TechSpot

CiD Popups

By miken68
Mar 28, 2007
  1. God, seems like everyone has had these problems. I ran "nolop" and fixed the only infection it found. Here's my Hijackthis log any help would be much appreciated!!
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello mike and welcome to TechSpot. :wave:

    Please Download NoLop to your desktop from one of the links below...
    http://www.spywareedge.net/nolop/NoLop.exe
    http://www.thespykiller.co.uk/forum/...pmod;dl=item16

    First close any other programs you have running as this will require a reboot
    Double click NoLop.exe to run it
    Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    When scanning is finished you will be prompted to reboot only if infected, Click OK
    Now click the "REBOOT" Button.
    A Message should popup from NoLop.
    If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HJT log

    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

    Now go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. miken68

    miken68 TS Rookie Topic Starter

    Ummm....I already did. But here are the log files
     
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    OK, no problem. Go into Add/Remove Programs on your Control Panel and remove anything having to do with Viewpoint.

    In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

    Delete the following bold files/folders (if there):

    C:\Program Files\Viewpoint <--delete the entire folder

    C:\Documents and Settings\All Users\Application Data\Window Gpl Wave Bait

    C:\Documents and Settings\All Users\Application Data\Viewpoint

    C:\Documents and Settings\Mike\Application Data\Ballaboutmix

    Now rehide your protected files and attach a new NoLop log, along with fresh HijackThis, AVG Antispyware, and ComboFix logs.

    Regards :)

    This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  5. miken68

    miken68 TS Rookie Topic Starter

    Yeah I found two of those last night. But looks good so far no popups!!
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Mpeg soap.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [Wave Bait Fork Mfcd] C:\Documents and Settings\All Users\Application Data\Window gpl wave bait\Mpeg soap.exe

    O18 - Filter hijack: text/html - (no CLSID) - (no file)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Documents and Settings\All Users\Application Data\Window gpl wave bait<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :wave: :wave:

    This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. miken68

    miken68 TS Rookie Topic Starter

    Already deleted all quarantined files, sorry posted an earlier log.

    Deleted the first two infected files on HiJackThis

    This file keeps coming back everytime I rescan:
    O18 - Filter hijack: text/html - (no CLSID) - (no file)

    Everything else is good
    Here is an updated log file
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Post a HJT log from normal mode please.

    Regards Howard :)

    This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. miken68

    miken68 TS Rookie Topic Starter

    sorry bout that, here ya go
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Download the Cwshredder programme.

    Launch the executable, accept the agreement, and then click "Check for Update"
    Download and install any updates.
    Now, close any open windows except for CWShredder and then click "Fix ->"

    You'll see three lines starting with "Restoring" to let you know the scan is finished (It should take about a minute to run), then click "Next ->"

    Please reboot the computer.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O18 - Filter hijack: text/html - (no CLSID) - (no file)

    Click on the fix checked button.

    Close HJT and reboot your system again.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of miken68 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...