Im looking for somebody to run me through the process of getting rid of the CID popups. It would be greatly appreciated. Thanks
Somebody Run Me Through the process
- Thread starter Conquest_1
- Start date
- Status
xxdanielxx
Posts: 1,069 +0
we can start by
* Click here to download HJTsetup.exe
* Click here to download HJTsetup.exe
- Save HJTsetup.exe to your desktop.
- Doubleclick on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Come back here to this thread and Attach the log in txt format your next reply.
- DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Thats the Log
xxdanielxx
Posts: 1,069 +0
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
Please download VundoFix.exe
to your desktop
Note: it is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." When VundoFix appears at reboot.
Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\iso surf.exe
O4 - HKCU\..\Run: [owns tray] C:\DOCUME~1\MATTHE~1\APPLIC~1\grimcomp\HECK HTM.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis and**reboot.
Please download the OTMoveIt2 by OldTimer.
After that, Reboot, and post a new HijackThis log here in a reply
Please download VundoFix.exe
to your desktop
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click Yes
- Once you click yes, your desktop will go blank as it starts removing the Vundo.
- When completed, it will prompt that it will reboot your computer, click Ok
- Please attach the C:\vundofix.txt & a new HijackThis log.
Note: it is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." When VundoFix appears at reboot.
Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\iso surf.exe
O4 - HKCU\..\Run: [owns tray] C:\DOCUME~1\MATTHE~1\APPLIC~1\grimcomp\HECK HTM.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis and**reboot.
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:[b]C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\ C:\DOCUME~1\MATTHE~1\APPLIC~1\grimcomp[/b] - Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2
After that, Reboot, and post a new HijackThis log here in a reply
- Status
