CiD popups

By Mark Needham
Apr 14, 2007
  1. Hello,

    I'am a new member just signed up today after reading some previous threads. I am having the CiD popups in Internet Explorer and wish to get rid of them. I know that you have helped others and I am hoping you can help me. I have followed Howard's instructions step 1 to 13 and enclose the logs for HJT, AVG Antispyware and Combofix logs.

    The AVG Antirootkit did not find anything.

    PS Step 8, the Ad-Aware SE Personal link is missing, but I found it doing a Google search.

    Mark Needham
  2. momok

    momok TS Rookie Posts: 2,265


    Hello and welcome to techspot. =)
    Thank you for informing us about the missing link.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.

    Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.


    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:


    Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked":

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [WipeExitMapiBits] C:\Documents and Settings\All Users.WINDOWS\Application Data\TitleLocksWipeExit\RULE INTERNET.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

    Close HJT.

    Navigate in Windows Explorer and delete the following files and folders in bold.
    C:\Documents and Settings\All Users.WINDOWS\Application Data\TitleLocksWipeExit\ <- delete the entire folder and its contents.

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.

    Also, I need you to visit this link

    Click the Browse... button and navigate to the following file:
    Click Open

    Please let me know the results.

    Your friendly Momok =)
  3. Mark Needham

    Mark Needham TS Rookie Topic Starter

    Hi Momok,

    Thanks very much for your reply, those CiD popups are now a thing of the past!

    I have attached a new log for HJT and AVG Antispyware.

    The scan from found nothing on the file secstat.exe
    When going onto its properties it is a Symantec file. Its Description is Security Status Server and its Product Name is Norton Internet Security Status Helper.

    One other thing, my son is going to get a laptop for when he goes to university. What would you suggest for antivirus, antispy, etc.

    Thanks once again for the help and for being so quick with a response.

  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your HJT log is clean.

    Run the Ccleaner programme as per step9 of the instructions HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    Here is a list of security programmes I recommend.

    AVG free or Avast antivirus programmes.

    Zonealarm or Kerio free firewall programmes.

    Spybot Search & Destroy.

    Ad-Aware se personal.

    Spyware Blaster.

    AVG Antispyware.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of Mark Needham only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. Mark Needham

    Mark Needham TS Rookie Topic Starter

    Everything is working fine.

    Thanks for all the help and information.

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...