Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio blue screen boot bsod connection crash dell desktop driver dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor ram recovery registry cleaner router safe mode slow sound spyware tdlwsp.dll trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: annoying cpvfeed.com virus can someone please help me?!!?! my log is there (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
elnejo's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Jun 2007
Experience: just the basics
23-Jun-2007, 02:14 PM #1
Solved: annoying cpvfeed.com virus can someone please help me?!!?! my log is there
hey this is my log ive used multiple antivirus and scanning programs and it still cant detect it i know ive deleted some files also just letting you guys know. please help. thanks

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:14:24 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [actx1.exe] C:\WINDOWS\system32\actx1.exe
O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\system32\zqactx1.exe
O4 - HKCU\..\Run: [installer.exe] C:\WINDOWS\system32\installer.exe
O4 - HKCU\..\Run: [ZQInContextactx1.exe] C:\WINDOWS\system32\ZQInContextactx1.exe
O4 - HKCU\..\Run: [1201.exe] C:\WINDOWS\system32\1201.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Cpue] "C:\PROGRA~1\COMMON~1\ASKS~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Fvvsen] "C:\Documents and Settings\Owner\Application Data\?ecurity\w?nword.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\Owner\Desktop\emule.exe -AutoStart
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/257/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7965 bytes
Register for free to hide this ad!
MFDnNC's Avatar
Distinguished Member with 49,029 posts.
  
Join Date: Sep 2004
23-Jun-2007, 04:08 PM #2
NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sect...s/ComboFix.exe
or
http://download.bleepingcomputer.com...a/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
===============

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/supe...freevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
elnejo's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Jun 2007
Experience: just the basics
23-Jun-2007, 05:48 PM #3
Smile getting rid of cpvfeed a work in progress please read
ComboFix 07-06-18.2
"Owner" - 2007-06-23 17:35:20 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\APPLIC~1.\ecurit~1
C:\DOCUME~1\Owner\Desktop.\internet explorer.lnk
C:\Program Files\Common Files\asks~1
C:\Temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\wnstssv32.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-23 17:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 09:06 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-23 07:56 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-06-22 16:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-19 01:03 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-19 01:03 <DIR> d-------- C:\Program Files\Common Files\SystemDoctor
2007-06-15 02:56 <DIR> d-------- C:\Program Files\DivX
2007-06-14 23:38 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-06-09 17:17 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-05-31 19:11 <DIR> d-------- C:\Program Files\xPlayer


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 19:57:52 -------- d-----w C:\Program Files\MSN Messenger
2007-06-20 00:11:01 -------- d-----w C:\Program Files\LogMeIn Backup
2007-06-18 07:06:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-08 17:30:02 4,410 ----a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 21:13:35 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim
2007-05-11 21:13:33 -------- d-----w C:\Program Files\AIM
2007-05-11 21:12:47 -------- d-----w C:\Program Files\AOD
2007-05-11 21:08:05 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-11 20:02:57 -------- d-----w C:\Program Files\War Rock Toolbar
2007-05-11 20:00:48 -------- d-----w C:\Program Files\Apple Software Update
2007-05-11 19:59:46 -------- d-----w C:\Program Files\Ares
2007-05-10 07:02:51 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 22:54:42 127,268 ----a-w C:\mediamp3.dat
2007-05-03 06:29:23 -------- d-----w C:\Program Files\MAIET
2007-05-03 06:28:36 -------- d-----w C:\Program Files\There
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 10:47]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-10-25 19:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-08-13 22:31]
"actx1.exe"="C:\WINDOWS\system32\actx1.exe" []
"zqactx1.exe"="C:\WINDOWS\system32\zqactx1.exe" []
"installer.exe"="C:\WINDOWS\system32\installer.exe" []
"ZQInContextactx1.exe"="C:\WINDOWS\system32\ZQInContextactx1.exe" []
"1201.exe"="C:\WINDOWS\system32\1201.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"Cpue"="C:\PROGRA~1\COMMON~1\ASKS~1\services.exe" []
"Fvvsen"="C:\Documents and Settings\Owner\Application Data\?ecurity\w?nword.exe" []
"eMuleAutoStart"="C:\Documents and Settings\Owner\Desktop\emule.exe" [2006-01-26 17:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{0813ad3a-46b5-11db-980c-0011117bfa87}]
AutoRun\command- N:\EXPLORER.EXE
explore\Command- N:\EXPLORER.EXE
open\Command- N:\EXPLORER.EXE

