[kornex]

I keep getting these CID popups!!! I have ran all types of free ware spyware scans and nothing seems to have worked i normally use firefox and they usually come in IE but its extremely annoying and its slowing down my pc.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:34:51, on 2007-11-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\osk\Pulpit\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [joyaudio] C:\DOCUME~1\osk\DANEAP~1\BROWSE~1\Locks Proc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 4198 bytes

 

[tetonbob]

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you're not already receiving help elsewhere, please read and perform the following:

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

I need more information before continuing, please.

For now, I'd like a more comprehensive set of logs from Deckard's System Scanner.

---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

When it does, just close it, please. Next....
---------------------------------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:
   C:\Deckard\System Scanner\extra.txt
   ​
3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

 

[kornex]

Hijackthis (CID) popups Someone HELP

I have scanned my computer with various ant-virus / spyware programs and nothing seems to get these annoying popups to disapear. If anyone has some advice for me i would greatly appreciate it.

Deckard's System Scanner v20071014.68
Run by osk on 2007-11-20 22:01:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 9.72 GiB (less than 15%) free.


-- HijackThis (run as osk.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:24, on 2007-11-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\osk\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\osk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [joyaudio] C:\DOCUME~1\osk\DANEAP~1\BROWSE~1\Locks Proc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3753 bytes

-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 20:11:35 0 d-------- C:\Program Files\Trend Micro
2007-11-20 19:58:49 0 d-------- C:\Program Files\Ventrilo
2007-11-11 18:42:49 0 d-------- C:\Program Files\Activision
2007-11-11 18:08:39 0 d-------- C:\rome
2007-11-11 15:42:48 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-11 15:41:11 0 d-------- C:\Program Files\Common Files\BitDefender
2007-11-10 23:04:17 0 d-------- C:\Program Files\rome total war
2007-11-10 22:53:38 0 d-------- C:\WINDOWS\system32\appmgmt
2007-11-10 22:30:01 0 d-------- C:\Program Files\7-Zip
2007-10-31 14:11:05 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-20 10:44:20 0 d-------- C:\cra


-- Find3M Report ---------------------------------------------------------------

2007-11-20 22:01:13 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\uTorrent
2007-11-20 20:15:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 19:48:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 19:44:00 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\Skype
2007-11-11 17:30:48 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\Joost
2007-11-11 15:41:11 0 d-------- C:\Program Files\Common Files
2007-11-11 13:23:10 355486 --a----c- C:\WINDOWS\system32\perfh015.dat
2007-11-11 13:23:10 49492 --a----c- C:\WINDOWS\system32\perfc015.dat
2007-11-09 18:09:11 0 d-------- C:\Program Files\Musicnotes
2007-11-09 18:05:14 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\Uniblue
2007-11-08 17:58:28 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\Browse City Mags
2007-10-24 14:05:25 0 d-------- C:\Program Files\MissionRisk
2007-10-16 15:01:58 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\Azureus
2007-10-12 16:31:23 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-10-12 16:31:00 0 d-------- C:\Program Files\Common Files\Download Manager
2007-10-09 13:22:27 0 d-------- C:\Program Files\risk2
2007-10-09 13:10:15 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\GetRightToGo
2007-10-07 17:55:20 0 d-------- C:\Program Files\Joost
2007-10-06 12:41:03 0 d-------- C:\Program Files\Steam
2007-10-03 13:18:26 0 d-------- C:\Program Files\iTunes
2007-10-03 13:17:59 0 d-------- C:\Program Files\Last.fm
2007-10-02 16:02:49 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\Google
2007-10-02 16:02:21 0 d-------- C:\Program Files\Google
2007-09-29 13:10:06 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\AdobeAUM
2007-09-29 13:10:04 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\Adobe
2007-09-29 12:58:51 0 d-------- C:\Documents and Settings\osk\Dane aplikacji\Leadertech
2007-09-22 00:28:23 0 d-------- C:\Program Files\Skype
2007-09-22 00:26:01 0 d-------- C:\Program Files\Common Files\Skype
2007-09-21 13:17:41 0 d-------- C:\Program Files\DivX
2007-09-17 12:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 12:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 12:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 12:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-08-20 18:26:52 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 18:26:52 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 13:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 07:35]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]
"joyaudio"="C:\DOCUME~1\osk\DANEAP~1\BROWSE~1\Locks Proc.exe" [2007-11-08 17:57]

C:\Documents and Settings\osk\Menu Start\Programy\Autostart\
PowerReg Scheduler V3.exe [2007-09-29 12:59:11]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
AutoRun\command- X:\setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
AutoRun\command- Y:\setup\rsrc\Autorun.exe




-- End of Deckard's System Scanner: finished at 2007-11-20 22:01:47 ------------

 

[tetonbob]

Hello, kornex -

I'm not sure if you lost your original thread, and were replying with the info I requested in a new thread, or just created a new one on your own...but since it's mostly worked out, I've merged the two threads, and will be helping you out.

Please keep all replies to this issue in this thread. Bookmark it if needed so you may more easily return to it.

I'll be better able to help you if you also provide the extra.txt file DSS should have created. It should be located at C:\Deckard\System Scanner, or in a numbered folder within that location. If you find it, please post it.

If you do not find it, please do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"C:\Documents and Settings\osk\Pulpit\dss.exe" /config ​

Click on "Check All"

Click on "Uncheck All"

On the right side, under Extra Log, check all except "Event Logs".

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.

Also, please do this:

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply