Help - got some cid pop up virus - Free Antivirus Forum

Help - got some cid pop up virus

BullGuard Antivirus Forum > Virus > Virus Questions > Help - got some cid pop up virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

paul3james
New Member

Date Joined Oct 2008
Total Posts : 6

Posted 10-12-2008 9:51 (GMT +1)

hi there

can anyone help, i have a cid pop up, these pop ups keep coming up and i think its slowing my computer down.

how can i delete it? ive got norton 360 and it doesnt delete it. ive got vista.

thanks

Paul

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13619

Posted 10-13-2008 5:49 (GMT +1)

Hello

Download LopSD by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
Double-click LopSD.exe
If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 2 to choose Option 2 (Fix + Hosts), then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

Download this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe

Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT

Run hijackthis. (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.

HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.

Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.

Post hijackthis log, along with LopSD. It can be found here: C: LopSD txt

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

paul3james
New Member

Date Joined Oct 2008
Total Posts : 6

Posted 10-13-2008 5:44 (GMT +1)

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

   Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     T9300 @ 2.50GHz )
   BIOS : Ver 1.00PARTTBL8
   USER : Paul Webber ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton 360 2007 (Activated)
   Firewall : Norton 360 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total : 220 Go Free : 130 Go
   D:\ (Local Disk) - NTFS - Total : 11 Go Free : 2 Go
   E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 13/10/2008|17:35 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

   Deleted! - C:\ProgramData\Okay meta anti lite\Film Amen.exe
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\DivoCodec\HomePage.lnk
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\DivoCodec\Uninstall.lnk
   Deleted! - C:\Users\PAULWE~1\Desktop\GalaPlayer-1.3.0.0-setup.exe
   Deleted! - C:\Windows\Prefetch\GALAPLAYER.EXE-1F738625.pf
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\Cookies\paul_webber@advertising[1].txt
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\Cookies\paul_webber@adopt.euroclick[1].txt
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\Cookies\paul_webber@www.lop[1].txt
   Deleted! - C:\ProgramData\Itch Creative Creative.0uc6c
   Deleted! - C:\ProgramData\Itch Creative Creative.da1m2
   Deleted! - C:\ProgramData\Itch Creative Creative.e2q3k
   Deleted! - C:\ProgramData\Itch Creative Creative.ffury
   Deleted! - C:\ProgramData\Itch Creative Creative.igedt
   Deleted! - C:\ProgramData\Itch Creative Creative.nik85
   Deleted! - C:\ProgramData\Itch Creative Creative.oxn8y
   Deleted! - C:\ProgramData\Itch Creative Creative.rd9rm
   Deleted! - C:\ProgramData\Itch Creative Creative.0rsr5d
   Deleted! - C:\ProgramData\Itch Creative Creative.4kpt5e
   Deleted! - C:\ProgramData\Itch Creative Creative.bqa9q8
   Deleted! - C:\ProgramData\Itch Creative Creative.cofulo
   Deleted! - C:\ProgramData\Itch Creative Creative.cvkzm9
   Deleted! - C:\ProgramData\Itch Creative Creative.fl6yn3
   Deleted! - C:\ProgramData\Itch Creative Creative.kuygfz
   Deleted! - C:\ProgramData\Itch Creative Creative.q8s5n1
   Deleted! - C:\ProgramData\Itch Creative Creative.z4pg4n
   Deleted! - C:\ProgramData\atom bin bows.n1y97dd
   Deleted! - C:\ProgramData\Itch Creative Creative.01w0kzu
   Deleted! - C:\ProgramData\Itch Creative Creative.2sw06fi
   Deleted! - C:\ProgramData\Itch Creative Creative.ak2zz7v
   Deleted! - C:\ProgramData\Itch Creative Creative.bzuhycj
   Deleted! - C:\ProgramData\Itch Creative Creative.lwq7oq8
   Deleted! - C:\ProgramData\Itch Creative Creative.njzeld9
   Deleted! - C:\ProgramData\Itch Creative Creative.qdscdlm
   Deleted! - C:\ProgramData\Itch Creative Creative.uysfyxd
   Deleted! - C:\ProgramData\Itch Creative Creative.xh6fxe9
   Deleted! - C:\ProgramData\Okay meta anti lite
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\DivoCodec
   -
   [ Hosts file ] .. Restored!

