008-01-06 02:57 967 --a------ C:\WINDOWS\ScUnin.pif 2008-01-05 02:44 . 2008-01-05 02:44 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator 2008-01-03 22:05 . 2008-01-03 22:12 <DIR> d-------- C:\vcs5BGEffects 2008-01-03 22:03 . 2008-01-03 22:11 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-02 15:52 --------- d-----w C:\Documents and Settings\Timichael\Application Data\BitTorrent DNA 2008-02-02 01:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-02 01:46 --------- d-----w C:\Documents and Settings\Timichael\Application Data\BitTorrent 2008-02-02 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web 2008-01-31 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-30 04:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-15 22:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-06 19:38 --------- d-----w C:\Program Files\Starcraft 2008-01-06 17:33 --------- d-----w C:\Program Files\This folder is in question 2007-12-31 07:23 --------- d-----w C:\Program Files\Yahoo! 2007-12-27 07:39 --------- d-----w C:\Program Files\QuickTime 2007-12-27 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF} 2007-12-13 20:27 --------- d-----w C:\Program Files\Conquest Frontier Wars 2007-12-12 06:02 --------- d-----w C:\Documents and Settings\Timichael\Application Data\IGN_DLM 2007-12-11 17:56 --------- d-----w C:\Program Files\GoldWave 2007-12-11 04:11 --------- d-----w C:\Program Files\Illustrate 2007-12-03 17:28 --------- d-----w C:\Program Files\DomPlayer . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 20:40 1266936] "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-10-30 16:27 715888] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-10-03 21:06 286016] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:29 220544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 01:45 90112 C:\WINDOWS\soundman.exe] "amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 16:42 106496] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10 57344] "P17Helper"="P17.dll" [2005-05-02 22:38 64512 C:\WINDOWS\system32\P17.dll] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 17:56 188416] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-18 12:58 180269] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 07:23 200704] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-07 09:07 6731312] "Microsoft Updates"="svehost.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Updates"="svehost.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE R2 SocketLock;Raw Socket Lock Driver;C:\WINDOWS\system32\socketlock.sys [2006-11-18 11:32] R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 15:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\autorun.exe \Shell\directx\command - H:\DirectX9\dxsetup.exe \Shell\setup\command - H:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \Shell\AutoRun\command - L:\SETUP.EXE . Contents of the 'Scheduled Tasks' folder "2008-02-02 08:30:00 C:\WINDOWS\Tasks\RegistryBot Scheduled Scan.job" - C:\Program Files\RegistryBot\RegistryBot.ex - C:\Program Files\RegistryBo . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-02 10:55:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Rundll32.exe . ************************************************************************ . Completion time: 2008-02-02 11:01:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-02 16:00:58

Buckeye_Sam View Member Profile	Feb 2 2008, 12:45 PM Post #4
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Copy and paste ALL the following text in the Quote box below into Notepad. Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop. CODE Folder:: C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Updates"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Updates"=- Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet. Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below. This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. ================== Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

soulesskiller21 View Member Profile	Feb 2 2008, 04:46 PM Post #5
Member Group: Members Posts: 56 Joined: 31-December 07 Member No.: 180,192	was just wondering on the kaspersky scan do i download it or is it the online scan as for the combofix part heres the logfile ComboFix 08-02.02.5 - Timichael 2008-02-02 16:00:58.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.716 [GMT -5:00] Running from: C:\Documents and Settings\Timichael\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Timichael\Desktop\CFscript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\sign bike.exe . ((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))) . 2008-01-29 23:28 . 2008-01-29 23:28 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-29 23:28 . 2008-01-29 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-26 20:44 . 2008-01-26 20:44 94,208 --a------ C:\WINDOWS\DIIUnin.exe 2008-01-26 20:44 . 2008-01-26 20:56 35,015 --a------ C:\WINDOWS\DIIUnin.dat 2008-01-26 20:44 . 2008-01-26 20:44 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-01-26 20:39 . 2008-02-02 01:01 <DIR> d-------- C:\Program Files\Diablo II 2008-01-26 14:32 . 2008-01-26 20:57 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-01-26 14:26 . 2008-01-26 20:38 <DIR> d-------- C:\Program Files\Diablo 2 2008-01-26 13:48 . 2008-01-26 13:48 4,521 --a------ C:\INSTALL_Timichael_01000005.ERR 2008-01-23 16:37 . 2008-01-23 16:37 <DIR> d-------- C:\Documents and Settings\Timichael\Application Data\Sony 2008-01-23 16:37 . 2008-01-23 16:37 <DIR> d-------- C:\Documents and Settings\Timichael\Application Data\Publish Providers 2008-01-23 16:31 . 2008-01-23 16:31 <DIR> d-------- C:\Program Files\Vstplugins 2008-01-23 16:30 . 2008-01-23 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-01-23 16:19 . 2008-01-23 16:30 <DIR> d-------- C:\Program Files\Sony 2008-01-23 10:44 . 2008-01-23 10:44 <DIR> d-------- C:\Program Files\MSBuild 2008-01-23 10:40 . 2008-01-23 10:40 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-01-23 10:39 . 2008-01-23 10:39 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-01-23 10:39 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-01-23 10:35 . 2008-01-23 16:14 <DIR> d-------- C:\Program Files\Sony Setup 2008-01-23 10:35 . 2008-01-23 10:35 <DIR> d-------- C:\Documents and Settings\Timichael\Application Data\Sony Setup 2008-01-17 14:11 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-01-17 14:11 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-01-17 14:11 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-01-17 14:11 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-01-17 14:10 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2008-01-17 14:10 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2008-01-17 14:10 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-01-15 17:53 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2008-01-15 17:08 . 2008-01-15 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-15 17:07 . 2008-01-15 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-15 17:00 . 2008-01-15 17:00 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-01-12 12:29 . 2008-01-30 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs 2008-01-12 01:15 . 2008-01-12 01:15 <DIR> d-------- C:\temp 2008-01-12 00:42 . 2008-01-12 00:42 <DIR> d-------- C:\Program Files\THQ 2008-01-06 02:51 . 2008-01-06 02:57 94,208 --a------ C:\WINDOWS\ScUnin.exe 2008-01-06 02:51 . 2008-01-06 02:57 35,382 --a------ C:\WINDOWS\scunin.dat 2008-01-06 02:51 . 2008-01-06 02:57 967 --a------ C:\WINDOWS\ScUnin.pif 2008-01-05 02:44 . 2008-01-05 02:44 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator 2008-01-03 22:05 . 2008-01-03 22:12 <DIR> d-------- C:\vcs5BGEffects 2008-01-03 22:03 . 2008-01-03 22:11 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-02 21:05 --------- d-----w C:\Documents and Settings\Timichael\Application Data\BitTorrent DNA 2008-02-02 01:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-02 01:46 --------- d-----w C:\Documents and Settings\Timichael\Application Data\BitTorrent 2008-01-31 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-30 04:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-27 01:29 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-01-27 01:29 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-01-27 01:29 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-01-15 22:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-06 19:38 --------- d-----w C:\Program Files\Starcraft 2008-01-06 17:33 --------- d-----w C:\Program Files\This folder is in question 2007-12-31 07:23 --------- d-----w C:\Program Files\Yahoo! 2007-12-27 07:39 --------- d-----w C:\Program Files\QuickTime 2007-12-27 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF} 2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-13 20:27 --------- d-----w C:\Program Files\Conquest Frontier Wars 2007-12-12 06:02 --------- d-----w C:\Documents and Settings\Timichael\Application Data\IGN_DLM 2007-12-11 17:56 --------- d-----w C:\Program Files\GoldWave 2007-12-11 04:11 167,936 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2007-12-11 04:11 --------- d-----w C:\Program Files\Illustrate 2007-12-03 17:28 --------- d-----w C:\Program Files\DomPlayer . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 20:40 1266936] "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-10-30 16:27 715888] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-10-03 21:06 286016] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:29 220544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 01:45 90112 C:\WINDOWS\soundman.exe] "amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 16:42 106496] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10 57344] "P17Helper"="P17.dll" [2005-05-02 22:38 64512 C:\WINDOWS\system32\P17.dll] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 17:56 188416] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-18 12:58 180269] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 07:23 200704] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-07 09:07 6731312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE R2 SocketLock;Raw Socket Lock Driver;C:\WINDOWS\system32\socketlock.sys [2006-11-18 11:32] R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 15:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\autorun.exe \Shell\directx\command - H:\DirectX9\dxsetup.exe \Shell\setup\command - H:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \Shell\AutoRun\command - L:\SETUP.EXE . Contents of the 'Scheduled Tasks' folder "2008-02-02 08:30:00 C:\WINDOWS\Tasks\RegistryBot Scheduled Scan.job" - C:\Program Files\RegistryBot\RegistryBot.ex - C:\Program Files\RegistryBo . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-02 16:06:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-02 16:07:03 ComboFix-quarantined-files.txt 2008-02-02 21:06:37 ComboFix2.txt 2008-02-02 16:01:02

