TechSpot

CID pop ups and other problems

By gagik
Apr 10, 2007
  1. Hi All,
    Lately, i am having some CID pop ups in my ie 7, it appeared after i have used netpumper, i uninstalled it, but pop ups are still there. I followed all steps of the forum and attaching my reports. By the way just before posting this message i began to have another problems:
    1. I found out svchost.exe process in my task manager with 99% cpu and it was blocking my taskbar, i just disabled this process, so that can write to you now.
    2. processes in my task manager does not show user name of most processes.
    I hope you will help to solve my problems, though they can also be caused by overheating problem of my laptop lately.
    THANKS IN ADVANCE
    Olim
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    0072701169858163mcinstcleanup

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    2 that delete.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [SIZECLOCK] "C:\DOCUME~1\Olim\APPLIC~1\BIRDSO~1\2 that delete.exe"

    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://ochadms.unog.ch/qp2.cab

    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab

    O20 - Winlogon Notify: winmby32 - winmby32.dll (file missing)

    O23 - Service: 0072701169858163mcinstcleanup - - (no file)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\Olim\APPLIC~1\BIRDSO~1<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :wave: :wave:

    This thread is for the use of gagik only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. gagik

    gagik TS Rookie Topic Starter

    Hi Howard,
    I did wveruthing and here comes fresh HJT report
    THANKS
    Olim
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi,

    (just helping out since the log looks more or less pretty clean to me)

    Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked":

    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6009\SAService.exe (file missing)


    Should you have any further problems please repost in this thread.
     
  5. gagik

    gagik TS Rookie Topic Starter

    Hi there,
    i got rid of pop up problem, but now i have this problem with svchost.exe with 99% cpu and around 65000 k of memory use, it freezes taskbar and i have to disable the process, but then video or audio problems occur. now the view of taskbar also has changed and it shows all shortcuts in a row.
    i am attaching my HJT log file,
    Thanks
    Olim
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. However, momok told you to fix some stuff that shouldn`t be fixed.

    Run AVG Antispyware and disable the resident shield.

    Run HJT and click the config button, followed by the backups button. Place a tick in the little box next to these entries.

    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?<This one is optional

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6009\SAService.exe (file missing)

    Click the restore button and click yes. Reboot your system and post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of gagik only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. momok

    momok TS Rookie Posts: 2,265

    Oh my. I'm terribly sorry.

    I think I should clarify, what difference does it make when the entries with files missing are cleared?
     
  8. gagik

    gagik TS Rookie Topic Starter

    Hi Howard,
    Here is updated HJT log, I still have the same problem, but this time it dropped to 0% by itself after some time. Though I still have strange view of taskbar.
    Thanks
    Olim
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean, though the O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) entries seem not to have been restored. Try restoring those entries again.

    Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

    Attach the Autoruns log here.

    momok: Some 09 entries say file missing when in fact there are no files missing. That is due to a small bug in HJT. It`s exactly the same with 023 entries. they often say filemissing, when there are no files missing. It`s very important that you know which entries should be fixed and which should not, particularly with 023 services.

    Regards Howard :)

    This thread is for the use of gagik only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. momok

    momok TS Rookie Posts: 2,265

    Wow thanks..

    May I also enquire where to find out what entries with (file missing) should and should not be fixed?
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That comes from experience I`m afraid. If you`re not sure about something, ask.

    Regards Howard :)

    This thread is for the use of gagik only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. gagik

    gagik TS Rookie Topic Starter

    Hi Howard,
    I could not find two entries you mentioned in back up list, they must have been restored, though they are missing in HJT logs, I ran several times HJT and could not find them there either.
    Here comes Autoruns log file.
    Thanks,
    Olim
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t see anything bad in your Autoruns log.

    Go and read this thread HERE and see if it helps with the high cpu usage.

    I`m not sure what`s causing your taskbar image problems. Could you post a pic for us?

    Regards Howard :)

    This thread is for the use of gagik only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. gagik

    gagik TS Rookie Topic Starter

  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That pic looks normal to me, unless I`m missing something?

    Regards Howard :)

    This thread is for the use of gagik only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. gagik

    gagik TS Rookie Topic Starter

    Hi Howard,
    Thanks for your help.
    It seems that for now everything is fine.
    olim
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...