   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

   Deleted! - C:\Program Files\Viewpoint
   Deleted! - C:\PROGRA~2\Viewpoint

   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in Local

   [09/10/2008|19:18] C:\Users\PAULWE~1\AppData\Local\Adobe
   [25/08/2008|14:59] C:\Users\PAULWE~1\AppData\Local\Apple
   [25/08/2008|15:09] C:\Users\PAULWE~1\AppData\Local\Apple Computer
   [13/04/2008|14:01] C:\Users\PAULWE~1\AppData\Local\Application Data
   [09/10/2008|20:47] C:\Users\PAULWE~1\AppData\Local\Apps
   [13/04/2008|14:15] C:\Users\PAULWE~1\AppData\Local\AtStart.txt
   [23/07/2008|18:23] C:\Users\PAULWE~1\AppData\Local\d3d9caps.dat
   [12/10/2008|19:12] C:\Users\PAULWE~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [13/04/2008|14:15] C:\Users\PAULWE~1\AppData\Local\DigitalPersona
   [13/04/2008|14:07] C:\Users\PAULWE~1\AppData\Local\Downloaded Installations
   [13/04/2008|14:15] C:\Users\PAULWE~1\AppData\Local\DSwitch.txt
   [11/07/2008|18:19] C:\Users\PAULWE~1\AppData\Local\GDIPFONTCACHEV1.DAT
   [20/06/2008|21:08] C:\Users\PAULWE~1\AppData\Local\Google
   [22/06/2008|22:02] C:\Users\PAULWE~1\AppData\Local\Hewlett-Packard
   [13/04/2008|14:01] C:\Users\PAULWE~1\AppData\Local\History
   [12/10/2008|22:10] C:\Users\PAULWE~1\AppData\Local\IconCache.db
   [01/10/2008|19:47] C:\Users\PAULWE~1\AppData\Local\JockerSoft
   [08/10/2008|20:34] C:\Users\PAULWE~1\AppData\Local\Microsoft
   [23/04/2008|19:51] C:\Users\PAULWE~1\AppData\Local\Microsoft Games
   [13/04/2008|14:15] C:\Users\PAULWE~1\AppData\Local\QSwitch.txt
   [04/08/2008|19:39] C:\Users\PAULWE~1\AppData\Local\QuickPlay
   [13/10/2008|17:35] C:\Users\PAULWE~1\AppData\Local\Temp
   [13/04/2008|14:01] C:\Users\PAULWE~1\AppData\Local\Temporary Internet Files
   [25/08/2008|15:02] C:\Users\PAULWE~1\AppData\Local\VirtualStore

   --------------------\\ Scheduled Tasks located in C:\Windows\Tasks

   [29/04/2008 17:52][--a------] C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
   [13/10/2008 17:25][--ah-----] C:\Windows\tasks\SA.DAT
   [12/10/2008 22:11][--a------] C:\Windows\tasks\SCHEDLGU.TXT

   --------------------\\ Listing Folders in C:\ProgramData

   [07/01/2008|00:05] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
   [07/10/2008|12:31] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [09/07/2008|20:29] C:\ProgramData\Adobe
   [25/08/2008|14:59] C:\ProgramData\Apple
   [25/08/2008|15:00] C:\ProgramData\Apple Computer
   [02/11/2006|14:02] C:\ProgramData\Application Data
   [23/08/2008|17:57] C:\ProgramData\Azureus
   [19/04/2008|18:43] C:\ProgramData\CyberLink
   [02/11/2006|14:02] C:\ProgramData\Desktop
   [02/11/2006|14:02] C:\ProgramData\Documents
   [14/04/2008|13:59] C:\ProgramData\Downloaded Installations
   [13/04/2008|14:08] C:\ProgramData\Electronic Arts
   [02/11/2006|14:02] C:\ProgramData\Favorites
   [20/06/2008|21:05] C:\ProgramData\Google
   [13/04/2008|14:16] C:\ProgramData\Hewlett-Packard
   [13/04/2008|21:22] C:\ProgramData\HP
   [21/07/2008|21:52] C:\ProgramData\InstallShield
   [28/02/2008|06:23] C:\ProgramData\Macrovision
   [09/10/2008|12:53] C:\ProgramData\mfcd cast log
   [08/10/2008|20:34] C:\ProgramData\Microsoft
   [16/09/2008|17:39] C:\ProgramData\Microsoft Help
   [23/04/2008|19:53] C:\ProgramData\MinigolfAdventures
   [06/01/2008|23:52] C:\ProgramData\muvee Technologies
   [09/07/2008|20:30] C:\ProgramData\Nokia
   [07/10/2008|19:09] C:\ProgramData\NVIDIA
   [09/07/2008|20:40] C:\ProgramData\PC Suite
   [02/11/2006|14:02] C:\ProgramData\Start Menu
   [31/08/2008|10:21] C:\ProgramData\Symantec
   [17/08/2008|10:11] C:\ProgramData\TEMP
   [02/11/2006|14:02] C:\ProgramData\Templates
   [04/08/2008|18:32] C:\ProgramData\WildTangent
   [29/04/2008|17:48] C:\ProgramData\WLInstaller
   [01/10/2008|18:56] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

   [01/10/2008|19:19] C:\Program Files\AC3Filter
   [07/01/2008|00:05] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [13/07/2008|15:07] C:\Program Files\Adobe
   [06/01/2008|23:16] C:\Program Files\AIM6
   [12/10/2008|19:49] C:\Program Files\AOL
   [28/02/2008|06:04] C:\Program Files\Apoint2K
   [25/08/2008|14:59] C:\Program Files\Apple Software Update
   [25/08/2008|15:09] C:\Program Files\Common Files
   [28/02/2008|06:07] C:\Program Files\CONEXANT
   [28/02/2008|06:20] C:\Program Files\CyberLink
   [28/02/2008|06:23] C:\Program Files\DigitalPersona
   [01/10/2008|18:55] C:\Program Files\DivX
   [13/04/2008|14:08] C:\Program Files\Electronic Arts
   [28/02/2008|06:01] C:\Program Files\Fingerprint Sensor
   [21/06/2008|18:23] C:\Program Files\Google
   [28/02/2008|06:17] C:\Program Files\Hewlett-Packard
   [27/04/2008|14:40] C:\Program Files\Hp
   [28/02/2008|06:22] C:\Program Files\HP Games
   [13/04/2008|14:02] C:\Program Files\HPQ
   [21/07/2008|21:49] C:\Program Files\InstallShield Installation Information
   [28/02/2008|06:07] C:\Program Files\Intel
   [07/10/2008|19:15] C:\Program Files\Internet Explorer
   [07/10/2008|21:02] C:\Program Files\Java
   [01/10/2008|19:46] C:\Program Files\JockerSoft
   [14/06/2008|15:04] C:\Program Files\LimeWire
   [28/02/2008|06:08] C:\Program Files\Marvell
   [14/04/2008|15:54] C:\Program Files\Maxis
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [07/01/2008|00:04] C:\Program Files\Microsoft Office
   [06/01/2008|23:40] C:\Program Files\Microsoft Works
   [07/01/2008|00:04] C:\Program Files\Microsoft.NET
   [07/10/2008|19:15] C:\Program Files\Movie Maker
   [02/11/2006|13:37] C:\Program Files\MSBuild
   [13/04/2008|20:21] C:\Program Files\MSXML 4.0
   [06/01/2008|23:52] C:\Program Files\muvee Technologies
   [28/02/2008|06:05] C:\Program Files\NetWaiting
   [13/10/2008|17:25] C:\Program Files\NoAdware
   [21/07/2008|21:49] C:\Program Files\Nokia
   [16/09/2008|18:06] C:\Program Files\Norton 360
   [13/04/2008|14:09] C:\Program Files\Online Services
   [09/07/2008|20:25] C:\Program Files\PC Connectivity Solution
   [25/08/2008|15:01] C:\Program Files\QuickTime
   [04/07/2008|22:55] C:\Program Files\Real
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [12/10/2008|19:44] C:\Program Files\SP38886
   [20/06/2008|21:12] C:\Program Files\Sun
   [20/07/2008|19:16] C:\Program Files\Symantec
   [12/10/2008|21:35] C:\Program Files\Trend Micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [23/08/2008|18:00] C:\Program Files\uTorrent
   [23/08/2008|18:07] C:\Program Files\Vuze
   [28/02/2008|06:08] C:\Program Files\WIDCOMM
   [07/10/2008|19:15] C:\Program Files\Windows Calendar
   [07/10/2008|19:15] C:\Program Files\Windows Collaboration
   [07/10/2008|19:15] C:\Program Files\Windows Defender
   [07/10/2008|19:15] C:\Program Files\Windows Journal
   [29/04/2008|17:51] C:\Program Files\Windows Live
   [29/04/2008|17:52] C:\Program Files\Windows Live Favorites
   [29/04/2008|17:52] C:\Program Files\Windows Live Toolbar
   [07/10/2008|19:15] C:\Program Files\Windows Mail
   [07/10/2008|19:15] C:\Program Files\Windows Media Player
   [02/11/2006|13:37] C:\Program Files\Windows NT
   [07/10/2008|19:15] C:\Program Files\Windows Photo Gallery
   [07/10/2008|19:15] C:\Program Files\Windows Sidebar
   [28/02/2008|06:02] C:\Program Files\WinTV
   [01/10/2008|18:55] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

