CID pop up help

Status
Not open for further replies.
Hi I noticed that CId pop ups are common. I'm having trouble removing it so I need someone's help please. It's been slowing down my computer and I don't want to accidentally delete something that would cause my computer to not function properly.
I already followed all the instructions from here [techspot.com/vb/topic19133] and I attached my Hijackthis log.
 
You have way too much junk installed... good programs that become junk when there are too many. I see you weighted down by
AOL security
Google Toolbar
Spy Bot
Adware
Windows Live
Diskkeeper
PCTools (probably because of Spyware Doctor)
Spyware Doctor
Web Root Spysweeper
Symantec
AVAST Alwil
Tea timer (Spybot)
Yahoo Search
SD Helper
McAfee Spam Killer
Windows Defender?
You are just loaded down with stuff.
If you use AOL, Drop a lot of the rest... or Drop AOL
Do not use more than one AntiVirus and Two Spyware programs. Do not use both Spy Sweeper, and Spyware Doctor
SpyBot is practically useless if you have Adaware. It never finds any real problems.
If you use Spyware Doctor, you don't need any others. If you use SpySweeper, you do not need the others.
You don't have enuff memory to handle all this
Think it through. Decide what you want to do and get rid of these others.
Use Firefox and you won't have the popups.
The slowdown is because of all this "good stuff"
I do not see any evil infestations.
 
Okay. I'll try to remove them. Mainly my sibling installs those things. I think i do have a problem because I have a lot of CID pop ups.. regardless of the computer slowing down. thanks
 
Hi candyx,

And welcome to Techspot.

You have what is known as a LOP infection, we will have to look deeper but first, we need to disable some real time protection before fixing it. (Afterwards re-enable active protection) please follow my instructions in order and ask questions if you are unsure how to proceed at any point.

Step 1

Uninstall - AOL Active Security Monitor

Disable Spyware Doctor Active protection
1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".


Disable Teatimer
  • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
  • Open Spybot S&D
  • Click on Mode at the top and make sure that Advanced is checked
  • Expand the Tools tab in the left pane
  • Single click on the Resident Icon also in the left pane
  • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
  • Close spybot

-------------------------------------------------------------------------------

Step 2

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the System Scan Only button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
    O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\fast film.exe
    O4 - HKCU\..\Run: [license error] C:\DOCUME~1\SALLY1~1\APPLIC~1\GLUEGR~1\anti iso.exe
    O16 - DPF: {FA463B6E-93D5-4E02-B7F2-E0BA98DA73FC} (SHLaunch Control) - http://nchat2.haduri.com/chat/shlaunch_0930.cab
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

---------------------------------------------------------------------------------------

Step 3
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
    C:\DOCUME~1\SALLY1~1\APPLIC~1\GLUEGR~1\anti iso.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

------------------------------------------------------------------------------

Step 4
After the computer is restarted we need to check on one of those folders

Show hidden files through windows explorer
  • Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
  • On the Tools menu in Windows Explorer, click Folder Options
  • Click the View tab.
  • Under Hidden files and folders, click Show hidden files and folders
  • Remove the checkmark from the checkbox labeled Hide protected operating system files
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
  • Put a checkmark in the checkbox labeled Display the contents of system folders.


Now launch windows explorer (double click my computer)
Navigate to - C:\Documents and Settings\SALLY1~1\Application Data\GLUEGR~1 <-It will be a random named folder that starts with GLUEGR and will contain the file anti iso.exe

If there manually delete the folder GLUEGRxxxx

---------------------------------------------------------------------

Step 5
Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

-----------------------

Update your Java Runtime Environment
  • Click the following link
    Java Runtime Environment 6 Update 6
  • The 5th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder

------------------------------------------------------------------------------

Step 6

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply


After all of that please run a fresh Hijackthis scan and attach the log here with the kaspersky scan,

Also make sure that you update your protection and activate the realtime protection we disabled in step 1. I recommend leaving Tea-timer off though, as I will recommend an alternative that will save you on resources
 
How is the computer doing now?

The only issue I still see is a Norton entry and a Mcafee entry while you have Avast as you antivirus protection. I am going to post instructions for removing Mcafee and Norton, you let me know if there is a reason why you do not want to do this.

If everything is going good with the computer we can clean up and secure the system.

-------------------------------------------------------

Remove Mcafee products
1. Click Start, Settings, Control Panel.
2. Double-click Add or Remove Programs.
3. Select the McAfee SecurityCenter product.
4. Click Remove and follow the steps provided.
5. Download the Mcafee removal tool from http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
6. Click Save and save the file to your desktop
7. Make sure all McAfee windows are closed.
8. Double-click MCPR.exe to run the removal tool. (Vista users need right click and run as administrator)
9. Restart your computer after receiving the message CleanUp Successful.


To remove norton run this Norton removal tool found http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
 
Make sure all of your protection is up to date and that you aren't missing any microsoft updates.

In place of tea timer I am going to recommend Winpatrol. It won't eat up so much resources. You can download it through my signature.

Once installed right click the scotty dog in your system tray and select -> startup info...

From there you can control what programs start when you boot your computer. This way you can disable programs that you don't need every time you turn on the machine.
 
Status
Not open for further replies.
Back