Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help - got some cid pop up virus
   
BullGuard Antivirus Forum > Virus > Virus Questions > Help - got some cid pop up virus  
Forum Quick Jump
 
New Topic Post reply to : Help - got some cid pop up virus Printable version of : Help - got some cid pop up virus
[ << Previous Thread | Next Thread >> ]

paul3james
New Member


Date Joined Oct 2008
Total Posts : 6
  		   Posted 10-12-2008 9:51 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
hi there
 
can anyone help, i have a cid pop up, these pop ups keep coming up and i think its slowing my computer down.
 
 
how can i delete it? ive got norton 360 and it doesnt delete it. ive got vista.
 
 
thanks
 
Paul
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-13-2008 5:49 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
Hello smile
 
 
Download LopSD by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
 Double-click LopSD.exe
If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
Download this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe
 
Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT
Run hijackthis.  (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.
HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.
Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.
 
Post hijackthis log, along with LopSD. It can be found here: C: LopSD txt 
 
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

paul3james
New Member


Date Joined Oct 2008
Total Posts : 6
  		   Posted 10-13-2008 5:44 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus

   --------------------\\  Lop S&D 4.2.4-5   XP/Vista
   Microsoft® Windows Vista™ Home Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     T9300  @ 2.50GHz )
   BIOS : Ver 1.00PARTTBL8
   USER : Paul Webber ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton 360 2007 (Activated)
   Firewall  : Norton 360 2007 (Activated)
   C:\ (Local Disk) - NTFS - Total : 220 Go Free : 130 Go
   D:\ (Local Disk) - NTFS - Total : 11 Go Free : 2 Go
   E:\ (CD or DVD)
   "C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
   Option : [2] ( 13/10/2008|17:35 )
   [ UAC => 1 ]
   Deleted! - C:\ProgramData\Okay meta anti lite\Film Amen.exe
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\DivoCodec\HomePage.lnk
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\DivoCodec\Uninstall.lnk
   Deleted! - C:\Users\PAULWE~1\Desktop\GalaPlayer-1.3.0.0-setup.exe
   Deleted! - C:\Windows\Prefetch\GALAPLAYER.EXE-1F738625.pf
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\Cookies\paul_webber@advertising[1].txt
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\Cookies\paul_webber@adopt.euroclick[1].txt
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\Cookies\paul_webber@www.lop[1].txt
   Deleted! - C:\ProgramData\Itch Creative Creative.0uc6c
   Deleted! - C:\ProgramData\Itch Creative Creative.da1m2
   Deleted! - C:\ProgramData\Itch Creative Creative.e2q3k
   Deleted! - C:\ProgramData\Itch Creative Creative.ffury
   Deleted! - C:\ProgramData\Itch Creative Creative.igedt
   Deleted! - C:\ProgramData\Itch Creative Creative.nik85
   Deleted! - C:\ProgramData\Itch Creative Creative.oxn8y
   Deleted! - C:\ProgramData\Itch Creative Creative.rd9rm
   Deleted! - C:\ProgramData\Itch Creative Creative.0rsr5d
   Deleted! - C:\ProgramData\Itch Creative Creative.4kpt5e
   Deleted! - C:\ProgramData\Itch Creative Creative.bqa9q8
   Deleted! - C:\ProgramData\Itch Creative Creative.cofulo
   Deleted! - C:\ProgramData\Itch Creative Creative.cvkzm9
   Deleted! - C:\ProgramData\Itch Creative Creative.fl6yn3
   Deleted! - C:\ProgramData\Itch Creative Creative.kuygfz
   Deleted! - C:\ProgramData\Itch Creative Creative.q8s5n1
   Deleted! - C:\ProgramData\Itch Creative Creative.z4pg4n
   Deleted! - C:\ProgramData\atom bin bows.n1y97dd
   Deleted! - C:\ProgramData\Itch Creative Creative.01w0kzu
   Deleted! - C:\ProgramData\Itch Creative Creative.2sw06fi
   Deleted! - C:\ProgramData\Itch Creative Creative.ak2zz7v
   Deleted! - C:\ProgramData\Itch Creative Creative.bzuhycj
   Deleted! - C:\ProgramData\Itch Creative Creative.lwq7oq8
   Deleted! - C:\ProgramData\Itch Creative Creative.njzeld9
   Deleted! - C:\ProgramData\Itch Creative Creative.qdscdlm
   Deleted! - C:\ProgramData\Itch Creative Creative.uysfyxd
   Deleted! - C:\ProgramData\Itch Creative Creative.xh6fxe9
   Deleted! - C:\ProgramData\Okay meta anti lite
   Deleted! - C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\DivoCodec
   -
   [ Hosts file ] .. Restored!
 
