CiD popups

[Mestedup]

here it is, got these popups with Cid in the title bar, of internet explorer, and they are just random. Weird thing is that I dont use IE, I use Firefox with some addons to keep popups off my computer. I run Ad-aware, spybot S&D, CCleaner, AVG, and HJT to keep my system clean. they are all up to date and I havnt really down loaded any thing bad lately so I dont know where this came from. I've tried a few "fix it" programs with no luck, also did some google surfing to see if I could find anything. I fixed a few problems but still these stupid CiD popups. I saw a remove CiD from my "remove/add programs" but it said that the file no longer was there and asked if I wanted to remove it from the list. My computer is all up to date and everything in your "read me before..." has been done and ran, and still the popups. here is the latest HJT log, after I've done all the scans and runs:

Logfile of HijackThis v1.99.1
Scan saved at 10:19:18 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mest\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [muBlinder] C:\Program Files\muBlinder\muBlinder.exe -startup
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173128894908
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

[jholland1964]

This entry in your log;
O4 - HKLM\..\Run: [muBlinder] C:\Program Files\muBlinder\muBlinder.exe -startup

Tells us that you very likely are using muBlinder a program that bypasses the Windows Validation and enables people with pirated Windows to get Windows Updates

Since program piracy or offering assistance with program piracy is in violation of Forum Rules we cannot offer assistance in this matter. I would urge you to get your copy of Windows XP validated, very few, if any, reputiable Computer Forums will offer assistance with pirated copies of any Windows operating system.

[Mestedup]

I have gotten the same reaction from other people about muBlinder. I am a computer tech, and I use this program some time with people computers that are having problems with the windows up date site, validation, and MGA as a by pass to get SP2 or other updates to fix or work around till I can get everything working. if you need some proof of my validation of my copy of windows, I would be glad to scan a receipt and packing of Windows and Message it to you. but I will state right now that I do have a valid copy of windows, and that muBlinder on my system is for legal use for my work.

[jholland1964]

I have gotten the same reaction from other people about muBlinder. I am a computer tech, and I use this program some time with people computers that are having problems

How would anyone know you are running this program? If this is truly the case then disable this program from running at Start Up. If your XP is a validated copy then there is NO reason for it to be running OR even installed on this particular machine itself. It would seem to me that it would more likely be run on the machine WITHOUT a validated copy of XP not on one WITH a validated copy. There is NO reason for this program to be running on a computer with a legal copy of Windows. I will give you the benefit of the doubt (and I am very doubtful) and go through the log and get back with you.

[jholland1964]

everything in your "read me before..." has been done and ran, and still the popups.

Where is the Kaspersky log? Where is the AVG Anti-spy log? Where is your firewall?
Check your Add/Remove for any of the following and remove if found;
Netpumper
Bitroll
Bitgrabber
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media
If you do find any of these and remove them then be sure to reboot the computer after uninstall.

Also please generate an uninstall list for us using HiJackThis and post that list here;
o access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply here

[Mestedup]

opps thought I added that to my first post. here it is

[Mestedup]

here is the uninstall list too

[jholland1964]

Frankly I see nothing in either the HJT log or the Uninstall list. The Kaspersky zip file cannot be opened. That should have been posted using the simple copy/paste of the log itself.
You can try using combofix to see if anything turns up there;
Combofix.exe.

Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix.
When the scan completes it will open a text window. Please copy/paste that log back here together with a new HijackThis log.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Please post back the Combofix report and reboot afterwards.

[Mestedup]

change the .zip to .rar it wouldnt let me upload a rar file. so if you have winrar you should be able to open it. I'll try that fix.

[jholland1964]

No, I will not open a file from one I do not know. I want it copy/pasted or attached as a .txt file. There is no reason this should need to be a zip or rar file.