We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

CID pop ups & spyware blocked backdoor

Options
Shazza1976
Shazza1976 Posts: 90 Forumite
Part of the Furniture Combo Breaker
in Techie Stuff
I keep getting CID popups again :mad: I have all the following installed - mcafee,aol spyware,norton & bt protection, done all the scans says everything is ok:confused:
This morning a (backdoor) was blocked by aol spyware..i have just read the following about backdoor trojans - (Do you use your computer for any of the following? Online banking/Business purposes/storing sensitive or very personal information? If the answer to any of those questions is yes, then you should immediately disconnect your computer from the net and do a complete format and reinstall.
This is because your computer may be infected with backdoor trojans. These will have sent your info to a third party who may use that info for their own purposes. If you use online banking, then you should contact your bank and arrange to have your password changed immediately. You should also, change any other passwords you use as these may have also been compromised)

Should i do as it says or not? :confused:

Thanks
«13

Comments

  • pchelpman
    pchelpman Posts: 1,275 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    The choice is yours.

    Yes, you can save data, reformat & reinstall. That would make you almost 100% certain of being clean.



    If you want to try something else ... goto your control panel, add and remove programs, look for the live messenger update and the CiD malware installed with it.

    If you find it uninstall live messenger and the CiD pop ups should stop.

    You can also do this ...

    Download nolop from here …..


    http://www.spywareedge.net/nolop/NoLop.exe


    save anything you are working on and prepare for a possible reboot …..

    run nolop.exe…..

    click the button "search and destroy"…..

    when it's done it will prompt you to reboot if you are infected …..

    click the "reboot" button.

    Post the log which is saved to c:\nolop.log.


    Whatever you do please post a HijackThis log as well so we can try to see what needs fixing on your machine.

    In the meantime it would probably be wise for you to avoid any online transactions with the suspect computer.

    Use a safe computer to change all your online passwords etc.


    PCH
  • Shazza1976
    Shazza1976 Posts: 90 Forumite
    Part of the Furniture Combo Breaker
    I have already uninstalled the live messenger sponser but im still getting the pop ups, should i post hijackthis log on here??

    Thanks
  • pchelpman
    pchelpman Posts: 1,275 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    Run the nolop program, as I advised earlier, then post the nolop log AND a HJT log.


    PCH
  • robt_2
    robt_2 Posts: 3,401 Forumite
    Part of the Furniture Combo Breaker
    Shazza1976 wrote: »
    I keep getting CID popups again :mad: I have all the following installed - mcafee,aol spyware,norton & bt protection, done all the scans says everything is ok:confused:

    You should only have one antivirus installed btw :)

    i have just read the following about backdoor trojans - (Do you use your computer for any of the following? Online banking/Business purposes/storing sensitive or very personal information? If the answer to any of those questions is yes, then you should immediately disconnect your computer from the net and do a complete format and reinstall.

    Never heard such nonsense before!
  • fwor
    fwor Posts: 6,862 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    If it's a major problem to do a fresh re-install, then PCH's advice is the way to go.

    Did the AOL anti-spyware provide a name for the trojan/backdoor that it thinks you have? If so, look it up on one of the antivirus company websites (Sophos is quite good). Some of this malware really is very harmful - if yours has a keystroke logger and has successfully contacted it's controller then it really could have compromised all of your online user IDs and passwords.

    If you can live with it (e.g. if you don't have too many applications to reload) I would go with a format and re-install. Malware writers have become so sneaky that it's really the only way to be sure you're clean. For example, Mebroot, which has been around for a few months now, hides a payload in the hard disk's Master Boot Record. Many anti-virus and anti-spyware programs aren't currently able to detect this, let alone fix it.
  • Glass_Half_Empty??
    Glass_Half_Empty?? Posts: 785 Forumite
    Go to google pack and download spy doctor, it really is awesome and will clear most if not all of your nasties on the pc.
    Also you don't need to have all those anti-virus' and if you ask me they are crap :p
    Do yourself a favour and download avast anti virus, spy bot search and destroy, lava soft adaware and spy doctor. Avast will keep your computer protected all the time and the other three you can run daily or weekly to suit your needs and they should clear your pc up. When you have downloaded and installed them uninstall the others as you don't need them. McAfee especially takes up resources and slows down your computer, the things I have suggested can all be found by searching google and although will take an hour or two to get things going will be well worth it in the end :cool:
    Let us know how you get on duck.
  • Shazza1976
    Shazza1976 Posts: 90 Forumite
    Part of the Furniture Combo Breaker
    Nolop says no infected files ....heres the log