   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
   Deleted! - C:\Program Files\Viewpoint
   Deleted! - C:\PROGRA~2\Viewpoint
 
   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
 
   --------------------\\  Listing folders in Local 
   [09/10/2008|19:18] C:\Users\PAULWE~1\AppData\Local\Adobe
   [25/08/2008|14:59] C:\Users\PAULWE~1\AppData\Local\Apple
   [25/08/2008|15:09] C:\Users\PAULWE~1\AppData\Local\Apple Computer
   [13/04/2008|14:01] C:\Users\PAULWE~1\AppData\Local\Application Data
   [09/10/2008|20:47] C:\Users\PAULWE~1\AppData\Local\Apps
   [13/04/2008|14:15] C:\Users\PAULWE~1\AppData\Local\AtStart.txt
   [23/07/2008|18:23] C:\Users\PAULWE~1\AppData\Local\d3d9caps.dat
   [12/10/2008|19:12] C:\Users\PAULWE~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [13/04/2008|14:15] C:\Users\PAULWE~1\AppData\Local\DigitalPersona
   [13/04/2008|14:07] C:\Users\PAULWE~1\AppData\Local\Downloaded Installations
   [13/04/2008|14:15] C:\Users\PAULWE~1\AppData\Local\DSwitch.txt
   [11/07/2008|18:19] C:\Users\PAULWE~1\AppData\Local\GDIPFONTCACHEV1.DAT
   [20/06/2008|21:08] C:\Users\PAULWE~1\AppData\Local\Google
   [22/06/2008|22:02] C:\Users\PAULWE~1\AppData\Local\Hewlett-Packard
   [13/04/2008|14:01] C:\Users\PAULWE~1\AppData\Local\History
   [12/10/2008|22:10] C:\Users\PAULWE~1\AppData\Local\IconCache.db
   [01/10/2008|19:47] C:\Users\PAULWE~1\AppData\Local\JockerSoft
   [08/10/2008|20:34] C:\Users\PAULWE~1\AppData\Local\Microsoft
   [23/04/2008|19:51] C:\Users\PAULWE~1\AppData\Local\Microsoft Games
   [13/04/2008|14:15] C:\Users\PAULWE~1\AppData\Local\QSwitch.txt
   [04/08/2008|19:39] C:\Users\PAULWE~1\AppData\Local\QuickPlay
   [13/10/2008|17:35] C:\Users\PAULWE~1\AppData\Local\Temp
   [13/04/2008|14:01] C:\Users\PAULWE~1\AppData\Local\Temporary Internet Files
   [25/08/2008|15:02] C:\Users\PAULWE~1\AppData\Local\VirtualStore
 
   --------------------\\  Scheduled Tasks located in C:\Windows\Tasks
   [29/04/2008 17:52][--a------] C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
   [13/10/2008 17:25][--ah-----] C:\Windows\tasks\SA.DAT
   [12/10/2008 22:11][--a------] C:\Windows\tasks\SCHEDLGU.TXT
   --------------------\\  Listing Folders in C:\ProgramData
  
