TechSpot

help please in removing cid pop up ads

By lindylou2
Mar 21, 2007
  1. hi, wondering if I could have some advice and help in getting rid of the annoying cid pop up ads that I keep getting on my laptop.

    I have run quite alot of the programmes recommended, but no luck. I have downloaded hijack but not quite sure how to change the setting on saving it. attached hijack log I would be grateful if someone could look at and advise me,

    thank you Linda
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your system has at least the lop infection.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Please Download NoLop to your desktop from one of the links below...
    http://www.spywareedge.net/nolop/NoLop.exe
    http://www.thespykiller.co.uk/forum/...pmod;dl=item16

    First close any other programs you have running as this will require a reboot
    Double click NoLop.exe to run it
    Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    When scanning is finished you will be prompted to reboot only if infected, Click OK
    Now click the "REBOOT" Button.
    A Message should popup from NoLop.
    If not, double click the program again and it will finish.

    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above. Also, post the C:\NoLop.log.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of lindylou2 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. lindylou2

    lindylou2 TS Rookie Topic Starter Posts: 32

    :) I have followed your instructions.

    AVG rootkit said no rootkits found.
    Attaced files as requested
    Regards Linda

    :eek: forgot to post the loplog, popups stll comin thick and fast at moment :(
     

    Attached Files:

  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    proxy show.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [BoreWaitGridData] C:\Documents and Settings\All Users\Application Data\BarbHoleBoreWait\proxy show.exe

    O16 - DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} (WLANinfo.WLANX) - https://www.jiwire.com/activeX/wlaninfo.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Documents and Settings\All Users\Application Data\BarbHoleBoreWait<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of lindylou2 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. lindylou2

    lindylou2 TS Rookie Topic Starter Posts: 32

    :hotbounce

    Howard you are FANTASTIC :giddy: I think they have gone at last!!

    Can I take off the programmes I had to download eg cc cleaner, nolop and combifix etc now, and is it best to keep the AVG one?

    Regards Linda
     

    Attached Files:

  6. tomrca

    tomrca TS Rookie Posts: 1,051

    your log 'looks' clean . but still you don't seem to to have any antivirus programme and firewall. these you need. Go to THIS LOCATION and THIS LOCATION and get free ones.

    dead right:grinthumb
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    As tomrca quite rightly said, your HJT log is clean.

    Install antivius and firewall software, then go and read this thread HERE, it`ll show you how to keep your system more secure.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of lindylou2 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. lindylou2

    lindylou2 TS Rookie Topic Starter Posts: 32

    :D I used to have zone alarm, but uninstalled it to use windows defender, instead when I got new laptop,so is zone alarm better than windows defender? I also had a trial av, but it ended and I uninstalled it and put on AVG, does it not show up in my hijack log, I do have it, are you saying I need another one as well?
    Regards Linda

    :bounce: ps no more pop ups :bounce:
     
  9. tomrca

    tomrca TS Rookie Posts: 1,051

    wd is ok for some things, but it's not a firewall. yes, avg does show up in your log but it is the 'avgas' (antispyware). you need an antivirus programme. not to be confused with 'avgas'. that's why i gave you the link for the free one. if you are thinking of buying a full security suite , stay away from 'NORTON':eek:
     
  10. lindylou2

    lindylou2 TS Rookie Topic Starter Posts: 32

    and what's wrong with Norton AV? I am intrigued now
     
  11. tomrca

    tomrca TS Rookie Posts: 1,051

    hi lindylou2. look at this thread http://www.techspot.com/vb/all/windows/t-33288-Nice-Or-Nasty-Norton.html
    there's even a special tool to get rid of it, because it leaves stuff on your pc after delete/uninstall
    do you use any of the norton products on your pc. if not these are still on yours.
    nothing to worry about though

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
     
     
  12. lindylou2

    lindylou2 TS Rookie Topic Starter Posts: 32

    OOOOOOOOOOh I get the gist now, I won't get Norton then. I found the AVG on my computer, I had downloaded it, but not installed it, I think I must have assumed the AVG sypware was the same, I now have 2 little AVG icons in my taskbar, one with an s in the middle and one without :blush:

    Am currently running a scan, AND 'I DONT BELIEVE IT' (as Victor would say) :( it says I have an obfuskated virus!!!! 7 at the moment :confused:


    Are you saying that, the links on your post above show that I have some Norton bits on my computer, if so how did they get there as I have never had Norton on this computer, had a trial version of mcaffe on the laptop when I got it but no norton?
     
  13. tomrca

    tomrca TS Rookie Posts: 1,051

    well if you didn't put the norton/symantec on, take it off!! fix it with hjt
    one thing that you should remember, is not to run more than one firewall and av programme
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    The above two entries are the result of running the Symantec online scanner and can safely be fixed with HJT.

    Regards Howard :)

    This thread is for the use of lindylou2 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. lindylou2

    lindylou2 TS Rookie Topic Starter Posts: 32

    thanks to you both for your help, I have downloaded the 2 links, however how do I get them to work :blush: ?

    also I have 3 other questions if its not too much trouble:D

    1 I uninstalled my trial version on mcafee (using add/remove programmes) and I did a serch and have found a load more files that say mcafee, if I just delete the folder will I have got all the bits off the comp?

    2. I swapped my trusty webcam with my friend cos hers kept crashing her computer, (its a few years old, and slow), and put her webcam on mine, it worked but not well, (creative webcam) so I uninstalled it (or tried to) using add remove programmes but there are parts of the programme that won't uninstall the error says

    Error Code: -5004 : 0x7e
    Error Information:
    >SetupDLL\SetupDLL.cpp (1966)
    PAPP:Creative Live! Cam Manager
    PVENDOR:Creative Technology Ltd (www.creative.com)
    PGUID:15B3F9F8-4CF9-452A-9AF2-AA8553765DA7
    $9.1.0.429

    and I can't get rid of it. any suggestions?

    and finally 3. Daughter uses windows live messenger, and I seem to get the vibes from threads that it can lead to lots of probs with virus's etc, what can I do to keep comp safe?

    thanks Linda
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Which two links are you referring to?

    Yes.

    As for your SetupDLL.cpp problem, try uninstalling the programme in safe mode.

    I don`t think Windows live messenger is any better or worse than any other messenger programme, but it is true that it can become a conduit for malware. It all depends on how sensibly it`s used. I use Yahoo messenger and have never had any malware problems whatsoever.

    See this thread HERE for info on how to keep your system more secure.

    Regards Howard :)

    This thread is for the use of lindylou2 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. tomrca

    tomrca TS Rookie Posts: 1,051

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.