Help needed with annoying CiD popups

[Royal_Eagle]

Good afternoon.

I am having annoying CiD popups from Internet Explorer. I am posting my hijackthis log file. It will be much appreciated if someone out there can help me in stopping these popups.

Thanks!

---
Royal _Eagle

 

[momok]

Hi Royal_Eagle and welcome to techspot. =)

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.


Go to Start > Run and type services.msc and press enter.
Disable the following entry and stop the service.
balmremote

Have HijackThis fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.netpumper.com/index.php?go=installed
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKCU\..\Run: [balmremote] C:\DOCUME~1\ADMINI~1\APPLIC~1\PROGRA~1\mix sign.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{523EC649-2BC7-4A64-BAFC-7189366C0506}: NameServer = 202.123.2.6 202.123.2.11
(Only fix the O17 entry if you do not recognise the domain/IP)

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of Royal_Eagle only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Royal_Eagle]

Thank you very much indeed for your help!

As asked, i have posted the logs from HijackThis, AVG Antispyware and Combofix. AVG Antirootkit scan revealed no rootkits.

---
Royal_Eagle

 

[momok]

Hi,

I notice that you have bearshare on your system. I would recommend that your uninstall the program and delete all files and folders related to it as some versions are known to include spyware. See HERE for more information. Apart from that, your logs look pretty clean now. Are you still experiencing malware related problems?


Regards,
Your friendly momok =)

This thread is for the use of Royal_Eagle only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Royal_Eagle]

Thank YOu very much for help, dear momok.

Ok, I will remove Bearshare straight away. Thank you for the invaluable information.

I stopped getting those CiD popups, so i guess that the problem is no more! Thank you again.

---
Royal_Eagle

 

[momok]

Good that its fine now. Here are some final steps for cleaning.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

You may also delete the C:\VundoFix Backups folder and its contents.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of Royal_Eagle only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.