Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » CiD popup help please(RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

CiD popup help please(RESOLVED)

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 22-12-2007, 11:45 AM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 9
jess1986 Is a beginner here at D-A-L
Smile CiD popup help please(RESOLVED)
Had these CiD popups coming up and replacing my webpages that im using every few mins for the past 2 weeks there driving me nuts, tried all sorts of scan programs but none detect anything, i was told by someone to download hijackthis so i have and this is what came up -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:37, on 22/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Grim chic] "C:\ProgramData\SizeJoyJoy.zcb25"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - (no file)

--
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 23-12-2007, 05:27 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: CiD popup help please
Welcome,

Let's see, I am seeing three anti-virus programs running on your PC.
You are strongly advised to uninstall all but one, that is all you need and having more then one can actually lower your security.




Please Download NoLop to your desktop from the links below...

NOLOP

If you are useing firefox you may have to right click NOLOP and select "open link in new window"


First close any other programs you have running as this will require a reboot.

Double click NoLop.exe to run it.



Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>

When scanning is finished you will be prompted to reboot only if infected, Click OK.

Now click the "REBOOT" Button.

A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --


New hijackthis log please
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 23-12-2007, 09:11 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 9
jess1986 Is a beginner here at D-A-L
Smile Re: CiD popup help please
hiya again, i tried to download that nolop thing and it came up with a error every time i pressed search and destroy also i uninstalled mcafee few weeks ago but it seems to be still showing up, im going to keep avg on so shall i uninstall superantispyware? thanks. jess.

also tried the other link, couldnt get it to work.
Last edited by jess1986; 23-12-2007 at 09:23 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 23-12-2007, 09:36 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: CiD popup help please
Did you see this in my post:

Quote:
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

If NOLOP will still not run do the below please




If you have previously downloaded ComboFix,please delete that version now.

Now download http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.


I would keep super antispyware and avg, we can get rid of remnents of mcafee and symantec in a little bit.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 24-12-2007, 07:22 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 9
jess1986 Is a beginner here at D-A-L
Re: CiD popup help please
right, i finally got it to work here is the combofix log

ComboFix 07-12-21.4 - jessica 2007-12-24 17:34:58.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.358 [GMT 0:00]
Running from: C:\Users\jessica\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\jessica\AppData\Roaming\macromedia\Flash Player\#SharedObjects\R8TKFQZW\iforex.com
C:\Users\jessica\AppData\Roaming\macromedia\Flash Player\#SharedObjects\R8TKFQZW\iforex.com\Emerp\Ev ents\flash_object.swf\user_data.sol
C:\Users\jessica\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com
C:\Users\jessica\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-22 13:01 . 2007-12-22 13:01 <DIR> d-------- C:\Users\jessica\AppData\Roaming\Apple Computer
2007-12-21 23:03 . 2007-12-21 23:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 22:46 . 2007-12-21 22:48 <DIR> d-------- C:\Users\jessica\AppData\Roaming\RegClean
2007-12-14 18:27 . 2007-12-14 18:27 <DIR> d-------- C:\Program Files\Abexo
2007-12-14 17:56 . 2007-12-15 20:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 09:58 . 2007-12-14 09:58 256 --a------ C:\Windows\adaway.lic
2007-12-13 17:00 . 2007-12-13 17:00 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-13 16:59 . 2007-12-13 16:59 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-13 16:59 . 2007-12-13 16:59 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-13 16:59 . 2007-12-13 16:59 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-13 16:55 . 2007-12-13 16:55 56,320 --a------ C:\Windows\System32\iesetup.dll
2007-12-13 16:55 . 2007-12-13 16:55 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2007-12-13 16:52 . 2007-12-13 16:52 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-13 16:52 . 2007-12-13 16:52 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-13 16:52 . 2007-12-13 16:52 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-13 16:52 . 2007-12-13 16:52 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-13 16:44 . 2007-12-13 16:44 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-13 16:44 . 2007-12-13 16:44 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-13 16:43 . 2007-12-13 16:43 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-12 21:07 . 2007-12-12 21:07 <DIR> d-------- C:\Windows\RegistryCleaner
2007-12-12 20:29 . 2007-12-12 20:29 <DIR> d-------- C:\Users\jessica\AppData\Roaming\CyberLink
2007-12-12 20:08 . 2007-12-12 20:09 <DIR> d-------- C:\Users\jessica\AppData\Roaming\SpywareBot
2007-12-12 19:23 . 2007-12-12 19:26 <DIR> d-------- C:\Users\jessica\AppData\Roaming\PrevxCSI
2007-12-12 19:23 . 2007-12-12 19:23 <DIR> d-------- C:\ProgramData\Prevx
2007-12-11 12:39 . 2007-12-12 17:19 1,896 --a------ C:\Windows\System32\SDRemoveDB.db
2007-12-11 12:38 . 2007-12-12 17:07 63 --a------ C:\Windows\system\SysSD.dll
2007-12-10 22:14 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2007-12-10 21:28 . 2007-12-24 09:55 <DIR> d-------- C:\Users\jessica\AppData\Roaming\AVG7
2007-12-10 21:28 . 2007-12-21 12:19 55,304 --a------ C:\Windows\System32\drivers\avgwfp.sys
2007-12-10 21:28 . 2007-12-10 21:28 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2007-12-10 21:27 . 2007-12-10 21:27 <DIR> d-------- C:\ProgramData\Grisoft
2007-12-10 21:27 . 2007-12-10 21:31 <DIR> d-------- C:\ProgramData\avg7
2007-12-10 21:11 . 2007-12-10 21:11 <DIR> d-------- C:\Windows\PCHEALTH
2007-12-10 21:01 . 2007-12-10 21:11 <DIR> d-------- C:\Program Files\Windows Live
2007-12-10 21:01 . 2007-12-10 21:11 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-10 21:00 . 2007-12-10 21:00 <DIR> d-------- C:\ProgramData\WLInstaller
2007-12-09 00:26 . 2007-12-10 21:53 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-08 20:57 . 2007-12-08 23:49 <DIR> d-------- C:\ProgramData\STOPzilla!
2007-12-08 20:57 . 2007-12-08 20:57 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-12-08 00:09 . 2007-12-08 00:09 <DIR> d-------- C:\ProgramData\SiteAdvisor
2007-12-08 00:09 . 2007-12-08 00:09 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-07 22:42 . 2007-12-07 22:42 <DIR> d-------- C:\ProgramData\Safe extra mode
2007-12-07 22:42 . 2007-12-08 20:37 <DIR> d-------- C:\ProgramData\LICENSE FORD HOPE DRAW
2007-11-27 22:36 . 2007-12-19 22:59 230,424 --a------ C:\img2-001.raw

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-21 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 23:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-20 09:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-14 17:56 --------- d-----w C:\Users\jessica\AppData\Roaming\SUPERAntiSpyware. com
2007-12-14 10:04 --------- d-----w C:\Program Files\Google
2007-12-13 16:56 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 20:29 --------- d-----w C:\ProgramData\CyberLink
2007-12-12 19:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-08 20:37 --------- d-----w C:\ProgramData\McAfee
2007-12-08 13:15 --------- d-----w C:\Users\jessica\AppData\Roaming\SiteAdvisor
2007-12-04 10:29 --------- d-----w C:\Program Files\Java
2007-11-26 23:33 --------- d-----w C:\Users\jessica\AppData\Roaming\LimeWire
2007-11-21 20:10 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2007-11-21 20:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-21 20:02 --------- d-----w C:\ProgramData\Symantec
2007-11-21 20:02 --------- d-----w C:\Program Files\Symantec
2007-10-18 11:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll
2007-10-11 09:12 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 09:12 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-11 09:09 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-09-08 19:35 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 12:35]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Grim chic"="C:\ProgramData\SizeJoyJoy.wqqscw3" [2007-12-23 21:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 09:07 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 21:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2006-09-19 08:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 12:19]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-10 21:27]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-10 21:28 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders credssp.dll

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-21 12:19]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-25 16:19]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-05-11 16:28]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 07:30]
S3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 07:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 0938 C:\Windows\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
"2007-12-13 16:25:38 C:\Windows\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2007-12-23 23:47:37 C:\Windows\Tasks\User_Feed_Synchronization-{238D96AB-AFEB-4DFE-94D0-5388151FED2A}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 17:39:15
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 24-12-2007, 07:28 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 9
jess1986 Is a beginner here at D-A-L
Re: CiD popup help please
new hijackthis log-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:12, on 24/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Grim chic] "C:\ProgramData\SizeJoyJoy.wqqscw3"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 26-12-2007, 01:14 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: CiD popup help please
Mcafee uninstaller:

http://service.mcafee.com/FAQDocumen...c=4105&partner

Symantec uninstaller:

http://service1.symantec.com/SUPPORT...05033108162039


From add/remove program please remove:

spywareBot
Adaway

Reboot afterwards



Run hijackthis and click on "scan system only" button and put checks next to these:


O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [Grim chic] "C:\ProgramData\SizeJoyJoy.wqqscw3" > if you don't know what this is fix it, maybe LOP infection



Everything closed out but hijackthis and click on "fix checked"






Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:



DELETE FOLDERS

C:\ProgramData\SizeJoyJoy.wqqscw3 > if not known delete
C:\ProgramData\LICENSE FORD HOPE DRAW
C:\ProgramData\Safe extra mode


Reboot your PC


Scan these please:


Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:


C:\Windows\system\SysSD.dll


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html


Do the same for this please:

C:\Windows\System32\SDRemoveDB.db


New hijackthis log please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 30-12-2007, 10:52 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 9
jess1986 Is a beginner here at D-A-L
Re: CiD popup help please
the results of virustotal-

File SysSD.dll received on 12.30.2007 22:01:36 (CET)


Result: 0/32 (0%)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.30 -
Authentium 4.93.8 2007.12.30 -
Avast 4.7.1098.0 2007.12.30 -
AVG 7.5.0.516 2007.12.30 -
BitDefender 7.2 2007.12.30 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.30 -
DrWeb 4.44.0.09170 2007.12.30 -
eSafe 7.0.15.0 2007.12.30 -
eTrust-Vet 31.3.5412 2007.12.29 -
Ewido 4.0 2007.12.30 -
FileAdvisor 1 2007.12.30 -
Fortinet 3.14.0.0 2007.12.30 -
F-Prot 4.4.2.54 2007.12.29 -
F-Secure 6.70.13030.0 2007.12.30 -
Ikarus T3.1.1.15 2007.12.30 -
Kaspersky 7.0.0.125 2007.12.30 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.30 -
NOD32v2 2757 2007.12.30 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.30 -
Prevx1 V2 2007.12.30 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.30 -
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2007.12.30 -
TheHacker 6.2.9.175 2007.12.29 -
VBA32 3.12.2.5 2007.12.29 -
VirusBuster 4.3.26:9 2007.12.30 -
Webwasher-Gateway 6.6.2 2007.12.30 -
Additional information
File size: 63 bytes
MD5: 75522539451db1007f0eddcfd57c6d86
SHA1: fd295c65eeb442ccb134e472e46356cc71b99706
PEiD: -
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 30-12-2007, 11:03 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 9
jess1986 Is a beginner here at D-A-L
Re: CiD popup help please
File SDRemoveDB.db received on 12.30.2007 2247 (CET)

Result: 0/32 (0%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.30 -
Authentium 4.93.8 2007.12.30 -
Avast 4.7.1098.0 2007.12.30 -
AVG 7.5.0.516 2007.12.30 -
BitDefender 7.2 2007.12.30 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.30 -
DrWeb 4.44.0.09170 2007.12.30 -
eSafe 7.0.15.0 2007.12.30 -
eTrust-Vet 31.3.5412 2007.12.29 -
Ewido 4.0 2007.12.30 -
FileAdvisor 1 2007.12.30 -
Fortinet 3.14.0.0 2007.12.30 -
F-Prot 4.4.2.54 2007.12.29 -
F-Secure 6.70.13030.0 2007.12.30 -
Ikarus T3.1.1.15 2007.12.30 -
Kaspersky 7.0.0.125 2007.12.30 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.30 -
NOD32v2 2757 2007.12.30 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.30 -
Prevx1 V2 2007.12.30 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.30 -
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2007.12.30 -
TheHacker 6.2.9.175 2007.12.29 -
VBA32 3.12.2.5 2007.12.29 -
VirusBuster 4.3.26:9 2007.12.30 -
Webwasher-Gateway 6.6.2 2007.12.30 -
Additional information
File size: 1896 bytes
MD5: 1c2a4aa7fae50776b10797859a5d1a70
SHA1: e06850e4c66ef7e4d8eab863f74bf0e6b677d8ed
PEiD: -
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 30-12-2007, 11:05 PM
Newbie
D-A-L Newbie
  
Join Date: Dec 2007
Posts: 9
jess1986 Is a beginner here at D-A-L
Re: CiD popup help please
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04, on 2007-12-30
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Hope Draw Obj Funk] "C:\ProgramData\delete great dash.hq8l4"
O4 - HKCU\..\Run: [Grim chic] "C:\ProgramData\SizeJoyJoy.lzwpbb"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 5228 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CiD popup problem(RESOLVED) Neutronx Spyware, Adware, Viruses and HijackThis Logs 6 05-07-2008 06:57 PM
Popup help(RESOLVED) Pyromaniac Spyware, Adware, Viruses and HijackThis Logs 5 19-05-2008 03:05 PM
CID popup (RESOLVED) krazyflip Spyware, Adware, Viruses and HijackThis Logs 5 20-09-2007 08:53 PM
CiD popup hijack(RESOLVED) irishredsc Spyware, Adware, Viruses and HijackThis Logs 9 08-06-2007 11:05 PM
cid popup help! RESOLVED) ljegal Spyware, Adware, Viruses and HijackThis Logs 5 12-04-2007 02:37 PM


All times are GMT +1. The time now is 09:45 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav