My Internet Explorer is infected with CiD malware, help?

[economichitman]

Dear friends from the support team,

I hope you don't mind me pasting the log files here on the thread as I do not know how to save them in log. files or txt. Not very literate on IT. Anyway, I keep on having the CiD popups which is well annoying me. Please help me to eradicate this malicious malware/spyware/virus/rootkits! Your help will be very much appreciated.

Thank you.

EconomicHitman.

 

[kimsland]

Read: How to post your Hijackthis log-file as an ATTACHMENT
Just follow on for the others

Attach your logs using the paperclip button on the new reply toolbar =>

More info here: https://www.techspot.com/vb/post733954-4.html

Edit:

I am also attaching >> another pic (you can never have too many )

 

[economichitman]

Log files from SUPERAntiSpyware Scan Log

The results obtained from SUPERAntiSpyware Scan Log:
http://www.superantispyware.com

Generated 11/09/2009 at 01:18 PM

Application Version : 4.29.1004

Core Rules Database Version : 4248
Trace Rules Database Version: 2138

Scan type : Complete Scan
Total Scan Time : 00:38:11

Memory items scanned : 765
Memory threats detected : 0
Registry items scanned : 7798
Registry threats detected : 5
File items scanned : 27501
File threats detected : 2

Rogue.Component/Trace
HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187\Options
HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187\Options#Aff
HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187\Options#AdvancedScanType
HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187\Options#FirstRunUrl
HKU\S-1-5-21-585049406-2198718168-11980626-1000\Software\55241709732415499760530780708187

Adware.Tracking Cookie
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@ad.yieldmanager[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\user@collective-media[1].txt

 

[economichitman]

Thanks kimsland, will see to it. Cheers!

 

[economichitman]

Dear support team,

Please look into my logs and tell me what is my problem and how do I eradicate my problem with the CiD popups!

Thank you very much!

Cheers!

 

[kimsland]

Your long Malwarebytes scan (4+hrs) only needed to be run as a quick scan in Normal mode
Quick scan lasts for about ~ ... 10mins ! Oh well, at least you were thorough
Note: The 8-Step guide also states "Quick Scan" (But what's done is done)

You have Ad-Aware installed, if this is the free version (likely yes) please uninstall it
You have some old entries referring to Symantec (Norton) Please run the >> Norton Removal Tool

You have AVG8 installed. But, AVG is up to Ver9 now (actually for some time)
Here's my take on that (Note you can just update to AVG9, but the following is what I'd do...)
Uninstall AVG8 through Add/Remove Programs
Run the >> AVG Remover (this is a must)
Restart

Download >> Free Avira Antivirus
Install it, and then update it (Note: The first update is always slow, as per every application in the world. You just need to wait)
Then once updated, run a full scan

Provide the Avira log report as an >>

Attachment to your next reply
Also, (before replying) run CCleaner again
Plus, run the Registry clean in CCleaner (I usually run it 3 times in a row, fixing all issues - without backup)
Then Restart (restart is required)

Then do a Scan Only with HJT, and also provide that log as an >>

Attachment to your next reply
Well, it will be one reply with two attachments I would also like to know how its now performing

 

[economichitman]

Ah yes, I thought I ought to have it thoroughly scanned =) Paranoid. Anyway, what's done is done.

Hmm.. you say to have my AVG removed. My AVG is the paid full version though. Do I really have to uninstall this and remove it from the system? Is Avira more adequate?

 

[kimsland]

Sorry

Keep your paid version, forget free Avira

 

[economichitman]

Sorry I'm not questioning your ability to help me fix my problems. It was an honest question because if Avira is better I will do as instructed. Please share your thoughts.

 

[kimsland]

Oh, sorry I've got my mind on other things, and then I eventually check my emails and go, oh I better reply quickly Just seems to be taking 10mins though

Anyway, look at it this way, I'd lose AVG even if I payed for it !
BUT, I'm not really suppose to say that. Really you should keep your paid version of AVG, because:

• You paid for it
• The paid version actually does more than free Avira, regarding protection
• Support should not tell you to remove your paid AVG Antivirus, which is world respected

So please keep it

 

[economichitman]

So what do I do now? Proceed with the previous stated instructions by you and re-attach the log files over the thread?

 

[kimsland]

Had you run a full updated Antivirus scan as yet?

Also have a look at importing a better Hosts file: http://www.mvps.org/winhelp2002/hosts.htm
Sorry to be brief, I cannot get my mind set on this. If others want to reply and help that will be ideal

 

[kritius]

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


DDS by sUBs
Please download DDS by sUBs from HERE or HERE and save it to your Desktop.

Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

• Double click on dds to run it.
• When done, DDS.txt will open.
• You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
• When done, Attach.txt will open.
• Please copy and paste the contents of DDS.txt and attach Attach.txt in your next reply.

 

[economichitman]

To kimsland: Yes I did a full AVG AntiVirus scan yesterday. Shall post the log you reference. Have yet to do a full scan again today. Will post up a new log later when done.

To krisius: Yes I shall see to that right now. FYI I did the 8 steps today but I will follow your instruction again just so I want my system thoroughly cleaned!

Thank you guys!

 

[kritius]

Don't bother with the 8 steps, just do Lop S&D and DDS

 

[economichitman]

This is the contents of DDS.txt & attached is the Attach.txt.

DDS (Ver_09-10-26.01) - NTFSx86
Run by User at 23:01:50.26 on Mon 09/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1534.310 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\ACEngSvr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\ifxspmgt.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Downloads\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=8j53eld3657vp
uDefault_Page_URL = hxxp://www.asus.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

[economichitman]

continued log file from earlier post.

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\qpb6hqk0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?nm=1
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-4 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-7 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-4 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-4 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-4 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-4 297752]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-23 309008]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-12 21504]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]

=============== Created Last 30 ================

2009-11-09 14:53:17 0 d-----w- C:\Lop SD
2009-11-09 10:25:11 0 d-----w- c:\program files\Trend Micro
2009-11-09 05:59:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 04:31:43 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-09 04:28:28 0 d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2009-11-09 04:28:28 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-09 04:27:31 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-07 15:09:55 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
2009-11-07 15:09:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 15:09:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 15:09:49 0 d-----w- c:\programdata\Malwarebytes
2009-11-07 15:09:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 06:10:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-07 06:10:38 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-07 05:46:02 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-07 05:45:30 0 d-----w- c:\programdata\Lavasoft
2009-11-07 05:45:30 0 d-----w- c:\program files\Lavasoft
2009-11-07 05:30:40 38 ----a-w- c:\windows\avisplitter.ini
2009-11-07 05:30:40 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-07 05:30:39 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-07 05:30:39 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-11-07 05:30:39 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-11-07 05:30:39 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-07 05:30:37 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-07 05:30:37 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-11-07 05:30:35 0 d-----w- c:\program files\K-Lite Codec Pack
2009-11-05 17:53:36 0 d-----w- c:\programdata\Name 2 second
2009-11-05 17:52:53 0 d-----w- c:\program files\Cicle Developement
2009-11-04 13:38:42 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-04 13:38:05 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-04 13:37:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-04 13:37:45 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-03 16:12:18 0 d-----w- c:\program files\iPod
2009-11-03 16:12:14 0 d-----w- c:\program files\iTunes
2009-11-03 08:15:50 0 d-----w- c:\program files\Windows Portable Devices
2009-11-03 08:15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-03 08:15:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-03 08:11:03 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-03 08:11:03 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-03 08:11:03 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-03 08:09:35 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-03 08:09:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-03 08:09:35 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-03 08:07:33 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-03 08:07:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-03 07:40:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-15 01:56:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-15 01:56:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-14 06:20:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 06:20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 06:20:00 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-11 18:21:24 0 d-----w- c:\users\user\Office Genuine Advantage

 

[economichitman]

the last part of the log.

==================== Find3M ====================

2009-11-09 05:24:37 45056 ----a-w- c:\windows\system32\acovcnt.exe
2009-11-03 08:15:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 08:15:33 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-03 08:15:32 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 08:15:31 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-02 12:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-17 16:43:27 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-14 09:29:50 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-14 08:58:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 08:34:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 01:55:19 25070 ----a-w- c:\users\user\appdata\roaming\nvModes.dat
2009-08-28 11:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-20 16:13:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 17:55:06 174 --sha-w- c:\program files\desktop.ini
2009-08-16 14:48:39 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-08-16 14:48:28 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:03:49.21 ===============

 

[kritius]

Uninstall this,

Messenger Plus! Live & Sponsor (CiD)

Lop S&D go ok?

 

[economichitman]

Lop S&D went ok.

So I uninstall MSN Messenger Plus eh? I figured something is wrong because when I log on to my hotmail recently, my MSN app will automatically be activated and be running.

 

[kritius]

Yes uninstall it.

Have you had more pop ups?

 

[economichitman]

Oh right! Why didn't I see that!? How could I missed that? =)

Messenger Plus! Live & Sponsor (CiD) ---> DELETED! Done Deal!

Thanks man! Will plug offline soon and let the programs run and scan while I sleep! Will update on my laptop's performances. Thank you for the help guys!

 

[economichitman]

Kritius, I have uninstalled it and deleted the program. Will download a new one. Now please enlighten me, is the tracking worm/malware from Messenger Plus or was it from an outsider application that was hiding there? What I want to know is that how did it get there? Through MSN contact's malwares when they sent through in message windows or was it from my accidental clicks on pop-ups when surfing the net? Or did I get it from downloading something from the web?

Just so I know how to avoid it in the future. So is it safe for me to download a new MSN messenger? I usually get it from www.filehippo.com

Btw, do you happen to know why Mozilla Firefox is not running or operationg as efficient as before? I used to surf on Mozilla but since it worked up on me, I have been using IE8. I haven't had problem as such when I used Mozilla.

 

[kritius]

I would use something more secure like

Trillian or Pidgin.

 

[economichitman]

AVG log file, please scrutinize.

Hi guys, after deleting --> Messenger Plus! Live & Sponsor (CiD) as instructed by kristius. Before I sleep last night, I did another AVG AntiVirus scan just to make sure. The attached file is the log file, could some one scrutinize it for me. So far, there is no pop-ups. But is it because I caught it from MSN or what?