   [07/01/2008|00:05] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
   [07/10/2008|12:31] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [09/07/2008|20:29] C:\ProgramData\Adobe
   [25/08/2008|14:59] C:\ProgramData\Apple
   [25/08/2008|15:00] C:\ProgramData\Apple Computer
   [02/11/2006|14:02] C:\ProgramData\Application Data
   [23/08/2008|17:57] C:\ProgramData\Azureus
   [19/04/2008|18:43] C:\ProgramData\CyberLink
   [02/11/2006|14:02] C:\ProgramData\Desktop
   [02/11/2006|14:02] C:\ProgramData\Documents
   [14/04/2008|13:59] C:\ProgramData\Downloaded Installations
   [13/04/2008|14:08] C:\ProgramData\Electronic Arts
   [02/11/2006|14:02] C:\ProgramData\Favorites
   [20/06/2008|21:05] C:\ProgramData\Google
   [13/04/2008|14:16] C:\ProgramData\Hewlett-Packard
   [13/04/2008|21:22] C:\ProgramData\HP
   [21/07/2008|21:52] C:\ProgramData\InstallShield
   [28/02/2008|06:23] C:\ProgramData\Macrovision
   [09/10/2008|12:53] C:\ProgramData\mfcd cast log
   [08/10/2008|20:34] C:\ProgramData\Microsoft
   [16/09/2008|17:39] C:\ProgramData\Microsoft Help
   [23/04/2008|19:53] C:\ProgramData\MinigolfAdventures
   [06/01/2008|23:52] C:\ProgramData\muvee Technologies
   [09/07/2008|20:30] C:\ProgramData\Nokia
   [07/10/2008|19:09] C:\ProgramData\NVIDIA
   [09/07/2008|20:40] C:\ProgramData\PC Suite
   [02/11/2006|14:02] C:\ProgramData\Start Menu
   [31/08/2008|10:21] C:\ProgramData\Symantec
   [17/08/2008|10:11] C:\ProgramData\TEMP
   [02/11/2006|14:02] C:\ProgramData\Templates
   [04/08/2008|18:32] C:\ProgramData\WildTangent
   [29/04/2008|17:48] C:\ProgramData\WLInstaller
   [01/10/2008|18:56] C:\ProgramData\Yahoo! Companion
   --------------------\\  Listing Folders in C:\Program Files
   [01/10/2008|19:19] C:\Program Files\AC3Filter
   [07/01/2008|00:05] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [13/07/2008|15:07] C:\Program Files\Adobe
   [06/01/2008|23:16] C:\Program Files\AIM6
   [12/10/2008|19:49] C:\Program Files\AOL
   [28/02/2008|06:04] C:\Program Files\Apoint2K
   [25/08/2008|14:59] C:\Program Files\Apple Software Update
   [25/08/2008|15:09] C:\Program Files\Common Files
   [28/02/2008|06:07] C:\Program Files\CONEXANT
   [28/02/2008|06:20] C:\Program Files\CyberLink
   [28/02/2008|06:23] C:\Program Files\DigitalPersona
   [01/10/2008|18:55] C:\Program Files\DivX
   [13/04/2008|14:08] C:\Program Files\Electronic Arts
   [28/02/2008|06:01] C:\Program Files\Fingerprint Sensor
   [21/06/2008|18:23] C:\Program Files\Google
   [28/02/2008|06:17] C:\Program Files\Hewlett-Packard
   [27/04/2008|14:40] C:\Program Files\Hp
   [28/02/2008|06:22] C:\Program Files\HP Games
   [13/04/2008|14:02] C:\Program Files\HPQ
   [21/07/2008|21:49] C:\Program Files\InstallShield Installation Information
   [28/02/2008|06:07] C:\Program Files\Intel
   [07/10/2008|19:15] C:\Program Files\Internet Explorer
   [07/10/2008|21:02] C:\Program Files\Java
   [01/10/2008|19:46] C:\Program Files\JockerSoft
   [14/06/2008|15:04] C:\Program Files\LimeWire
   [28/02/2008|06:08] C:\Program Files\Marvell
   [14/04/2008|15:54] C:\Program Files\Maxis
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [07/01/2008|00:04] C:\Program Files\Microsoft Office
   [06/01/2008|23:40] C:\Program Files\Microsoft Works
   [07/01/2008|00:04] C:\Program Files\Microsoft.NET
   [07/10/2008|19:15] C:\Program Files\Movie Maker
   [02/11/2006|13:37] C:\Program Files\MSBuild
   [13/04/2008|20:21] C:\Program Files\MSXML 4.0
   [06/01/2008|23:52] C:\Program Files\muvee Technologies
   [28/02/2008|06:05] C:\Program Files\NetWaiting
   [13/10/2008|17:25] C:\Program Files\NoAdware
   [21/07/2008|21:49] C:\Program Files\Nokia
   [16/09/2008|18:06] C:\Program Files\Norton 360
   [13/04/2008|14:09] C:\Program Files\Online Services
   [09/07/2008|20:25] C:\Program Files\PC Connectivity Solution
   [25/08/2008|15:01] C:\Program Files\QuickTime
   [04/07/2008|22:55] C:\Program Files\Real
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [12/10/2008|19:44] C:\Program Files\SP38886
   [20/06/2008|21:12] C:\Program Files\Sun
   [20/07/2008|19:16] C:\Program Files\Symantec
   [12/10/2008|21:35] C:\Program Files\Trend Micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [23/08/2008|18:00] C:\Program Files\uTorrent
   [23/08/2008|18:07] C:\Program Files\Vuze
   [28/02/2008|06:08] C:\Program Files\WIDCOMM
   [07/10/2008|19:15] C:\Program Files\Windows Calendar
   [07/10/2008|19:15] C:\Program Files\Windows Collaboration
   [07/10/2008|19:15] C:\Program Files\Windows Defender
   [07/10/2008|19:15] C:\Program Files\Windows Journal
   [29/04/2008|17:51] C:\Program Files\Windows Live
   [29/04/2008|17:52] C:\Program Files\Windows Live Favorites
   [29/04/2008|17:52] C:\Program Files\Windows Live Toolbar
   [07/10/2008|19:15] C:\Program Files\Windows Mail
   [07/10/2008|19:15] C:\Program Files\Windows Media Player
   [02/11/2006|13:37] C:\Program Files\Windows NT
   [07/10/2008|19:15] C:\Program Files\Windows Photo Gallery
   [07/10/2008|19:15] C:\Program Files\Windows Sidebar
   [28/02/2008|06:02] C:\Program Files\WinTV
   [01/10/2008|18:55] C:\Program Files\Yahoo!
   --------------------\\  Listing Folders in C:\Program Files\Common Files
   [05/06/2008|19:35] C:\Program Files\Common Files\Adobe
   [06/01/2008|23:15] C:\Program Files\Common Files\AOL
   [07/01/2008|00:04] C:\Program Files\Common Files\DESIGNER
   [21/07/2008|21:49] C:\Program Files\Common Files\InstallShield
   [07/01/2008|00:32] C:\Program Files\Common Files\Java
   [13/04/2008|14:02] C:\Program Files\Common Files\LightScribe
   [29/04/2008|17:51] C:\Program Files\Common Files\microsoft shared
   [06/01/2008|23:52] C:\Program Files\Common Files\muvee Technologies
   [09/07/2008|20:30] C:\Program Files\Common Files\Nokia
   [09/07/2008|20:28] C:\Program Files\Common Files\PCSuite
   [25/08/2008|15:09] C:\Program Files\Common Files\PX Storage Engine
   [04/07/2008|22:55] C:\Program Files\Common Files\Real
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [20/07/2008|19:13] C:\Program Files\Common Files\Symantec Shared
   [07/10/2008|19:15] C:\Program Files\Common Files\System
   [29/04/2008|17:50] C:\Program Files\Common Files\WindowsLiveInstaller
   [04/07/2008|22:55] C:\Program Files\Common Files\xing shared
   --------------------\\  Process
   ( 81 Processes )
   ... OK !
   --------------------\\  Searching with S_Lop
   No Lop folder found !
 
   --------------------\\  Searching for Lop Files - Folders
   No Lop folder found !
 
   --------------------\\  Searching within the Registry
   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
   ..... OK !
   --------------------\\  Checking the Hosts file
   Hosts file CLEAN

   --------------------\\  Searching for hidden files with Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-10-13 17:36:12
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 2
 
   --------------------\\  Searching for other infections

   No other infections found !
   [F:57][D:21]-> C:\Users\PAULWE~1\AppData\Local\Temp
   [F:218][D:1]-> C:\Users\PAULWE~1\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:1089][D:8]-> C:\Users\PAULWE~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:297][D:6]-> C:\$Recycle.Bin
   1 - "C:\Lop SD\LopR_1.txt" - 13/10/2008|17:40 - Option : [2]
   --------------------\\  Scan completed at 17:40:10
   [ UAC => 1 ]
 
Back to Top
 

paul3james
New Member


Date Joined Oct 2008
Total Posts : 6
  		   Posted 10-13-2008 5:48 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
came up with an error, so not sure if it worked properly

Logfile of HijackThis v1.99.1
Scan saved at 17:47:00, on 13/10/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\hjt\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66008
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-13-2008 5:57 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
Delete this folder - C:\ProgramData\mfcd cast log. It is probably empty
How are things running now ?
 
Is it a Vista 64 bit, or Windows 2003 server you have

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

paul3james
New Member


Date Joined Oct 2008
Total Posts : 6
  		   Posted 10-13-2008 6:47 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
cant seem to find that folder to delete.

Yeah its vista 32 bit.

Had no pop ups yet, not sure if running a bit slow or not.

Thanks for your help
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-14-2008 8:00 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
According to Your mail, try this ->
 
Download: CCleaner
http://www.majorgeeks.com/download4191.html
http://www.ccleaner.com/
Once installed, run CCleaner click the Windows tab

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

 
Then click Run Cleaner (bottom right) then Exit (reboot)
Then ->
Please download Malwarebytes' Anti-Malware:
http://www.spywarefri.dk/downloads1/mbam-setup.exe
 
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply, and tell how things are running now ?
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
 
 
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

paul3james
New Member


Date Joined Oct 2008
Total Posts : 6
  		   Posted 10-15-2008 10:15 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 6.0.6001 Service Pack 1
15/10/2008 22:14:09
mbam-log-2008-10-15 (22-14-09).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 193858
Time elapsed: 1 hour(s), 36 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Back to Top
 

paul3james
New Member


Date Joined Oct 2008
Total Posts : 6
  		   Posted 10-15-2008 10:19 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 6.0.6001 Service Pack 1
15/10/2008 22:14:09
mbam-log-2008-10-15 (22-14-09).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 193858
Time elapsed: 1 hour(s), 36 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-17-2008 5:45 (GMT +1)    Quote: Help - got some cid pop up virusAlert an admin about: Help - got some cid pop up virus
How are things running ?

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Post reply to : Help - got some cid pop up virus Printable version of : Help - got some cid pop up virus
 
Forum Information
Currently it is Saturday, November 21, 2009 3:26 PM (GMT +1)
There are a total of 73.033 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 70 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil.
38 Guest(s), 1 Registered Member(s) are currently online.  Details
Dickens
5 Latest Threads
Constant scanning andskipped files? (2)21-11-2009 14:20:07 (prolife)
Cannot install anti-virus softeware or do window updates... need help (17)21-11-2009 13:46:11 (superjesse)
Michael Vick jerseys (1)21-11-2009 09:42:37 (Dickens)
Arizona Cardinals Jerseys (1)21-11-2009 09:37:23 (Dickens)
How to remove this Malware/Virus (0)21-11-2009 06:54:16 (bozzack)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard