kohu

And heres the Combofix log! I guess it didn't like my supercard's .cht ComboFix 07-10-04.6 - Pete's 2007-10-04 19:02:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT -7:00] Running from: C:\Documents and Settings\Pete's\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\winantispyware 2007 C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr C:\Documents and Se

Heres the HJT log, starting the combofix now... Logfile of HijackThis v1.99.1 Scan saved at 6:59:30 PM, on 10/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe

Heres the vundo log. VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 3:38:25 PM 7/25/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 5:27:42 PM 10/3/2007 Listing files found while scanning.... C:\windows\system32\acyveqdm.ini C:\windows\system32\aggvaorn.dll C:\windows\system32\aglsjgsq.dll C:\windows\system32\ahadrepr.dll C:\windows\syst

Okay! I did it!. I didn't really understand step three, so I hope I did it right. heres the link if you need it. http://www.thespykiller.co.uk/index.php?topic=4985.0

oops, double post >.>

And heres the extra.txt from DSS Deckard's System Scanner v20070905.67 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon XP 3200+ Percentage of Memory in Use: 61% Physical Memory (total/avail): 511.48 MiB / 194.61 MiB Pagefile Memory (total/avail): 1246.98 MiB / 861.57 MiB Virtual Memory (total/avail): 2047.88 M

Heres the main.txt from DSS Deckard's System Scanner v20070905.67 Run by Pete's on 2007-10-03 20:26:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 124: 2007-10-04 03:26:51 UTC - RP225 - Deckard's System Scanner Restore Point 123: 2007-10-04 02:00:20 UTC - RP224 - Installed Google Toolbar for Internet Explorer 122: 2007-10-04 01:58:02 UTC - RP223 - Installed J

Aha! Heres the vundofix log! VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 3:38:25 PM 7/25/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 5:27:42 PM 10/3/2007 Listing files found while scanning.... C:\windows\system32\acyveqdm.ini C:\windows\system32\aggvaorn.dll C:\windows\system32\aglsjgsq.dll C:\windows\system32\ahadrepr.dll C:\wind

Yes, I do know of Stumbleupon, Is it something to be concerned about? I download the toolbar a while ago. I didn't get a logfile for vundo fix, but I do know that it couldn't delete a file called xxyyywt.dll if I recal. I tried to delete it on startup but it didn't work. heres my new HJT log Logfile of HijackThis v1.99.1 Scan saved at 7:01:04 PM, on 10/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\

My problems, Popups and my desktop dissapearing on me. Also sometimes a new window will popup whenI'm browsing the internet and open a lot of tabs. Also AVG is picking up a thing called downloader.tinyid or something that I can't seem to get rid off. Not fun... Heres the log Edit: Just wanted to say I love that you guys do this! Saved my life before so here I am Logfile of HijackThis v1.99.1 Scan saved at 6:24:53 PM, on 10/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlo

Thank you so much!

You still gonna help me?

Okay, heres the log Logfile of HijackThis v1.99.1 Scan saved at 4:05:16 PM, on 7/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Common Files\S

Ok, No Vundo things turned up, and when I ran the AVG thing I deleted quite a bit of stuff, However when I went to the reports it said no reports where saved. I double checked the settings before I started too. Hope it doesn't matter too much Anyways heres my HJT log. Logfile of HijackThis v1.99.1 Scan saved at 5:33:14 PM, on 7/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\A

I've got some nasties making pop ups appear, Which just started in this past day. My brother must've installed some stuff. Heres the log Logfile of HijackThis v1.99.1 Scan saved at 6:12:16 PM, on 7/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\L

Logfile of HijackThis v1.99.1 Scan saved at 6:31:20 PM, on 3/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HP\

Logfile of HijackThis v1.99.1 Scan saved at 3:43:50 PM, on 3/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\Ati2evxx.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Pr

Okay, It said successfully submitted.

I can't seem to find it.

Logfile of HijackThis v1.99.1 Scan saved at 3:23:07 PM, on 3/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HP\

Didn't find anything.

Adobe Acrobat - Reader 6.0.2 Update Adobe Acrobat 4.0 Adobe Acrobat 4.0, 5.0 Adobe ActiveShare 1.2 Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe PhotoDeluxe Home Edition 4.0 Adobe Reader 6.0.1 Agere Systems PCI Soft Modem Apple Software Update ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver ATI DVD Decoder 2.2.0.0 ATI HYDRAVISION ATI Multimedia Center 8.6.0.0 AVG Anti-Spyware 7.5 AviSynth 2.5 Black & White® 2 Blackhawk Striker from Hewlett-Packard Desktops (remove only) Blasterball 2 from Hewlett-Packard Desktops (remove only) Bounce Symphony from Hewlet

Incident Status Location Adware:adware/alexa-toolbar Not disinfected c:\program files\Alexa Toolbar

I put the log as an attachment, its too big to copy+paste. Thats okay right? Report_Scan_20070310_143905.txt

My problem is my computer is running a lot slower than normal. Please help. Logfile of HijackThis v1.99.1 Scan saved at 10:36:30 AM, on 3/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atip