Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PopUps Help Please


  • Please log in to reply
9 replies to this topic

#1 dog54321

dog54321

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 15 March 2009 - 06:22 AM

Alot of CiD Ads.. can you help remove these pop ups thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:18 PM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\New Folder\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
C:\Documents and Settings\1\Desktop\Khoi Folder\Fixing Virus\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HFFSRV] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [book knob dvd plus] C:\Documents and Settings\All Users\Application Data\keep build book knob\hold road.exe
O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Application Data\Mail For File Wave\clock info.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [scr readme] C:\DOCUME~1\1\APPLIC~1\FLAPDA~1\One Store.exe
O4 - HKCU\..\Run: [Steam] "c:\new folder\steam.exe" -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9caf2552e25d4e5e922457707c766ed8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9caf2552e25d4e5e922457707c766ed8
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.facebook.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - Unknown owner - G:\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 15178 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:53 AM

Posted 15 March 2009 - 09:14 AM

Hello dog54321,

Posted Image

Please go to Add/Remove Programs and remove/uninstall the following, if present:

CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media
BitRoll
Bitgrabber
Netpumper


In case, during uninstall, when it asks for the uninstall verification, please enter the numbers that will appear in the window

Then reboot. Important!

After reboot,

* Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop.
Post the contents of the logfile in your next reply together with a new Hijackthis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 16 March 2009 - 12:59 AM

Couldn't find those files in add or remove. Heres the log

--------------------------------------------------------
Backups created in C:\deljob

A4760CFD9185B879.job
--------------------------------------------------------
Files in Windows Tasks folder

AppleSoftwareUpdate.job
CAAntiSpywareScan_Daily as 1 at 7 25 PM.job
Check Updates for Windows Live Toolbar.job
RegCure Program Check.job
RegCure.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is C4CD-30F4

Directory of C:\Documents and Settings\1\Application Data

02/18/2009 09:30 PM <DIR> .
02/18/2009 09:30 PM <DIR> ..
07/16/2008 02:27 PM <DIR> Adobe
10/07/2007 02:00 PM <DIR> Ahead
02/10/2009 09:05 PM <DIR> APPLEC~1 Apple Computer
12/03/2008 07:43 PM <DIR> AVS4YOU
02/14/2008 09:53 PM <DIR> DataCast
11/18/2007 07:23 PM <DIR> DivX
03/27/2008 08:17 PM <DIR> DOWNLO~1 Download Manager
02/01/2009 07:12 AM <DIR> dvdcss
02/14/2009 03:35 PM <DIR> FLAPDA~1 Flap Dart Dale
11/15/2008 11:53 AM <DIR> Google
07/01/2008 08:40 AM <DIR> gtk-2.0
09/02/2007 01:31 PM <DIR> Help
08/30/2007 04:31 PM <DIR> IDENTI~1 Identities
02/14/2008 09:33 PM <DIR> INSTAL~1 InstallShield
11/06/2007 09:12 PM <DIR> Lavasoft
01/09/2009 02:09 PM <DIR> LEADER~1 Leadertech
03/11/2009 10:07 PM <DIR> LimeWire
01/09/2009 02:09 PM <DIR> Logitech
06/23/2008 09:29 PM <DIR> MACROM~1 Macromedia
07/20/2008 10:24 AM <DIR> MALWAR~1 Malwarebytes
02/02/2008 12:45 PM <DIR> MEDIAP~1 Media Player Classic
03/06/2009 04:37 PM <DIR> MICROS~1 Microsoft
01/11/2008 07:12 AM <DIR> Mozilla
09/02/2007 08:08 PM <DIR> MSNINS~1 MSNInstaller
09/10/2007 08:24 AM <DIR> Nexon
08/09/2008 05:41 PM <DIR> NOKIAM~1 Nokia Multimedia Player
09/14/2007 04:40 PM <DIR> PCSUIT~1 PC Suite
11/25/2007 09:21 PM <DIR> PRINTE~1 Printer Info Cache
01/11/2008 07:12 AM <DIR> Real
07/26/2008 11:42 AM <DIR> RSG
09/19/2007 06:49 PM <DIR> SONYER~1 Sony Ericsson
10/04/2007 04:30 PM <DIR> Sun
11/07/2007 03:30 PM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
01/11/2008 07:14 AM <DIR> Talkback
09/19/2007 06:49 PM <DIR> Teleca
09/21/2008 01:09 PM <DIR> U3
01/31/2009 04:22 PM <DIR> Ventrilo
08/31/2007 06:27 PM <DIR> vlc
03/10/2008 09:49 AM <DIR> WinRAR
02/18/2009 09:30 PM <DIR> Yahoo!
0 File(s) 0 bytes
42 Dir(s) 132,629,651,456 bytes free
Volume in drive C has no label.
Volume Serial Number is C4CD-30F4

Directory of C:\Documents and Settings\All Users\Application Data

03/16/2009 04:01 PM <DIR> .
03/16/2009 04:01 PM <DIR> ..
10/15/2008 10:20 PM <DIR> Adobe
09/27/2007 09:56 AM <DIR> Ahead
01/27/2008 11:43 AM <DIR> Apple
01/27/2008 11:44 AM <DIR> APPLEC~1 Apple Computer
04/14/2008 11:00 AM <DIR> Avg7
12/03/2008 07:43 PM <DIR> AVS4YOU
06/14/2008 03:28 PM <DIR> CA
09/14/2008 04:55 PM <DIR> DOWNLO~1 Downloaded Installations
07/16/2008 02:10 PM <DIR> FLEXnet
09/09/2008 05:36 PM <DIR> Google
02/14/2009 03:35 PM <DIR> KEEPBU~1 keep build book knob
03/28/2008 08:50 AM <DIR> kfoxwngp
08/31/2007 05:00 PM <DIR> LIGHTS~1 LightScribe
01/09/2009 02:01 PM <DIR> LogiShrd
01/09/2009 02:02 PM <DIR> Logitech
02/15/2009 03:30 PM <DIR> MAILFO~1 Mail For File Wave
07/20/2008 10:24 AM <DIR> MALWAR~1 Malwarebytes
09/14/2008 06:42 PM <DIR> McAfee
04/25/2008 01:44 PM <DIR> MESSEN~1 Messenger Plus!
03/06/2009 07:02 AM <DIR> MICROS~1 Microsoft
01/11/2008 07:11 AM <DIR> Mozilla
08/30/2007 05:02 PM <DIR> Nero
07/11/2008 02:39 PM <DIR> NexonUS
10/15/2008 10:11 PM <DIR> NOS
03/10/2009 04:08 PM <DIR> OFFICE~1 Office Genuine Advantage
09/14/2007 04:29 PM <DIR> PCSUIT~1 PC Suite
03/27/2008 08:31 PM <DIR> PI3DEM~1 pI3demoLicense
11/14/2008 08:48 PM <DIR> PMBFIL~1 PMB Files
08/30/2007 04:45 PM <DIR> Real
09/19/2007 06:46 PM <DIR> SONYER~1 Sony Ericsson
09/12/2008 07:31 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
11/06/2007 02:58 PM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
11/07/2007 03:33 PM <DIR> Symantec
09/19/2007 06:46 PM <DIR> Teleca
02/18/2009 09:18 PM <DIR> TEMP
02/16/2008 12:12 AM <DIR> WINDOW~2 Windows Genuine Advantage
08/30/2007 07:59 PM <DIR> WINDOW~1 Windows Live Toolbar
12/15/2008 09:35 PM <DIR> WLINST~1 WLInstaller
03/27/2008 08:31 PM <DIR> WONDER~1 wondertouch
09/09/2007 01:02 PM <DIR> Yahoo!
02/18/2009 09:35 PM <DIR> YAHOO!~1 Yahoo! Companion
02/09/2009 06:43 PM <DIR> {3276B~1 {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
0 File(s) 0 bytes
44 Dir(s) 132,629,647,360 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
1
Administrator
All Users
trinh
Vivian
--------------------------------------------------------

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:53 AM

Posted 16 March 2009 - 04:17 PM

No, probably not. I see Messenger Plus! installed, and that's the likely culprit. Before we start ripping things out manually, I'd like to try the simple way. Uninstall Messenger Plus! and reinstall without the sponsors (CiD). Reboot afterward and run Deljob again. If the problem is still there we'll go after the folders. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 17 March 2009 - 01:03 AM

how do i remove it?

#6 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 17 March 2009 - 01:09 AM

EDIT: this is like the 2nd time i got popups why would it be messenger plus now, i kinda dont wana install it because my brother wil get angry at me.

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:53 AM

Posted 17 March 2009 - 04:30 AM

You can reinstall it, but without the sponsors. Messenger Plus! is purposely bundled with the LOP infection by it's creator so he and these other idiots can make their money. :) There is an option to install Plus! without the garbage, but most people don't pay attention and miss it. The only way to do this easily is to uninstall it first, then reinstall it. :thumbup2: If you haven't found it yet, remove it via Add/Remove Programs, then reboot and see if the popups are gone.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 18 March 2009 - 04:03 PM

popups still occuring

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:53 AM

Posted 18 March 2009 - 06:00 PM

Hello there,

Okay, if you'll run deljob.exe once more to make sure the names haven't morphed, and post the report, we'll delete them manually. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 dog54321

dog54321
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 19 March 2009 - 12:28 AM

--------------------------------------------------------
Backups created in C:\deljob

A4760CFD9185B879.job
--------------------------------------------------------
Files in Windows Tasks folder

AppleSoftwareUpdate.job
CAAntiSpywareScan_Daily as 1 at 7 25 PM.job
Check Updates for Windows Live Toolbar.job
RegCure Program Check.job
RegCure.job
--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is C4CD-30F4

Directory of C:\Documents and Settings\1\Application Data

03/18/2009 07:42 AM <DIR> .
03/18/2009 07:42 AM <DIR> ..
07/16/2008 02:27 PM <DIR> Adobe
10/07/2007 02:00 PM <DIR> Ahead
02/10/2009 09:05 PM <DIR> APPLEC~1 Apple Computer
12/03/2008 07:43 PM <DIR> AVS4YOU
02/14/2008 09:53 PM <DIR> DataCast
11/18/2007 07:23 PM <DIR> DivX
03/27/2008 08:17 PM <DIR> DOWNLO~1 Download Manager
02/01/2009 07:12 AM <DIR> dvdcss
11/15/2008 11:53 AM <DIR> Google
07/01/2008 08:40 AM <DIR> gtk-2.0
09/02/2007 01:31 PM <DIR> Help
08/30/2007 04:31 PM <DIR> IDENTI~1 Identities
02/14/2008 09:33 PM <DIR> INSTAL~1 InstallShield
11/06/2007 09:12 PM <DIR> Lavasoft
01/09/2009 02:09 PM <DIR> LEADER~1 Leadertech
03/18/2009 10:02 PM <DIR> LimeWire
01/09/2009 02:09 PM <DIR> Logitech
06/23/2008 09:29 PM <DIR> MACROM~1 Macromedia
07/20/2008 10:24 AM <DIR> MALWAR~1 Malwarebytes
02/02/2008 12:45 PM <DIR> MEDIAP~1 Media Player Classic
03/06/2009 04:37 PM <DIR> MICROS~1 Microsoft
01/11/2008 07:12 AM <DIR> Mozilla
09/02/2007 08:08 PM <DIR> MSNINS~1 MSNInstaller
09/10/2007 08:24 AM <DIR> Nexon
08/09/2008 05:41 PM <DIR> NOKIAM~1 Nokia Multimedia Player
09/14/2007 04:40 PM <DIR> PCSUIT~1 PC Suite
11/25/2007 09:21 PM <DIR> PRINTE~1 Printer Info Cache
01/11/2008 07:12 AM <DIR> Real
07/26/2008 11:42 AM <DIR> RSG
09/19/2007 06:49 PM <DIR> SONYER~1 Sony Ericsson
10/04/2007 04:30 PM <DIR> Sun
11/07/2007 03:30 PM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
01/11/2008 07:14 AM <DIR> Talkback
09/19/2007 06:49 PM <DIR> Teleca
09/21/2008 01:09 PM <DIR> U3
01/31/2009 04:22 PM <DIR> Ventrilo
08/31/2007 06:27 PM <DIR> vlc
03/10/2008 09:49 AM <DIR> WinRAR
02/18/2009 09:30 PM <DIR> Yahoo!
0 File(s) 0 bytes
41 Dir(s) 131,944,738,816 bytes free
Volume in drive C has no label.
Volume Serial Number is C4CD-30F4

Directory of C:\Documents and Settings\All Users\Application Data

03/19/2009 03:44 PM <DIR> .
03/19/2009 03:44 PM <DIR> ..
10/15/2008 10:20 PM <DIR> Adobe
09/27/2007 09:56 AM <DIR> Ahead
01/27/2008 11:43 AM <DIR> Apple
01/27/2008 11:44 AM <DIR> APPLEC~1 Apple Computer
04/14/2008 11:00 AM <DIR> Avg7
12/03/2008 07:43 PM <DIR> AVS4YOU
06/14/2008 03:28 PM <DIR> CA
09/14/2008 04:55 PM <DIR> DOWNLO~1 Downloaded Installations
07/16/2008 02:10 PM <DIR> FLEXnet
09/09/2008 05:36 PM <DIR> Google
03/18/2009 07:42 AM <DIR> KEEPBU~1 keep build book knob
03/28/2008 08:50 AM <DIR> kfoxwngp
08/31/2007 05:00 PM <DIR> LIGHTS~1 LightScribe
01/09/2009 02:01 PM <DIR> LogiShrd
01/09/2009 02:02 PM <DIR> Logitech
02/15/2009 03:30 PM <DIR> MAILFO~1 Mail For File Wave
07/20/2008 10:24 AM <DIR> MALWAR~1 Malwarebytes
09/14/2008 06:42 PM <DIR> McAfee
04/25/2008 01:44 PM <DIR> MESSEN~1 Messenger Plus!
03/06/2009 07:02 AM <DIR> MICROS~1 Microsoft
01/11/2008 07:11 AM <DIR> Mozilla
08/30/2007 05:02 PM <DIR> Nero
07/11/2008 02:39 PM <DIR> NexonUS
10/15/2008 10:11 PM <DIR> NOS
03/10/2009 04:08 PM <DIR> OFFICE~1 Office Genuine Advantage
09/14/2007 04:29 PM <DIR> PCSUIT~1 PC Suite
03/27/2008 08:31 PM <DIR> PI3DEM~1 pI3demoLicense
11/14/2008 08:48 PM <DIR> PMBFIL~1 PMB Files
08/30/2007 04:45 PM <DIR> Real
09/19/2007 06:46 PM <DIR> SONYER~1 Sony Ericsson
09/12/2008 07:31 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
11/06/2007 02:58 PM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
11/07/2007 03:33 PM <DIR> Symantec
09/19/2007 06:46 PM <DIR> Teleca
02/18/2009 09:18 PM <DIR> TEMP
02/16/2008 12:12 AM <DIR> WINDOW~2 Windows Genuine Advantage
08/30/2007 07:59 PM <DIR> WINDOW~1 Windows Live Toolbar
12/15/2008 09:35 PM <DIR> WLINST~1 WLInstaller
03/27/2008 08:31 PM <DIR> WONDER~1 wondertouch
09/09/2007 01:02 PM <DIR> Yahoo!
02/18/2009 09:35 PM <DIR> YAHOO!~1 Yahoo! Companion
02/09/2009 06:43 PM <DIR> {3276B~1 {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
0 File(s) 0 bytes
44 Dir(s) 131,944,734,720 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
1
Administrator
All Users
trinh
Vivian
--------------------------------------------------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users