*Newly Created Service* - AVGASCLN

Contents of the 'Scheduled Tasks' folder
2005-03-14 20:05:24 C:\WINDOWS\tasks\ISP signup reminder 1.job
2005-03-14 20:05:24 C:\WINDOWS\tasks\ISP signup reminder 2.job
2007-06-20 00:11:03 C:\WINDOWS\tasks\LogMeIn Backup1.job
2007-06-16 22:05:05 C:\WINDOWS\tasks\LogMeIn Backup2.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 17:39:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\win.tmp
C:\WINDOWS\winamp.ini
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WORDPAD.INI
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\wwwbatch.ini
C:\WINDOWS\Yadio Media Player Setup Log.txt
C:\WINDOWS\Yadio Media Player Uninstall Log.txt
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif

scan completed successfully
hidden files: 21

**************************************************************************

Completion time: 2007-06-23 17:42:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-23 17:42

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:47:39 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [actx1.exe] C:\WINDOWS\system32\actx1.exe
O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\system32\zqactx1.exe
O4 - HKCU\..\Run: [installer.exe] C:\WINDOWS\system32\installer.exe
O4 - HKCU\..\Run: [ZQInContextactx1.exe] C:\WINDOWS\system32\ZQInContextactx1.exe
O4 - HKCU\..\Run: [1201.exe] C:\WINDOWS\system32\1201.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Cpue] "C:\PROGRA~1\COMMON~1\ASKS~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Fvvsen] "C:\Documents and Settings\Owner\Application Data\?ecurity\w?nword.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\Owner\Desktop\emule.exe -AutoStart
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/257/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7489 bytes
MFDnNC's Avatar
Distinguished Member with 49,029 posts.
  
Join Date: Sep 2004
23-Jun-2007, 05:53 PM #4
Keep going, do SAS
elnejo's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Jun 2007
Experience: just the basics
23-Jun-2007, 05:57 PM #5
what is sas?
MFDnNC's Avatar
Distinguished Member with 49,029 posts.
  
Join Date: Sep 2004
23-Jun-2007, 05:59 PM #6
Superantispyware (SAS) - the second half of my post
elnejo's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Jun 2007
Experience: just the basics
23-Jun-2007, 06:02 PM #7
gotcha, im going to do it right now
elnejo's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Jun 2007
Experience: just the basics
23-Jun-2007, 06:53 PM #8
Smile sas
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/23/2007 at 06:38 PM

Application Version : 3.8.1002

Core Rules Database Version : 3260
Trace Rules Database Version: 1271

Scan type : Complete Scan
Total Scan Time : 00:28:43

Memory items scanned : 388
Memory threats detected : 0
Registry items scanned : 4911
Registry threats detected : 7
File items scanned : 31175
File threats detected : 208

