Hjt logfile CID popups. thank you! :)

Status
Not open for further replies.

holland11

Posts: 7   +0
Hello, i recently, being stupid, downloaded something or did something im not sure and now i get CID popups sometimes. Normally i would just download a bunch of random files that say they would fix it, but that's dumb and im not as dumb as i once was. So I did what one of your threads said and got a log file. Here it is. Thank you for all of your help, it's greatly appreciated :).
 
Hi holland11 and welcome to techspot. =)

I suggest you do the following before doing anything else

Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
Do follow all the instructions exactly.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.
Do not copy and paste your logs if not they will be removed.

Our experts here will tend to your queries thereafter.

Also, please provide the results of the Antirootkit scan


Regards,
momok =)

This thread is for the use of holland11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
All it said for me to do was post the hijackthis logfile. and i dont really feel like doing 6 scans and stuff :S anyway i can fix it without doing all these scans and posting them? if not, i'll do it
 
Hi,

In the least I would highly recommend you run HijackThis, AVG Antispyware and ComboFix and attach their logs. Have you read the first thread about the dangers of an infection?

Regards,
momok
 
Well I've read around and it seems that hijackthis is the thing to fix it.
And i put a highjackthis log into my first post.
 
I can assure you more often than not, HijackThis will not provide full details about the infection on a system. Unless you're willing to allow other nasties continue hiding in your system, I strongly urge you to run that ComboFix and AVG Antispyware scan and post the logs here.

There is no point in me asking you to fix entries in HijackThis when there are potentially more things in your system that need fixing and can only be seen through ComboFix log. And from the looks of that HJT log, (which is so badly infected) I'm quite sure there is much more things in your system that will require the help of a ComboFix log to clean out.

It is better for us to provide instructions in fewer posts as possible to improve efficiency of the forums; I'm sure you can understand that Techspot is a very busy place. If you can't follow instructions then there is no point in us providing any.

Regards,
momok
 
I'm going to go right out and say that this is the second dirtiest log I've seen all week.

I am also going to leave cleaning of your PC to momok, as I have not yet been trained to remove all of the infections that are on your PC - some of them I haven't even seen before so I have no idea how to clean them.

I would advise you to PM momok and ask for his help, as it is not my business to do so.

Also I shall now unsubscribe from this thread as posting this will have subscribed me to it and I am not skilled enough to help you.

I wish you the best of luck in getting your PC sorted.
 
Hi,

Sorry for the late reply. The holidaying hasn't really ended here :p

You may wish to copy and paste these instructions on notepad for easier reference later.

  1. Boot into safe mode under your normal user name. See how HERE
  2. Next turn on "Show all files and folders, including hidden and system". See how HERE

  3. Go to start > run and type msconfig. Press the enter key.
    Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.

    AlcxMonitor
    Support stupid


  4. Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Macromedia Licensing Service

  5. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: Video DivX 3.12 - {36490B2D-77CC-4CC2-B6A6-8A16EC550DAB} - C:\WINDOWS\system32\sysdivx.dll
    O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - (no file)
    O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKCU\..\Run: [Support stupid] C:\DOCUME~1\Owner\APPLIC~1\JUGSBE~1\KindBoltTrans.exe
    O15 - Trusted Zone: *.doginhispen.com
    O20 - Winlogon Notify: efccayv - efccayv.dll (file missing)
    O23 - Service: Macromedia Licensing Service - LT - (no file)

    Close HJT.

  6. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    File::
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\sysdivx.dll
    C:\WINDOWS\twain_32.dll
    C:\WINDOWS\system32\swreg.exe
    Folder::
    C:\Program Files\Jugs Beep Vga
    C:\Documents and Settings\Owner\Application Data\Jugs Beep Vga
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Support stupid]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
  7. Save this as CFScript on the desktop.
  8. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    CFScript.gif

  9. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

  10. Reboot into normal mode and rehide your protected OS files.
Please download FindAWF from HERE. Save the file to the Desktop and then complete the following instructions:
  1. Open the FindAWF program. If a Security Alert shows, allow the program to run.
  2. Press 1 then Enter. The scan may take a while, please be patient. When done, a text file, Find AWF report will be produced.
  3. Please remember to attach this report file in your reply along with all other required logs.

Thereafter, please post a fresh HJT log from normal mode and the ComboFix and AWF logs from the above instructions as attachments into this thread. Do not copy and paste the logs.


Regards,
momok =)

This thread is for the use of holland11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back