• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

CiD popups are taking over w/ HJT log

4 posts in this topic

hello all. I am a noob. I need help, BADLY.

OS winXP home with SP2

i have used CCleaner, AdAware, Spybot, trojanhunter and ad terminator in regular boot up and safe mode.

I had bitdownload installed and "think" i removed all of it. I found "CiD Help" but got an error when i tried to remove it from the program list, so windows removed it from the program list. if it is gone or not i do not know.


PLEASE HELP me regain control!


Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:58:41 PM, on 5/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal


Running processes:










C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe





C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe



C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\program files\ism2 tool\ism2.exe

C:\Program Files\Woot Agent\WootAgent.exe

C:\Program Files\LogMeIn\LogMeInSystray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\TrojanHunter 4.6\THGuard.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\BitTorrent\bittorrent.exe


C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Juan.JP-KQ0C05GD3R4W\Desktop\Homer\Homer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE




C:\Program Files\LogMeIn\RaMaint.exe

C:\Program Files\LogMeIn\LogMeIn.exe

c:\program files\mcafee.com\agent\mcdetect.exe



C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe





C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\Documents and Settings\Juan.JP-KQ0C05GD3R4W\Desktop\pop up tools\HiJackThis_v2.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--420268662.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--420268662.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [iSM] c:\program files\ism2 tool\ism2.exe sys_auto_run C:\Program Files\ISM2 Tool

O4 - HKLM\..\Run: [WootAgent] C:\Program Files\Woot Agent\WootAgent.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inside Plus Vc Dvd] C:\Documents and Settings\All Users.WINDOWS\Application Data\LITE MORE INSIDE PLUS\DASH HECK.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Shortcut to Homer.lnk = C:\Documents and Settings\Juan.JP-KQ0C05GD3R4W\Desktop\Homer\Homer.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ne&gs + Neutrals - file://c:\negs-recdXP.htm

O8 - Extra context menu item: Negs + Neutrals  (&Left) - file://c:\negs-leftXP.htm

O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--420268662.dll/gn_menu1.html

O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--420268662.dll/gn_menu2.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {163A949D-2A1F-4B4C-AE46-83D0F59BE189} (X4 Control) - http://www.pcsecuritycam.com/XHD.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsol...scueControl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127014945139

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154739340890

O16 - DPF: {7EC687F9-9EFB-4FA3-A5BA-197C3461448A} (Rm Control) - http://www.pcsecuritycam.com/RM.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: UPS Service (CyberPowerUPS) - Cyber Power System Inc. - C:\PowerPanel\upssrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



End of file - 12330 bytes



also ran Deljob.exe

here is that log file



File(s) moved to C:\deljob




Files remaining after cleaning



McAfee.com Scan for Viruses - My Computer (JP-KQ0C05GD3R4W-Juan).job


App data folders


Volume in drive C is Little Drive

Volume Serial Number is B45D-D914


Directory of C:\Documents and Settings\Juan.JP-KQ0C05GD3R4W\Application Data


05/28/2007 05:11 PM <DIR> .

05/28/2007 05:11 PM <DIR> ..

02/26/2006 03:51 AM <DIR> Adobe

02/01/2007 03:15 PM <DIR> AdobeUM

05/09/2007 03:49 PM <DIR> Ahead

03/07/2006 07:42 PM <DIR> APPLEC~1 Apple Computer

04/01/2007 10:59 AM <DIR> ArcSoft

05/07/2007 04:01 PM <DIR> BITTOR~1 BitTorrent

05/28/2007 05:11 PM <DIR> CLOSED~1 Close Dash Burn

05/07/2007 03:21 PM <DIR> dvdcss

11/06/2006 10:00 PM <DIR> Google

09/24/2006 12:03 AM <DIR> GTek

04/30/2006 08:04 PM <DIR> Help

09/12/2005 09:52 PM <DIR> IDENTI~1 Identities

03/30/2007 09:28 AM <DIR> INSTAL~1 InstallShield

03/07/2007 11:07 PM <DIR> Intuit

01/14/2006 11:46 PM <DIR> Lavasoft

05/24/2007 08:57 PM <DIR> LimeWire

12/27/2005 11:01 PM <DIR> MACROM~1 Macromedia

02/28/2006 07:25 PM <DIR> McAfee

12/23/2005 12:22 PM <DIR> MCAFEE~1.COM McAfee.com Personal Firewall

05/23/2007 10:13 AM <DIR> MICROS~1 Microsoft

01/15/2006 12:01 AM <DIR> Mozilla

12/23/2005 09:55 PM <DIR> MUSICM~1 Musicmatch

03/09/2006 06:20 PM <DIR> OLYMPUS

07/20/2006 02:52 PM <DIR> OPENOF~1.ORG OpenOffice.org2

12/27/2005 10:58 PM <DIR> Sun

01/15/2006 12:02 AM <DIR> Talkback

05/28/2007 09:43 PM <DIR> TROJAN~1 TrojanHunter

04/16/2007 10:48 AM <DIR> U3

12/19/2006 03:52 PM <DIR> ULEADS~1 Ulead Systems

11/07/2006 09:06 PM <DIR> WINDOW~2 Windows Desktop Search

07/14/2006 06:27 AM <DIR> WINDOW~1 Windows Live Safety Center

0 File(s) 0 bytes

33 Dir(s) 23,342,301,184 bytes free

Volume in drive C is Little Drive

Volume Serial Number is B45D-D914


Directory of C:\Documents and Settings\All Users.WINDOWS\Application Data


05/25/2007 04:26 PM <DIR> .

05/25/2007 04:26 PM <DIR> ..

02/21/2007 09:48 AM <DIR> Adobe

05/09/2007 05:04 PM <DIR> Ahead

04/19/2007 12:52 PM <DIR> APPLEC~1 Apple Computer

08/15/2006 07:32 AM <DIR> Avery

03/07/2007 08:37 PM <DIR> COMMON~1 COMMON FILES

05/07/2007 02:46 PM <DIR> DVDSHR~1 DVD Shrink

09/22/2006 08:58 PM <DIR> Google

08/05/2006 03:31 PM <DIR> GOOGLE~1 Google Updater

09/24/2006 12:03 AM <DIR> GTek

03/07/2007 08:40 PM <DIR> Intuit


12/23/2005 12:14 PM <DIR> McAfee.com

02/05/2007 10:19 AM <DIR> MCAFEE~1.COM McAfee.com Personal Firewall

04/26/2007 12:12 PM <DIR> MICROS~1 Microsoft

04/26/2007 12:16 PM <DIR> MICROS~2 Microsoft Help

12/19/2005 10:41 PM <DIR> NVIEW_~1 nView_Profiles

02/26/2006 11:04 AM <DIR> PopCap

05/28/2007 09:53 PM <DIR> SPYBOT~1 Spybot - Search & Destroy

05/25/2007 08:34 PM <DIR> SPYWAR~1 Spyware Terminator

12/19/2006 03:34 PM <DIR> ULEADS~1 Ulead Systems

01/28/2007 08:11 PM <DIR> WILDTA~1 WildTangent

12/21/2005 10:40 PM <DIR> WINDOW~1 Windows Genuine Advantage

0 File(s) 0 bytes

24 Dir(s) 23,342,297,088 bytes free


Edited by juan.padilla

Share this post

Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.


Thank you for your patience.


[this is an automated reply]

Share this post

Link to post
Share on other sites



Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).

Also look if next are present in software > add/remove programs and uninstall them:


CiD Help / CiD Manager

Download Plugin for Internet Explorer

Zone Media


In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window


Then reboot. Important!


After reboot,



Download: Microsoft Task Scheduler Command Line Utility from http://mvps.org/winhelp2002/jt.zip


Unzip and copy jt.exe to your C:\Windows folder.


Open Notepad, copy and paste the text below and "Save As" KillJobs.bat

In the "Save as type" select: All Files


@echo off

jt /sd B3B52E11997AAC05.job

Copy KillJobs.bat to your C:\Windows folder.

Double-click on "KillJobs.bat"

(when prompted, allow the file to run)

If you need help on "How to Make a .Bat File"

See: http://www.nellie2.co.uk/file.htm


Restart the computer normally to complete the fix.


Submit a fresh HijackThis for my review.

Share this post

Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.


If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.


Everyone else please begin a New Topic.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  
Followers 0