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@redorbit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cs.sexcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.lon.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tcompany.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mywebsearch[1].txt
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.advertyz[2].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@creative.adsrevenue[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@web4.realtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.us.e-planning[2].txt
C:\Documents and Settings\Owner\Cookies\owner@h.starware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@linkstattrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indiads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.artempireindustries[1].txt
C:\Documents and Settings\Owner\Cookies\owner@singlesexdating[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server2.bkvtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adultadworld[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.terra[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.filefront[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.gametap[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediafire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@linkto.mediafire[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.abum[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www7.addfreestats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@images.indiads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@precisionclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hotlog[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@youngporn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adknowledge[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.flingweb[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ppctracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.plugin[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt
C:\Documents and Settings\Owner\Cookies\owner@try.starware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adultswim[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@griffmedia.blogs.abum[2].txt
C:\Documents and Settings\Owner\Cookies\owner@aff.primaryads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.levelclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@click.zoopartners[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pornotube[1].txt
C:\Documents and Settings\Owner\Cookies\owner@campaign.indieclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.intermundonet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldx[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[1].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver3.teracent[1].txt
C:\Documents and Settings\Owner\Cookies\owner@divx.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[1].txt
C:\Documents and Settings\Owner\Cookies\owner@try.screensavers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner\Cookies\owner@105-bmp.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@divx.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adultinsider[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.firstadsolution[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tremor.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@paycounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.depositfiles[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserving.autotrader[1].txt
C:\Documents and Settings\Owner\Cookies\owner@icc.intellisrv[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.easyad[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediatraffic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@emarketmakers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@599.stats.misstrends[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.lon.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www3.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@screensavers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cartoonnetwork.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.xctrk[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gmgmacfs.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bidzcom.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@m1.webstats.motigo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indextools[2].txt
C:\Documents and Settings\Owner\Cookies\owner@maxserving[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediavantage[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tgn.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@click.jupiterhosting[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@viaatomvideo.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@teenfactory[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pch.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.bannerconnect[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.misterupload[2].txt
C:\Documents and Settings\Owner\Cookies\owner@member.teenstryanal[1].txt
C:\Documents and Settings\Owner\Cookies\owner@metaltheory.sitetracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@youporn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@intermundomedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@track.searchignite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.claxonmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@reduxads.valuead[1].txt
C:\Documents and Settings\Owner\Cookies\owner@try.starware[3].txt
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ezzs.valueclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@data3.perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserv.muchosucko[2].txt
C:\Documents and Settings\Owner\Cookies\owner@da-tracking[2].txt
C:\Documents and Settings\Owner\Cookies\owner@freecodesource.advertserve[2].txt
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ice.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@emimusic.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@buycom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@track.bestbuy[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@roi.clicklab[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads5.offermatica[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.filecloud[2].txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[2].txt
C:\Documents and Settings\Owner\Cookies\owner@count1.exitexchange[2].txt
C:\Documents and Settings\Owner\Cookies\owner@webpower[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.zanox[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adecn[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adknowledge[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.monster[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adtrackz.imminentkings[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adtrackz[2].txt
C:\Documents and Settings\LocalService\Cookies\system@belnk[1].txt
C:\Documents and Settings\LocalService\Cookies\system@dist.belnk[2].txt
C:\Documents and Settings\LocalService\Cookies\system@exitexchange[1].txt
C:\Documents and Settings\LocalService\Cookies\system@jamster[2].txt
C:\Documents and Settings\LocalService\Cookies\system@nextag[2].txt
C:\Documents and Settings\LocalService\Cookies\system@www.upspiral[2].txt

Adware.Elite Media
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\AvailableVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\AvailableVersion#Precache
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\DownloadInformation#CODEBASE

Trojan.Malware
C:\asdf.txt

Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP850\A0118022.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSTSSV32.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP845\A0115768.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP849\A0117889.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP850\A0117994.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP850\A0118021.EXE

Trojan.Downloader-Gen/WinPop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP843\A0115299.EXE

TargetSaver, Inc. Process
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP845\A0115545.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP849\A0117890.EXE

Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP845\A0115704.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP845\A0115705.EXE

Malware.SystemDoctor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP845\A0115729.EXE

Trojan.ESDWindowsIE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP850\A0117954.EXE

Adware.SearchAssistant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP850\A0118004.EXE

Adware.Unknown Origin
C:\WINDOWS\SYSTEM32\IESH12052004.CFG

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:53:06 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\emule.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [actx1.exe] C:\WINDOWS\system32\actx1.exe
O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\system32\zqactx1.exe
O4 - HKCU\..\Run: [installer.exe] C:\WINDOWS\system32\installer.exe
O4 - HKCU\..\Run: [ZQInContextactx1.exe] C:\WINDOWS\system32\ZQInContextactx1.exe
O4 - HKCU\..\Run: [1201.exe] C:\WINDOWS\system32\1201.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Cpue] "C:\PROGRA~1\COMMON~1\ASKS~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Fvvsen] "C:\Documents and Settings\Owner\Application Data\?ecurity\w?nword.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\Owner\Desktop\emule.exe -AutoStart
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/257/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7698 bytes
MFDnNC's Avatar
Distinguished Member with 49,029 posts.
  
Join Date: Sep 2004
23-Jun-2007, 07:11 PM #9
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKCU\..\Run: [actx1.exe] C:\WINDOWS\system32\actx1.exe

O4 - HKCU\..\Run: [zqactx1.exe] C:\WINDOWS\system32\zqactx1.exe

O4 - HKCU\..\Run: [installer.exe] C:\WINDOWS\system32\installer.exe

O4 - HKCU\..\Run: [ZQInContextactx1.exe] C:\WINDOWS\system32\ZQInContextactx1.exe

O4 - HKCU\..\Run: [1201.exe] C:\WINDOWS\system32\1201.exe

O4 - HKCU\..\Run: [Cpue] "C:\PROGRA~1\COMMON~1\ASKS~1\services.exe" -vt yazb

O4 - HKCU\..\Run: [Fvvsen] "C:\Documents and Settings\Owner\Application Data\?ecurity\w?nword.exe"

DownLoad Killbox from one of these links

http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\actx1.exe
C:\WINDOWS\system32\zqactx1.exe
C:\WINDOWS\system32\installer.exe
C:\WINDOWS\system32\ZQInContextactx1.exe
C:\WINDOWS\system32\1201.exe
C:\PROGRA~1\COMMON~1\ASKS~1
C:\Documents and Settings\Owner\Application Data\?ecurity

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
elnejo's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Jun 2007
Experience: just the basics
23-Jun-2007, 07:57 PM #10
hey thanks alot man you're a genius the cpvfeed popup is gone and the comp is running pretty smooth, one thing though when i start up ie the computer fan goes into max speed this never happened before the cpv insident maybe its the antivirus protection program that i have , i have avast antivirus idk if is cause of that also a avast anti virus protection window comes up saying that is anaylizing something when i open ie, can you tell me which anti virus program is good for my comp and it wont make the fan go crazy
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:54:15 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\emule.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\Owner\Desktop\emule.exe -AutoStart
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/257/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6986 bytes
Last edited by elnejo : 23-Jun-2007 08:03 PM.
MFDnNC's Avatar
Distinguished Member with 49,029 posts.
  
Join Date: Sep 2004
23-Jun-2007, 07:59 PM #11
I'd strongly consider getting rid of EMule and any other P2P programs as they are the likely source of infection

Clean
If you feel its is fixed mark it solved via Thread Tools above

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
elnejo's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Jun 2007
Experience: just the basics
23-Jun-2007, 08:05 PM #12
hey thanks alot man you're a genius the cpvfeed popup is gone and the comp is running pretty smooth, one thing though when i start up ie the computer fan goes into max speed this never happened before the cpv insident maybe its the antivirus protection program that i have , i have avast antivirus idk if is cause of that also a avast anti virus protection window comes up saying that is anaylizing something when i open ie, can you tell me which anti virus program is good for my comp and it wont make the fan go crazy
MFDnNC's Avatar
Distinguished Member with 49,029 posts.
  
Join Date: Sep 2004
23-Jun-2007, 08:11 PM #13
Software is not making the fan run = make sure the inside of the case is clean
elnejo's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Jun 2007
Experience: just the basics
23-Jun-2007, 08:32 PM #14
what was the syster restore for, did it save a saving point on my comp?
MFDnNC's Avatar
Distinguished Member with 49,029 posts.
  
Join Date: Sep 2004
24-Jun-2007, 10:51 AM #15
That cleared infected restore points and set a clean one
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:46 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.