Hi,
I have run NoLop and it seemed to hav e found something. Both the NoLop log and the log from HiJackThis are found below.
While looking for the NoLop webpage I ran into this page concerning someone else alos having problems with CiD, I hope it can be of some help.
http://forum.tweakxp.com/forum/Topic222 ... x#bm222400If I do not talk to you soon again I once again would like to thank you for your help and wish you a very Merry Christmas!
/ Olle
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\Olle\Skrivbord
[2007-12-20]
[23:39:45]
---Infection Files Found/Removed---
C:\WINDOWS\tasks\AFC869CA91CFE466.job
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\Ajr\Application Data\Google
C:\Documents and Settings\Ajr\Application Data\Identities
C:\Documents and Settings\Ajr\Application Data\Iid
C:\Documents and Settings\Ajr\Application Data\Limewire
C:\Documents and Settings\Ajr\Application Data\Macromedia
C:\Documents and Settings\Ajr\Application Data\Microsoft
C:\Documents and Settings\Ajr\Application Data\Pc Suite
C:\Documents and Settings\Ajr\Application Data\Sun
C:\Documents and Settings\Alexander\Application Data\Adobe
C:\Documents and Settings\Alexander\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Alexander\Application Data\Ati
C:\Documents and Settings\Alexander\Application Data\Bittorrent
C:\Documents and Settings\Alexander\Application Data\Datalayer
C:\Documents and Settings\Alexander\Application Data\Google
C:\Documents and Settings\Alexander\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Alexander\Application Data\Identities
C:\Documents and Settings\Alexander\Application Data\Iid
C:\Documents and Settings\Alexander\Application Data\Lavasoft
C:\Documents and Settings\Alexander\Application Data\Macromedia
C:\Documents and Settings\Alexander\Application Data\Microsoft
C:\Documents and Settings\Alexander\Application Data\Nokia
C:\Documents and Settings\Alexander\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Alexander\Application Data\Pc Suite
C:\Documents and Settings\Alexander\Application Data\Real
C:\Documents and Settings\Alexander\Application Data\Screenshot Sender
C:\Documents and Settings\Alexander\Application Data\Sonic Solutions
C:\Documents and Settings\Alexander\Application Data\Souptoys -- EMPTY Directory
C:\Documents and Settings\Alexander\Application Data\Sun
C:\Documents and Settings\Alexander\Application Data\Teamspeak2
C:\Documents and Settings\Alexander\Application Data\Teleca
C:\Documents and Settings\Alexander\Application Data\Tific
C:\Documents and Settings\Alexander\Application Data\Toolbookdumb
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ball Mapi Owns Ping
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Souptoys
C:\Documents and Settings\All Users\Application Data\Spcs
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Teleca
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Daniel\Application Data\Adobe
C:\Documents and Settings\Daniel\Application Data\Ati
C:\Documents and Settings\Daniel\Application Data\Google
C:\Documents and Settings\Daniel\Application Data\Identities
C:\Documents and Settings\Daniel\Application Data\Iid
C:\Documents and Settings\Daniel\Application Data\Limewire
C:\Documents and Settings\Daniel\Application Data\Macromedia
C:\Documents and Settings\Daniel\Application Data\Microsoft
C:\Documents and Settings\Daniel\Application Data\Pc Suite
C:\Documents and Settings\Daniel\Application Data\Real
C:\Documents and Settings\Daniel\Application Data\Souptoys -- EMPTY Directory
C:\Documents and Settings\Daniel\Application Data\Sun
C:\Documents and Settings\Daniel\Application Data\Teleca
C:\Documents and Settings\Daniel\Application Data\Toolbookdumb
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Milena\Application Data\Adobe
C:\Documents and Settings\Milena\Application Data\Adobeum
C:\Documents and Settings\Milena\Application Data\Ati
C:\Documents and Settings\Milena\Application Data\Google
C:\Documents and Settings\Milena\Application Data\Identities
C:\Documents and Settings\Milena\Application Data\Iid
C:\Documents and Settings\Milena\Application Data\Limewire
C:\Documents and Settings\Milena\Application Data\Macromedia
C:\Documents and Settings\Milena\Application Data\Microsoft
C:\Documents and Settings\Milena\Application Data\Pc Suite
C:\Documents and Settings\Milena\Application Data\Real
C:\Documents and Settings\Milena\Application Data\Sun
C:\Documents and Settings\Milena\Application Data\Teleca
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Olle\Application Data\Adobe
C:\Documents and Settings\Olle\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Olle\Application Data\Ati
C:\Documents and Settings\Olle\Application Data\Google
C:\Documents and Settings\Olle\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Olle\Application Data\Identities
C:\Documents and Settings\Olle\Application Data\Iid
C:\Documents and Settings\Olle\Application Data\Lavasoft
C:\Documents and Settings\Olle\Application Data\Macromedia
C:\Documents and Settings\Olle\Application Data\Microsoft
C:\Documents and Settings\Olle\Application Data\Pc Suite
C:\Documents and Settings\Olle\Application Data\Real
C:\Documents and Settings\Olle\Application Data\Sun
C:\Documents and Settings\Olle\Application Data\Symantec
C:\Documents and Settings\Olle\Application Data\Teleca
C:\Documents and Settings\Olle\Application Data\Toolbookdumb
C:\Documents and Settings\Spel\Application Data\Google
C:\Documents and Settings\Spel\Application Data\Identities
C:\Documents and Settings\Spel\Application Data\Iid
C:\Documents and Settings\Spel\Application Data\Macromedia
C:\Documents and Settings\Spel\Application Data\Microsoft
C:\Documents and Settings\Spel\Application Data\Pc Suite
------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36:08, on 2007-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Storegate\Autostore\AutoStoreSvc.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\Analog Devices\SoundMAX\SMTray.exe
C:\Program\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\iid.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program\Storegate\Autostore\AutoStore.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Connection Wizard\ConnectionWizard.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Owns Ping Ante Admin] C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping\Send This.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [funkmeet] C:\DOCUME~1\Olle\APPLIC~1\TOOLBO~1\copywavemove.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Storegate Autostore.lnk = C:\Program\Storegate\Autostore\AutoStore.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel -
res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
https://visma.storegate.se/user/Files/C ... oader4.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZI ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Autostore - Storegate AB - C:\Program\Storegate\Autostore\AutoStoreSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 10268 bytes