   [05/06/2008|19:35] C:\Program Files\Common Files\Adobe
   [06/01/2008|23:15] C:\Program Files\Common Files\AOL
   [07/01/2008|00:04] C:\Program Files\Common Files\DESIGNER
   [21/07/2008|21:49] C:\Program Files\Common Files\InstallShield
   [07/01/2008|00:32] C:\Program Files\Common Files\Java
   [13/04/2008|14:02] C:\Program Files\Common Files\LightScribe
   [29/04/2008|17:51] C:\Program Files\Common Files\microsoft shared
   [06/01/2008|23:52] C:\Program Files\Common Files\muvee Technologies
   [09/07/2008|20:30] C:\Program Files\Common Files\Nokia
   [09/07/2008|20:28] C:\Program Files\Common Files\PCSuite
   [25/08/2008|15:09] C:\Program Files\Common Files\PX Storage Engine
   [04/07/2008|22:55] C:\Program Files\Common Files\Real
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [20/07/2008|19:13] C:\Program Files\Common Files\Symantec Shared
   [07/10/2008|19:15] C:\Program Files\Common Files\System
   [29/04/2008|17:50] C:\Program Files\Common Files\WindowsLiveInstaller
   [04/07/2008|22:55] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 81 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

   --------------------\\ Searching for hidden files with Catchme

   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-13 17:36:12
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 2

   --------------------\\ Searching for other infections

No other infections found !

   [F:57][D:21]-> C:\Users\PAULWE~1\AppData\Local\Temp
   [F:218][D:1]-> C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:1089][D:8]-> C:\Users\PAULWE~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:297][D:6]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 13/10/2008|17:40 - Option : [2]

--------------------\\ Scan completed at 17:40:10
[ UAC => 1 ]

paul3james
New Member

Date Joined Oct 2008
Total Posts : 6

Posted 10-13-2008 5:48 (GMT +1)

came up with an error, so not sure if it worked properly

Logfile of HijackThis v1.99.1
Scan saved at 17:47:00, on 13/10/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\hjt\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66008
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13619

Posted 10-13-2008 5:57 (GMT +1)

Delete this folder - C:\ProgramData\mfcd cast log. It is probably empty

How are things running now ?

Is it a Vista 64 bit, or Windows 2003 server you have

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

paul3james
New Member

Date Joined Oct 2008
Total Posts : 6

Posted 10-13-2008 6:47 (GMT +1)

cant seem to find that folder to delete.

Yeah its vista 32 bit.

Had no pop ups yet, not sure if running a bit slow or not.

Thanks for your help

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13619

Posted 10-14-2008 8:00 (GMT +1)

According to Your mail, try this ->

Download: CCleaner
http://www.majorgeeks.com/download4191.html
http://www.ccleaner.com/
Once installed, run CCleaner click the Windows tab

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data

Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit (reboot)

Then ->

Please download Malwarebytes' Anti-Malware:

http://www.spywarefri.dk/downloads1/mbam-setup.exe

Or here:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, and tell how things are running now ?

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

paul3james
New Member

Date Joined Oct 2008
Total Posts : 6

Posted 10-15-2008 10:15 (GMT +1)

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 6.0.6001 Service Pack 1

15/10/2008 22:14:09
mbam-log-2008-10-15 (22-14-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 193858
Time elapsed: 1 hour(s), 36 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

paul3james
New Member

Date Joined Oct 2008
Total Posts : 6

Posted 10-15-2008 10:19 (GMT +1)

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 6.0.6001 Service Pack 1

15/10/2008 22:14:09
mbam-log-2008-10-15 (22-14-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 193858
Time elapsed: 1 hour(s), 36 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13619

Posted 10-17-2008 5:45 (GMT +1)

How are things running ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Forum Information

Currently it is Friday, November 21, 2008 1:08 PM (GMT +1)
There are a total of 63.985 posts in 15.829 threads.
In the last 3 days there were 34 new threads and 167 reply posts. View Active Threads