ThUnDeR

do you still log into YIM anymore?

Anyone play it? I've been playing a lot of gun game on a really decent server. A Pit game would be decent if theres enough people.

That's a pretty sweet PC.

Thats a pretty awesome deal you both have received. Good part on Bruce. Nothing like trying to spread around the knowledge with a little help. I never ventured into Linux, but thats the way to start. Just a simple machine to toy around with.

everything is doing alright so far. Computer is no longer having issues with popups. I appreciate the help very much!

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:17:46 PM, on 11/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spo

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, November 23, 2007 9:15:04 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 23/11/2007 Kaspersky Anti-Virus database records: 464543 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Targ

I don't know how I can paste the kaspersky log. Its incredibly massive. If i had to guess, it'd be over 10 posts if not more. Is there a more efficient way?

Well... File IconC989D247.exe received on 11.23.2007 15:07:25 (CET) Antivirus Version Last Update Result AhnLab-V3 2007.11.23.1 2007.11.23 - AntiVir 7.6.0.34 2007.11.23 - Authentium 4.93.8 2007.11.21 - Avast 4.7.1074.0 2007.11.22 - AVG 7.5.0.503 2007.11.23 - BitDefender 7.2 2007.11.23 - CAT-QuickHeal 9.00 2007.11.22 - ClamAV 0.91.2 2007.11.23 - DrWeb 4.44.0.09170 2007.11.23 - eSafe 7.0.15.0 2007.11.21 - eTrust-Vet 31.3.5318 2007.11.23 - Ewido 4.0 2007.11.23 - FileAdvisor 1 2007.11.23 - Fortinet 3.14.0.0 2007.11.23 - F-Prot 4.4.2.54 2007.11.22 - F-Secure 6.70.13030.0 2007.1

I'm currently scanning with Kaspersky... its taking quite a while, only 30% through, but it so far as shown 4 viruses and 14 infected objects

I might have spoken too soon Seems combofix found those files again, and deleted them. ComboFix 07-11-19.3 - Ahmad 2007-11-23 7:09:31.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.313 [GMT -6:00] Running from: C:\Documents and Settings\Ahmad\Desktop\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Ahmad\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\fiotyyao.dll C:\WINDOWS\system32\hcstljfi.dll C:\WINDOWS\system32\kycqfolt.ini C:\WINDOWS\system32\mghfdndu.dll C:\WINDOWS\system32\ydftyata.dll C:\W

alrighty, i'll get on it. As for the firewall, you might have noticed I did get one instead of using windows. I had been using sygate PF for a while, then stopped after i had some issues with it. Now its all good. I'll run the scans here and post the logs.

I actually think I have this thing pinned. Heres my latest log. Its not reappearing anymore after i nailed it with redoing all of your instructions, and on top of that, doing a boot time scan with avast. I've been clean for most of this evening (which is a good sign, usually i'm back to infected in less than an hour) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:07 PM, on 11/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\sys

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:01:21 PM, on 11/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDO

ComboFix 07-11-19.3 - Ahmad 2007-11-22 12:18:35.4 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.365 [GMT -6:00] Running from: C:\Documents and Settings\Ahmad\Desktop\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Ahmad\Desktop\CFScript.txt FILE C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\wvuvttr.dll C:\WINDOWS\system32\wyadd.ini2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mghfdndu.dllbox . ((((((((((((((((((((((((( File