    hjt logComboFix 08-01-09.2 - sharon 2008-01-16 11:08:00.4 - NTFSx86
    Running from: C:\Documents and Settings\sharon\My Documents\My Downloads\ComboFix(1).exe
    .
    ((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
    .
    2008-01-16 10:08 . 2008-01-16 10:59 212 --a
    C:\delete.bat
    2008-01-16 09:55 . 2008-01-16 09:55 <DIR> d
    C:\WINDOWS\LastGood
    2008-01-13 01:03 . 2008-01-13 01:03 <DIR> d
    C:\Program Files\MSXML 6.0
    2008-01-11 21:18 . 2008-01-11 21:18 <DIR> d
    C:\Uk Tunez
    2008-01-11 20:09 . 2008-01-11 20:09 <DIR> d
    C:\Program Files\Windows Live
    2008-01-11 20:09 . 2008-01-11 20:09 <DIR> d
    C:\Program Files\Messenger Plus! Live
    2008-01-11 20:09 . 2008-01-11 20:09 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-01-11 17:37 . 2008-01-16 07:09 <DIR> d
    C:\Program Files\Norton Security Scan
    2008-01-11 12:03 . 2007-07-12 12:49 178,872 --a
    C:\WINDOWS\system32\drivers\PavProc.sys
    2008-01-11 12:03 . 2007-05-23 14:40 38,968 --a
    C:\WINDOWS\system32\drivers\ShlDrv51.sys
    2008-01-11 10:32 . 2008-01-11 10:47 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Dynacom
    2008-01-11 10:32 . 2008-01-11 10:32 <DIR> d
    C:\Documents and Settings\All Users\Application Data\{B73EC431-2F59-4E5E-9CEA-001681A75E3E}
    2008-01-11 10:28 . 2008-01-11 10:28 <DIR> d
    C:\Program Files\Common Files\Janus Systems Components
    2008-01-11 10:28 . 2008-01-11 10:28 <DIR> d
    C:\Program Files\Common Files\Data Dynamics
    2008-01-11 10:25 . 2008-01-11 10:25 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Dynacom
    2008-01-11 10:21 . 2008-01-11 10:21 <DIR> d
    C:\Program Files\Common Files\DynaZip
    2008-01-11 10:21 . 2008-01-11 10:28 <DIR> d
    C:\Program Files\Common Files\Dynacom Shared
    2008-01-11 10:17 . 2008-01-11 10:25 <DIR> d
    C:\Program Files\Dynacom Technologies, Inc
    2008-01-10 18:33 . 2008-01-11 12:27 <DIR> d
    C:\Program Files\Vsk3Demo
    2008-01-10 18:14 . 2008-01-10 19:01 <DIR> d
    C:\Documents and Settings\sharon\Application Data\MiniDm
    2008-01-10 18:01 . 2008-01-10 18:01 <DIR> d
    C:\Program Files\IEPro
    2008-01-10 18:01 . 2008-01-15 11:49 <DIR> d
    C:\Documents and Settings\sharon\Application Data\IEPro
    2008-01-10 14:42 . 2008-01-11 12:03 <DIR> d
    C:\Program Files\Common Files\Panda Software
    2008-01-10 09:49 . 2008-01-16 10:05 <DIR> d
    C:\Documents and Settings\sharon\Application Data\SUPERAntiSpyware.com
    2008-01-09 19:39 . 2008-01-09 19:39 <DIR> d
    C:\Program Files\Virtual Earth 3D
    2008-01-09 11:09 . 2008-01-12 23:40 <DIR> d
    C:\Documents and Settings\sharon\Application Data\.Torrent Swapper
    2008-01-09 09:44 . 2008-01-09 09:44 <DIR> d
    C:\Program Files\Windows Defender
    2008-01-09 09:38 . 2008-01-09 09:39 <DIR> d
    C:\Documents and Settings\sharon\Application Data\SpywareBot
    2008-01-07 13:52 . 2008-01-07 14:31 <DIR> d
    C:\Program Files\Spyware Doctor
    2008-01-04 11:23 . 2008-01-04 11:26 <DIR> d
    C:\NoLopBackups
    2008-01-01 18:44 . 2008-01-04 10:55 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Else plus
    2008-01-01 16:05 . 2008-01-01 16:05 <DIR> d
    C:\Program Files\Else plus
    2008-01-01 16:05 . 2008-01-01 16:05 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
    2008-01-01 16:04 . 2008-01-01 16:06 <DIR> d
    C:\Documents and Settings\rebecca\Application Data\Else plus
    2007-12-30 16:54 . 2008-01-16 09:48 54,156 --ah
    C:\WINDOWS\QTFont.qfn
    2007-12-30 16:54 . 2007-12-30 16:54 1,409 --a
    C:\WINDOWS\QTFont.for
    2007-12-27 15:11 . 2007-12-27 15:11 <DIR> d
    C:\Documents and Settings\sharon\Application Data\TransRender
    2007-12-27 15:11 . 2007-12-27 15:12 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Temporary
    2007-12-27 15:11 . 2007-12-27 15:11 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Samsung
    2007-12-27 15:11 . 2007-12-27 15:11 <DIR> d
    C:\Documents and Settings\sharon\Application Data\ConvertTemp
    2007-12-25 21:27 . 2008-01-05 22:34 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Ahead
    2007-12-25 17:44 . 2007-12-25 17:44 <DIR> d
    C:\Documents and Settings\rebecca\Phone Browser
    2007-12-25 17:32 . 2007-12-25 17:43 <DIR> d
    C:\Program Files\Kitty Luv
    2007-12-25 17:30 . 2007-12-25 17:30 36 --a
    C:\WINDOWS\Tiny_Run.ini
    2007-12-25 16:34 . 2007-12-25 16:34 <DIR> d
    C:\Documents and Settings\rebecca\Application Data\Apple Computer
    2007-12-25 16:23 . 2006-09-05 18:08 88,624 -ra
    C:\WINDOWS\system32\drivers\se59mgmt.sys
    2007-12-25 16:23 . 2006-09-05 18:06 18,704 -ra
    C:\WINDOWS\system32\drivers\se59nd5.sys
    2007-12-25 16:20 . 2006-09-05 18:06 90,800 -ra
    C:\WINDOWS\system32\drivers\se59unic.sys
    2007-12-25 16:20 . 2006-09-05 18:06 4,128 -ra
    C:\WINDOWS\system32\drivers\se59cr.sys
    2007-12-25 16:19 . 2006-09-05 18:09 86,432 -ra
    C:\WINDOWS\system32\drivers\se59obex.sys
    2007-12-25 16:18 . 2007-12-25 16:18 <DIR> d
    C:\Documents and Settings\rebecca\Application Data\Teleca
    2007-12-25 16:18 . 2006-09-05 18:07 97,088 -ra
    C:\WINDOWS\system32\drivers\se59mdm.sys
    2007-12-25 16:18 . 2006-09-05 18:07 9,360 -ra
    C:\WINDOWS\system32\drivers\se59mdfl.sys
    2007-12-25 16:18 . 2006-09-05 18:09 6,240 -ra
    C:\WINDOWS\system32\drivers\se59cmnt.sys
    2007-12-25 16:18 . 2006-09-05 18:09 6,240 -ra
    C:\WINDOWS\system32\drivers\se59cm.sys
    2007-12-25 16:16 . 2007-12-25 16:16 <DIR> d
    C:\Documents and Settings\rebecca\Application Data\Sony Ericsson
    2007-12-25 15:20 . 2006-09-05 18:07 61,536 -ra
    C:\WINDOWS\system32\drivers\se59bus.sys
    2007-12-25 15:20 . 2006-09-05 18:06 5,872 -ra
    C:\WINDOWS\system32\drivers\se59whnt.sys
    2007-12-25 15:20 . 2006-09-05 18:06 5,872 -ra
    C:\WINDOWS\system32\drivers\se59wh.sys
    2007-12-25 14:22 . 2007-12-25 14:22 0 --a
    C:\WINDOWS\mngui.INI
    2007-12-25 11:29 . 2007-12-25 11:29 <DIR> d
    C:\Program Files\Disc2Phone
    2007-12-25 11:24 . 2006-11-10 09:47 90,800 -ra
    C:\WINDOWS\system32\drivers\se2Bunic.sys
    2007-12-25 11:24 . 2006-11-10 09:47 88,688 -ra
    C:\WINDOWS\system32\drivers\SE2Bmgmt.sys
    2007-12-25 11:24 . 2006-11-10 09:47 86,560 -ra
    C:\WINDOWS\system32\drivers\SE2Bobex.sys
    2007-12-25 11:24 . 2006-11-10 09:47 18,704 -ra
    C:\WINDOWS\system32\drivers\se2Bnd5.sys
    2007-12-25 11:24 . 2006-11-10 09:46 4,128 -ra
    C:\WINDOWS\system32\drivers\se2Bcr.sys
    2007-12-25 11:22 . 2007-12-25 11:22 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Teleca
    2007-12-25 11:16 . 2007-12-25 11:16 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Sony Ericsson
    2007-12-25 11:09 . 2007-12-25 11:09 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2007-12-25 11:08 . 2007-12-25 11:08 <DIR> d
    C:\Program Files\Sony Ericsson
    2007-12-25 11:08 . 2007-12-25 11:09 <DIR> d
    C:\Program Files\Common Files\Teleca Shared
    2007-12-25 11:08 . 2007-12-25 11:09 <DIR> d
    C:\Program Files\Common Files\Sony Ericsson Shared
    2007-12-25 11:08 . 2007-12-25 11:08 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Teleca
    2007-12-25 10:30 . 2006-11-10 08:47 97,184 -ra
    C:\WINDOWS\system32\drivers\SE2Bmdm.sys
    2007-12-25 10:30 . 2006-11-10 08:46 9,360 -ra
    C:\WINDOWS\system32\drivers\SE2Bmdfl.sys
    2007-12-25 10:30 . 2006-11-10 08:46 6,240 -ra
    C:\WINDOWS\system32\drivers\SE2Bcmnt.sys
    2007-12-25 10:30 . 2006-11-10 08:46 6,240 -ra
    C:\WINDOWS\system32\drivers\SE2Bcm.sys
    2007-12-25 10:25 . 2006-11-10 08:46 61,600 -ra
    C:\WINDOWS\system32\drivers\SE2Bbus.sys
    2007-12-25 10:25 . 2006-11-10 08:47 5,872 -ra
    C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
    2007-12-25 10:25 . 2006-11-10 08:47 5,872 -ra
    C:\WINDOWS\system32\drivers\SE2Bwh.sys
    2007-12-24 14:50 . 2007-12-24 14:50 <DIR> d
    C:\Program Files\Common Files\Apple
    2007-12-24 14:50 . 2007-12-24 14:50 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-24 14:50 . 2007-10-31 14:09 30,464 --a
    C:\WINDOWS\system32\drivers\usbaapl.sys
    2007-12-24 14:44 . 2003-12-16 14:36 1,331,200
    C:\WINDOWS\UNNMP.exe
    2007-12-24 14:44 . 2004-02-16 10:02 50,060
    C:\WINDOWS\UNNMP.cfg
    2007-12-24 14:30 . 2001-07-09 10:50 155,648 -ra
    C:\WINDOWS\system32\NeroCheck.exe
    2007-12-24 14:27 . 2003-12-11 12:34 1,318,912
    C:\WINDOWS\UNNeroVision.exe
    2007-12-24 14:27 . 2004-02-16 10:02 95,839
    C:\WINDOWS\UNNeroVision.cfg
    2007-12-24 14:26 . 2007-12-24 14:26 <DIR> d
    C:\Program Files\Common Files\Ahead
    2007-12-24 14:26 . 2007-12-24 14:44 <DIR> d
    C:\Program Files\Ahead
    2007-12-24 14:26 . 2007-12-24 14:26 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Ahead
    2007-12-24 14:26 . 2001-07-06 13:41 569,344 -ra
    C:\WINDOWS\system32\imagr5.dll
    2007-12-24 14:26 . 2001-07-06 11:44 544,768 -ra
    C:\WINDOWS\system32\imagx5.dll
    2007-12-24 14:26 . 2001-07-06 17:24 283,920 -ra
    C:\WINDOWS\system32\ImagXpr5.dll
    2007-12-24 14:26 . 2001-06-26 07:15 38,912 -ra
    C:\WINDOWS\system32\picn20.dll
    2007-12-24 14:20 . 2007-07-16 18:23 101,120 --a
    C:\WINDOWS\system32\drivers\ewusbmdm.sys
    2007-12-24 14:20 . 2007-07-16 18:23 24,448 --a
    C:\WINDOWS\system32\drivers\ewdcsc.sys
    2007-12-20 09:40 . 2007-12-27 19:09 <DIR> d
    C:\Documents and Settings\sharon\Application Data\AOL
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 10:19
    d
    w C:\Program Files\The Weather Channel FW
    2008-01-16 10:19
    d
    w C:\Program Files\Common Files\Symantec Shared
    2008-01-16 10:04
    d
    w C:\Program Files\SUPERAntiSpyware
    2008-01-16 07:24
    d
    w C:\Program Files\TrojanHunter 5.0
    2008-01-16 07:03
    d
    w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-15 21:57
    d
    w C:\Program Files\Windows Live Toolbar
    2008-01-15 19:49
    d
    w C:\Documents and Settings\sharon\Application Data\ppStream
    2008-01-15 19:48
    d
    w C:\Program Files\MSN Messenger
    2008-01-15 16:32
    d
    w C:\Program Files\McAfee
    2008-01-15 12:53
    d
    w C:\Documents and Settings\sharon\Application Data\SiteAdvisor
    2008-01-14 20:14 3,292 -c--a-w C:\Documents and Settings\sharon\Application Data\wklnhst.dat
    2008-01-12 23:40
    d
    w C:\Documents and Settings\sharon\Application Data\.Torrent Swapper
    2008-01-11 20:40 230,432 ----a-w C:\StiImg.dat
    2008-01-11 15:56
    d
    w C:\Program Files\Google
    2008-01-11 12:50
    d
    w C:\Program Files\Java
    2008-01-11 12:25
    d
    w C:\Program Files\WYSIWYG Web Builder 4.0
    2008-01-08 15:51
    d
    w C:\Program Files\Common Files\Scanner
    2008-01-07 14:31
    d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-07 13:10
    d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-07 13:10
    d
    w C:\Program Files\EPSON
    2008-01-04 10:57
    d
    w C:\Program Files\btbb_wcm
    2008-01-04 10:36
    d
    w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-04 10:34
    d--h--r C:\Documents and Settings\sharon\Application Data\yahoo!
    2008-01-04 10:31
    d
    w C:\Program Files\TalkTalk
    2008-01-02 19:05
    d
    w C:\Documents and Settings\sharon\Application Data\SopCast
    2007-12-30 13:06
    d
    w C:\Program Files\SiteAdvisor
    2007-12-27 19:09
    d
    w C:\Program Files\Common Files\AOL
    2007-12-27 19:09
    d
    w C:\Documents and Settings\rebecca\Application Data\AOL
    2007-12-27 19:09
    d
    w C:\Documents and Settings\jon\Application Data\AOL
    2007-12-27 19:09
    d
    w C:\Documents and Settings\All Users\Application Data\AOL
    2007-12-27 11:48
    d
    w C:\Program Files\Common Files\McAfee
    2007-12-24 21:45
    d
    w C:\Program Files\iTunes
    2007-12-24 15:03
    d
    w C:\Program Files\iPod
    2007-12-24 14:58
    d
    w C:\Program Files\QuickTime
    2007-12-24 14:51
    d
    w C:\Program Files\Apple Software Update
    2007-12-21 18:32
    d
    w C:\Program Files\Steam
    2007-12-14 03:03
    d
    w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-12-08 17:07
    d
    w C:\Program Files\Huawei technologies
    2007-12-02 19:54
    d
    w C:\Documents and Settings\sharon\Application Data\CyberLink
    2007-12-02 11:31
    d
    w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2007-12-01 22:40
    d
    w C:\Program Files\Flight3
    2007-11-28 17:26
    d
    w C:\Documents and Settings\jon\Application Data\SiteAdvisor
    2007-11-24 11:47
    d
    w C:\Program Files\YRefresher
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-01-04 04:47 0 -c--a-w C:\Documents and Settings\jon\Application Data\wklnhst.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 06:36 68856]
    "HUAWEI 3G Data Card MTS"="C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe" [2007-08-09 09:52 335872]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 01:15 45056]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 03:24 32768]
    "SiSPower"="SiSPower.dll" [2005-07-13 09:55 49152 C:\WINDOWS\system32\SiSPower.dll]
    "SMSERIAL"="sm56hlpr.exe" [2005-06-06 09:40 544768 C:\WINDOWS\sm56hlpr.exe]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 23:43 401408]
    "AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 19:24 110592]
    "MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 21:55 425984]
    "PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe" [2006-03-30 04:50 143360]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 06:19 52840]
    "HostManager"="C:\Program Files\Common Files\AOL\1161306471\ee\AOLSoftware.exe" [2006-11-17 13:21 50736]
    "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 00:19 129536]
    "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-09-01 00:01 448040]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 08:47 31016]
    "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 05:22 57344]
    "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-11-23 01:45 1495123]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-16 21:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-04-10 18:35 36904]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 18:24 185632]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
    "D-Link AirXpert Utility"="C:\Program Files\D-Link\AirXpert Utility\AirXCFG.exe" [2003-09-19 21:42 2498560]
    "ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
    "1 mags 16 more"="C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\ref tray.exe" [2008-01-16 11:01 3885568]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-04 10:23 29744]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "DJSNetCN"="C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe" [2006-02-03 02:54 54976]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
    C:\Documents and Settings\jon\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 04:24:54]
    C:\Documents and Settings\sharon\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 04:24:54]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-10-14 00:46:17]
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 03:25:14]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-07 10:59:03]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 14:40]
    R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-18 00:14]
    R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 12:49]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 21:46]
    R3 PAC207;SoC [EMAIL="PC-Camer&#64;;C:\WINDOWS\system32\DRIVERS\pfc027.sys"]PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys[/EMAIL] [2005-02-24 19:29]
    S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\sharon\LOCALS~1\Temp\DMSKSSRh.sys []
    S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-04 10:23]
    S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-07-27 15:37]
    S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 18:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 18:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 18:07]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 18:08]
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18:06]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 18:09]
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 18:06]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 18:38]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!09c9cb66-a676-11dc-988a-0016ecb9f82d}]
    \Shell\AutoRun\command - J:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bf8-a5ae-11dc-9889-0016ecb9f82d}]
    \Shell\AutoRun\command - J:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bf9-a5ae-11dc-9889-0016ecb9f82d}]
    \Shell\AutoRun\command - J:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bfd-a5ae-11dc-9889-0016ecb9f82d}]
    \Shell\AutoRun\command - J:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!8291ef64-b211-11dc-98a6-00038a000015}]
    \Shell\AutoRun\command - J:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!8291ef65-b211-11dc-98a6-00038a000015}]
    \Shell\AutoRun\command - J:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea559742-b227-11dc-98ab-00038a000015}]
    \Shell\AutoRun\command - J:\AutoRun.exe
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-07-24 15:00:27 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2007-12-01 01:00:01 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2008-01-16 09:48:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-01-11 17:37:24 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-01-09 09:38:12 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
    - C:\Program Files\SpywareBot\SpywareBot.ex
    - C:\Program Files\SpywareBot.sharonVRuns SpywareBot to scan your computer for malicious and potenially unwanted programs.
    .
    **************************************************************************
    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-16 11:13:54
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    DLLs Loaded Under Running Processes
    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    .
    Completion time: 2008-01-16 11:15:32
    ComboFix-quarantined-files.txt 2008-01-16 11:15:24
    ComboFix2.txt 2008-01-16 10:27:38
    ComboFix3.txt 2008-01-04 11:52:49
    ComboFix4.txt 2007-07-27 13:56:06
    .
    2008-01-16 07:08:50 --- E O F ---
  • pchelpman
    pchelpman Posts: 1,275 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    As robt says ... make sure you have only ONE antivirus and ONE firewall in operation at any one time on your system.

    In my posts 2 & 4 I asked for a HJT log. Maybe I missed it but who here suggested you scan with ComboFix?

    I know you said you removed messenger plus! but the CF log seems to indicate it may still be on your machine. Check out Add/Remove Programs again to make sure it's not there and also check these locations then remove/delete any files/folders for the program .....

    C:\Program Files\Messenger Plus! Live

    C:\Documents and Settings\All Users\Application Data\Messenger Plus!

    The second one may be a hidden file. If so you will have to expose hidden files & folders before you can see it.


    Also you are using an outdated copy of CF.

    You are also using P2P file sharing which is always an invitation to malware.

    Before you do anything else see if you need to remove messenger plus, as indicated above, then post a HJT log with an update on how your machine is running now. Are you still getting the CiD pop ups?


    PCH
  • Shazza1976
    Shazza1976 Posts: 90 Forumite
    Part of the Furniture Combo Breaker
    I wasnt aware i had two antivirus's installed i pay for mcafee monthly!!
    I have uninstalled messenger live completely ..the pop up's seem to have stopped so far.
    Here's my log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:08:10 AM, on 1/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    C:\Program Files\Acer TV-FM\PCMService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\AOL\1161306471\ee\AOLSoftware.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\D-Link\AirXpert Utility\AirXCFG.exe
    C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Yahoo!\YOP\secstat.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    c:\program files\common files\aol\1161306471\ee\aolsoftware.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\IEPro\MiniDM.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterInstallMgr.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    c:\program files\common files\aol\1161306471\ee\anotify.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: IE7Pro - !!00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: &Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - !!089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - !!3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAntiPhishingBHO - !!377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: Yahoo! IE Services Button - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - !!72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - !!7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Norton Personal Firewall - !!9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: McAfee SiteAdvisor - !!0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
    O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161306471\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [D-Link AirXpert Utility] C:\Program Files\D-Link\AirXpert Utility\AirXCFG.exe
    O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\ref tray.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\sharon\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?1f87682008bf4f60bf3f0bdc32dfac89
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?1f87682008bf4f60bf3f0bdc32dfac89
    O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: IE7Pro Preferences - !!0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - !!0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: BT Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5067/mcfscan.cab
    O18 - Protocol: grooveLocalGWS - !!88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
    --
    End of file - 21009 bytes

    Thanks for all your help
  • pchelpman
    pchelpman Posts: 1,275 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    Log is looking fairly OK. Few minor things to fix.

    Before that, however, there are still McAfee and Symantec AND Panda services running on this computer.

    Reminder > make sure you have only ONE antivirus and ONE firewall in operation at any one time on your system. Disable & uninstall any programs you don't need.


     Next open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to these entries IF still present ...

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html


    O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

     Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.


     Empty your recycle bin.


     Reboot and use the computer as you would normally.

     Let us know if any more troubles appear.

     Safe surfing. :D


     PCH
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture