Vista CiD problems

Status
Not open for further replies.
T

talldude

Posts: 13   +0
Hey,

I have the same problem as the other user, I use Vista and continue to to have the problem despite many attempts to try many things.

I have attached the HJT log file in the hopes of getting some help.

I have tried nolop but I continue to get run-time error '75' even after trying different CLSIDs.

Hope someone can help.

talldude
 
Hey daniel,

thanks for your message, there seems to be a problem with attaching files because it says that the file has already been attached to this thread but it's not showing up. I've uploaded it online and it can be found at: http://www.box.net/shared/vonn5reo0s. Click preview to view the file off of the net.

thanks again
 
Run Hijackthis and and place a check next to the following items

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [mathping] "C:\ProgramData\Keep Two Two.l2ag1s" <---scan
O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\inside live burn.n0g9yh2"<---scan
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-ca.cab

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-------------------------------------------

TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.
 
Thank you Daniel,

This is what I got from the log:

Malwarebytes' Anti-Malware 1.23
Database version: 996
Windows 6.0.6000

8:21:04 PM 26/07/2008
mbam-log-7-26-2008 (20-21-04).txt

Scan type: Quick Scan
Objects scanned: 46545
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
Before the complete scan I get this error over and over:

An error occured while trying to transfer data from the internet! Do you want TMHC to try resending the required files?
 
Hey

thanks for that. I have posted the report from bit defender below:
what ever failed, I have deleted manually.

I still get those annoying CiD popups

--------

Statistics

Time 00:52:04

Files 227466

Folders 17125

Boot Sectors 4

Archives 3216

Packed Files 19397



Results

Identified Viruses 4

Infected Files 4

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 4



Engines Info

Virus Definitions 1394161

Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins 16

Archive plugins 43

Unpack plugins 7

E-mail plugins 6

System plugins 5



Scan Settings

First Action Disinfect

Second Action Delete

Heuristics Yes

Enable Warnings Yes

Scanned Extensions *;

Exclude Extensions

Scan Emails Yes

Scan Archives Yes

Scan Packed Yes

Scan Files Yes

Scan Boot Yes



Scanned File Status
C:\ProgramData\third lies itch ford\army bias.exe Infected with: Trojan.Swizzor.1

C:\ProgramData\third lies itch ford\army bias.exe Disinfection failed

C:\ProgramData\third lies itch ford\army bias.exe Deleted

C:\Users\Mun\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\538bb179-1ebce434=>OP.class
Infected with: Trojan.Exploit.Java.Byteverify.L

C:\Users\Mun\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\538bb179-1ebce434=>OP.class
Deleted

C:\Users\Mun\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\538bb179-1ebce434
Updated

C:\Users\Other\HD\AA\Documents\My Documents\My Setups\eXeem0.20.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Iebar.A

C:\Users\Other\HD\AA\Documents\My Documents\My Setups\eXeem0.20.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)=>lzma_solid_nsis0006
Deleted

C:\Users\Other\HD\AA\Documents\My Documents\My Setups\eXeem0.20.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)
Update failed

C:\Users\Other\HD\AA\Documents\My Documents\My Setups\iMeshV3.exe=>wise0016
Detected with: Adware.Myway.J

C:\Users\Other\HD\AA\Documents\My Documents\My Setups\iMeshV3.exe=>wise0016
Deleted

C:\Users\Other\HD\AA\Documents\My Documents\My Setups\iMeshV3.exe
Update failed
 
Download & Install SDFix
  • Download SDFix & save it to your Desktop.
  • Double click SDFix.exe & it will extract the file to %systemdrive%
    (Drive that contains the Windows Directory, Typically C:\SDFix)

Boot into Safe Mode
  • Restart your computer & start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

Run SDFix
  • Open the extracted SDFix folder & double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
  • Attach Report.txt back here

------------------------------------

ComboFix

  • Download ComboFix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
 
1) SDFix doesn't run on vista

2) you need to manually remove the LOP files/folders (you already deleted the entries) before moving on -> or use a program such as killbox otmoveit or fileassassin

3) @talldude -> You should now be able to attach a fresh Hijackthis log -if not go to Edit next to "My Profile" -> scroll all the way down to attachments -> remove them from there -> then you should be good to attach again.
 
Would also suggest to try downloading Norton Security Scan from the Google Pack - pack . google .com

Download the update if you see any Norton Update prompts. Run a complete system scan.

It worked for one of the recent infections I had today.

Cheers,
 
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    [b]C:\ProgramData\Keep Two Two.l2ag1s
C:\ProgramData\inside live burn.n0g9yh2 [/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
 
Hey sorry about the delay in getting back to you all. I've been away at school and not had the chance to work on the affected computer however the other person using the computer has reported back saying they are not having anymore problems with the annoying popups and that is a good thing. Thank you to xxdanielxx, Blind Dragon, catchanthony for your help.
 
Thats good to hear one last thing to do.

Uninstall ComboFix

  • Click Start then Run
  • Now Type Combofix /u in the runbox
  • Make sure there's a space between Combofix & /u
  • Then hit Enter

The above procedure will Delete the following:
  • ComboFix & it's associated files & folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide system/hidden files, if required.
  • Set a new, clean Restore Point.

------------------------------------------------------------------

OTCleanit! by Oldtimer

  • Download OTCleanIt
  • Click the CleanUp! button.
    (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

----------------------------------------

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

--------------------------------------------------

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
xxdanielxx
 
Status
Not open for further replies.

Similar threads

B
Help with PUBG Mobile Pc
Replies
0
Views
435
basitdogar
B
IkariQuit
How to Enable XMP InsydeH20 Bios for Ram Upgrade
Replies
0
Views
463
IkariQuit
IkariQuit
Cal Jeffrey
Larian is walking away from Baldur's Gate 3, no DLC, no expansions, no sequel
2
Replies
25
Views
592
lonetac
L

Latest posts

Back