Vista CiD problems

By talldude
Jul 26, 2008
  1. Hey,

    I have the same problem as the other user, I use Vista and continue to to have the problem despite many attempts to try many things.

    I have attached the HJT log file in the hopes of getting some help.

    I have tried nolop but I continue to get run-time error '75' even after trying different CLSIDs.

    Hope someone can help.

  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    I do not see your hijackthis log
  3. talldude

    talldude TS Rookie Topic Starter

    log attached

  4. talldude

    talldude TS Rookie Topic Starter

  5. talldude

    talldude TS Rookie Topic Starter

  6. talldude

    talldude TS Rookie Topic Starter

    Hey daniel,

    thanks for your message, there seems to be a problem with attaching files because it says that the file has already been attached to this thread but it's not showing up. I've uploaded it online and it can be found at: Click preview to view the file off of the net.

    thanks again
  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    when you ran hijakthis, since you have vista did you right click and select run as administrator
  8. talldude

    talldude TS Rookie Topic Starter

    I just did and it's now on the same link as before
  9. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Run Hijackthis and and place a check next to the following items

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKCU\..\Run: [mathping] "C:\ProgramData\Keep Two Two.l2ag1s" <---scan
    O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\inside live burn.n0g9yh2"<---scan
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    TrendMicro™ HouseCall Java Scan
    • Please go HERE to run the Trend Micro™ HouseCall Scan.
    • Click Scan now. It's free!
    • Read and put a Check next to Yes I accept the terms of use.
    • Click the Launching HouseCall>> button.
    • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
    • You may receive a Security Warning about the TrendMicro Java applet, click YES.
    • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
    • Please be patient while it installs, updates, and scans your system.
    • Once the scan is complete, it will take you to the summary page.
    • Under Cleanup options, choose clean all detected infections automatically.
    • Click the Clean now>> button.
    • If anything was found you may be prompted to run the scan again, you can just close the browser window.
  10. talldude

    talldude TS Rookie Topic Starter

    Thank you Daniel,

    This is what I got from the log:

    Malwarebytes' Anti-Malware 1.23
    Database version: 996
    Windows 6.0.6000

    8:21:04 PM 26/07/2008
    mbam-log-7-26-2008 (20-21-04).txt

    Scan type: Quick Scan
    Objects scanned: 46545
    Time elapsed: 5 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  11. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Did you run the full scan
  12. talldude

    talldude TS Rookie Topic Starter

    The quick scan as you posted.
  13. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    No yes but what I meant was TrendMicro
  14. talldude

    talldude TS Rookie Topic Starter

    Before the complete scan I get this error over and over:

    An error occured while trying to transfer data from the internet! Do you want TMHC to try resending the required files?
  15. talldude

    talldude TS Rookie Topic Starter

    ok I just tried it again and it comes up with no problems or threats
  16. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

  17. talldude

    talldude TS Rookie Topic Starter


    thanks for that. I have posted the report from bit defender below:
    what ever failed, I have deleted manually.

    I still get those annoying CiD popups



    Time 00:52:04

    Files 227466

    Folders 17125

    Boot Sectors 4

    Archives 3216

    Packed Files 19397


    Identified Viruses 4

    Infected Files 4

    Suspect Files 0

    Warnings 0

    Disinfected 0

    Deleted Files 4

    Engines Info

    Virus Definitions 1394161

    Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins 16

    Archive plugins 43

    Unpack plugins 7

    E-mail plugins 6

    System plugins 5

    Scan Settings

    First Action Disinfect

    Second Action Delete

    Heuristics Yes

    Enable Warnings Yes

    Scanned Extensions *;

    Exclude Extensions

    Scan Emails Yes

    Scan Archives Yes

    Scan Packed Yes

    Scan Files Yes

    Scan Boot Yes

    Scanned File Status
    C:\ProgramData\third lies itch ford\army bias.exe Infected with: Trojan.Swizzor.1

    C:\ProgramData\third lies itch ford\army bias.exe Disinfection failed

    C:\ProgramData\third lies itch ford\army bias.exe Deleted

    Infected with: Trojan.Exploit.Java.Byteverify.L



    C:\Users\Other\HD\AA\Documents\My Documents\My Setups\eXeem0.20.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)=>lzma_solid_nsis0006
    Detected with: Adware.Iebar.A

    C:\Users\Other\HD\AA\Documents\My Documents\My Setups\eXeem0.20.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)=>lzma_solid_nsis0006

    C:\Users\Other\HD\AA\Documents\My Documents\My Setups\eXeem0.20.exe=>(Instyler o)=>(Instyler Module 75)=>(NSIS o)
    Update failed

    C:\Users\Other\HD\AA\Documents\My Documents\My Setups\iMeshV3.exe=>wise0016
    Detected with: Adware.Myway.J

    C:\Users\Other\HD\AA\Documents\My Documents\My Setups\iMeshV3.exe=>wise0016

    C:\Users\Other\HD\AA\Documents\My Documents\My Setups\iMeshV3.exe
    Update failed
  18. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Download & Install SDFix
    • Download SDFix & save it to your Desktop.
    • Double click SDFix.exe & it will extract the file to %systemdrive%
      (Drive that contains the Windows Directory, Typically C:\SDFix)

    Boot into Safe Mode
    • Restart your computer & start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

    Run SDFix
    • Open the extracted SDFix folder & double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
    • Attach Report.txt back here



    • Download ComboFix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
  19. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    1) SDFix doesn't run on vista

    2) you need to manually remove the LOP files/folders (you already deleted the entries) before moving on -> or use a program such as killbox otmoveit or fileassassin

    3) @talldude -> You should now be able to attach a fresh Hijackthis log -if not go to Edit next to "My Profile" -> scroll all the way down to attachments -> remove them from there -> then you should be good to attach again.
  20. catchanthony

    catchanthony TS Rookie

    Would also suggest to try downloading Norton Security Scan from the Google Pack - pack . google .com

    Download the update if you see any Norton Update prompts. Run a complete system scan.

    It worked for one of the recent infections I had today.

  21. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      [b]C:\ProgramData\Keep Two Two.l2ag1s
      C:\ProgramData\inside live burn.n0g9yh2 [/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  22. talldude

    talldude TS Rookie Topic Starter

    Hey sorry about the delay in getting back to you all. I've been away at school and not had the chance to work on the affected computer however the other person using the computer has reported back saying they are not having anymore problems with the annoying popups and that is a good thing. Thank you to xxdanielxx, Blind Dragon, catchanthony for your help.
  23. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Thats good to hear one last thing to do.

    Uninstall ComboFix

    • Click Start then Run
    • Now Type Combofix /u in the runbox
    • Make sure there's a space between Combofix & /u
    • Then hit Enter

    The above procedure will Delete the following:
    • ComboFix & it's associated files & folders.
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide system/hidden files, if required.
    • Set a new, clean Restore Point.


    OTCleanit! by Oldtimer

    • Download OTCleanIt
    • Click the CleanUp! button.
      (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot


    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)


    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type


    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
    5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...