soulesskiller21 View Member Profile	Feb 2 2008, 08:28 PM Post #6
Member Group: Members Posts: 56 Joined: 31-December 07 Member No.: 180,192	Well I just went ahead and downloaded the program and I've looked all over and could'nt find the archive area on my pc i scanned my mailboxes and it was clean only 2 things there if you want i can upload my full system scan i cant post it since its too long

Buckeye_Sam View Member Profile	Feb 3 2008, 10:10 AM Post #7
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	If you installed the full version then it should have removed any threats automatically. So no need to post that entire log. Please post a new hijackthis log. How is your computer running now? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

soulesskiller21 View Member Profile	Feb 3 2008, 01:39 PM Post #8
Member Group: Members Posts: 56 Joined: 31-December 07 Member No.: 180,192	Well i noticed the CiD popups stopped after i did the first combofix part but the scan showed my pc is full of virus's mainly trojans idk if i should delete all these files since theres no spot to quarentine them but ya it is running alot smoother i just need to fix some of the minor stuff combofix prob changed and get rid of these trojans and ill be good. thx alot Sam =D. so about my bootfail too where do i post about that? Edit: whoops forgot the hijack this logfile here u go Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:35:30 PM, on 2/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe C:\program files\valve\steam\steam.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167256097594 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167257714156 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{09E6EA21-8327-4525-9F7E-9094DC47C9FC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9327CA-A005-4390-A256-1EA248F224C5}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{09E6EA21-8327-4525-9F7E-9094DC47C9FC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{09E6EA21-8327-4525-9F7E-9094DC47C9FC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS4\Services\Tcpip\..\{09E6EA21-8327-4525-9F7E-9094DC47C9FC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 8958 bytes This post has been edited by soulesskiller21: Feb 3 2008, 01:41 PM

Buckeye_Sam View Member Profile	Feb 4 2008, 09:19 AM Post #9
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	QUOTE but the scan showed my pc is full of virus's mainly trojans idk if i should delete all these files since theres no spot to quarentine them What scan shows this? QUOTE so about my bootfail too where do i post about that? I'm not sure what this is? Can you give me more details? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

soulesskiller21 View Member Profile	Feb 4 2008, 09:30 AM Post #10
Member Group: Members Posts: 56 Joined: 31-December 07 Member No.: 180,192	QUOTE(Buckeye_Sam @ Feb 4 2008, 09:19 AM) QUOTE but the scan showed my pc is full of virus's mainly trojans idk if i should delete all these files since theres no spot to quarentine them What scan shows this? The Kaspersky scan showed i had multiple trojans and virus's on my pc but idk if the files are important so idk if i should jus delete them of not since i cant easily quarantine them QUOTE so about my bootfail too where do i post about that? I'm not sure what this is? Can you give me more details? whenever i start my computer it says its had a bootfail error i noticed that its on ever other startup as to what it is exactly im not sure im guessing its what the computer needs to access my os but then again may be something different

Buckeye_Sam View Member Profile	Feb 4 2008, 09:38 AM Post #11
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Please post the log from your Kaspersky scan. Or if it's too large, just attach it as a text file. Click Start -> Run -> eventvwr.msc Look in SYSTEM and APPLICATIONS for anything in the last day or two. Double click on anything you see with a red X, press the Copy button, and then paste it here in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

soulesskiller21 View Member Profile	Feb 4 2008, 09:44 AM Post #12
Member Group: Members Posts: 56 Joined: 31-December 07 Member No.: 180,192	heres the stuff from the event ill be uploading the kaspersky scan results: Event Type: Error Event Source: AmdTools Event Category: None Event ID: 3 Date: 2/3/2008 Time: 2:10:52 PM User: N/A Computer: THE-BFG Description: RegisterTscDrift() Node[ 0 ] Core[ 1 ] Error: Thread already registered. Data: 0000: 00 00 00 00 04 00 5a 00 ......Z. 0008: 00 00 00 00 03 00 bc ca ......¼Ê 0010: 00 00 00 00 00 00 00 00 ........ 0018: 03 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ Event Type: Error Event Source: AmdTools Event Category: None Event ID: 3 Date: 2/3/2008 Time: 2:10:52 PM User: N/A Computer: THE-BFG Description: RegisterTscDrift() Node[ 0 ] Core[ 0 ] Error: Thread already registered. Data: 0000: 00 00 00 00 04 00 5a 00 ......Z. 0008: 00 00 00 00 03 00 bc ca ......¼Ê 0010: 00 00 00 00 00 00 00 00 ........ 0018: 02 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ Event Type: Error Event Source: PlugPlayManager Event Category: None Event ID: 11 Date: 2/2/2008 Time: 10:49:28 AM User: N/A Computer: THE-BFG Description: The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 00 00 00 00 .... Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/2/2008 Time: 10:49:28 AM User: N/A Computer: THE-BFG Description: The combofix service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7009 Date: 2/2/2008 Time: 10:49:28 AM User: N/A Computer: THE-BFG Description: Timeout (30000 milliseconds) waiting for the combofix service to connect. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: AmdTools Event Category: None Event ID: 3 Date: 1/29/2008 Time: 5:01:20 PM User: N/A Computer: THE-BFG Description: RegisterTscDrift() Node[ 0 ] Core[ 0 ] Error: Thread already registered. Data: 0000: 00 00 00 00 04 00 5a 00 ......Z. 0008: 00 00 00 00 03 00 bc ca ......¼Ê 0010: 00 00 00 00 00 00 00 00 ........ 0018: 02 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ Event Type: Error Event Source: ati2mtag Event Category: None Event ID: 108 Date: 1/28/2008 Time: 6:15:48 PM User: N/A Computer: THE-BFG Description: The driver ati2dvag for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 00 00 00 00 03 00 52 00 ......R. 0008: 00 00 00 00 6c 00 04 c0 ....l..À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ Event Type: Error Event Source: ipnathlp Event Category: None Event ID: 32003 Date: 1/25/2008 Time: 5:13:50 PM User: N/A Computer: THE-BFG Description: The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 1f 00 00 00 .... Event Type: Error Event Source: Dhcp Event Category: None Event ID: 1002 Date: 1/25/2008 Time: 5:13:48 PM User: N/A Computer: THE-BFG Description: The IP address lease 192.168.1.100 for the Network Card with network address 001731645FB6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 Pages

1 2 >

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 07:57 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides