Home > Hjt Log > Hjt Log - Cid Popups Are Having Their Way With Me

Hjt Log - Cid Popups Are Having Their Way With Me

Regarding the Spanish files, they're there because my nephew is Spanish and has his computer configured likewise. here are some additional utilities that will enhance your safety IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log · --If you receive an error, "mscomctl.ocx or I didn't do anything you suggested yet but once I scanned and removed the infected viruses this program found, the zedo popups were gone! Check This Out

Jun 14, 2008 #5 Blind Dragon TS Evangelist Posts: 3,908 Please re-open HiJackThis and scan. Yesterday I noted the exact times I looked at the history log (with long spaces of time in between) and the times when I access the log is the only time the messages Posted: 31-Jul-2009 | 4:22PM • Permalink The unauthorized access messages sometimes run 1-2 minutes apart, sometimes about 10 minutes apart. A look back at the complete history log show two Trojans and an Info.Bancstealer detected and removed back in April.

Message Edited by Floating_Red on 07-22-2009 01:48 PM Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | In your Norton History, check the Unresolved Security Risks, Resolved Security Risks and Quarantine logs to see if there is any record of what was found and what Norton did with This is normal and ComboFix will restore your desktop before it is finished. http://nb.dns-look-u...s/uninstall.exe*and finally my IE explorer temporary net files have been deleted, not that i use it, i use firefox, but CiD manages to bring up pop ups !!!There is one thing

H:\Archivos de programa\Screensavers.com\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully. Join the community here. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully. Ok, I used HJT to remove the two entries you identified and deleted the two directories stated in your previous instructions.

A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you Can you also confirm if you have Installed a Firewall from the Thread that I provided.  Thanks! I have not installed a new program in awhile, the only thing I did when I returned from my trip (during which my computer was off and nobody used it) was How to turn off and turn on System Restore in Windows XP: http://support.microsoft.com/kb/310405/en.

You really helped a lot!! 0 #13 Essexboy Posted 10 January 2009 - 03:22 PM Essexboy GeekU Moderator Retired Staff 69,964 posts Glad to hear I will leave this open for Run HJT with no other programs open(except notepad). Click on the 'Statistics/Logs' tab. I didn't actually realize that Norton AV doesn't have a firewall, although I do have my Windows firewall on.

H:\Archivos de programa\Save (Adware.WhenUSave) -> Quarantined and deleted successfully. All Rights Reserved. Also do the following; The first thing you should do is print out this guide as we will close all the open windows and programs, including your web browser, before starting I am very serious about this and see it happen almost every day with my clients.

Check: 'Perform Complete Scan then Click 'Next' to start the scan. http://softsystechnologies.com/hjt-log/hjt-log-annoying-ad-popups.html HKEY_CURRENT_USER\SOFTWARE\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully. Message Edited by Floating_Red on 07-26-2009 01:18 PMMessage Edited by Floating_Red on 07-26-2009 01:22 PM Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, The file for INTERNET SPAM SUPPORT AUDIO did not display when I ran HJT again.

blah blah).  So it represents a very confined debug system that only has the OEM crapware.  The second 2) interesting thing is that I can get the entry to be logged at Is anyone able to figure out what I should do? Posted: 01-Aug-2009 | 8:54AM • Permalink Unauthorized access attempts now happening every 10 seconds - 2 minutes. this contact form The NoLop Log is below.

Message Edited by Floating_Red on 07-26-2009 11:48 PMMessage Edited by Floating_Red on 07-26-2009 11:49 PMMessage Edited by Floating_Red on 07-26-2009 11:53 PM Thursday, November 21, 2013: The THREATCON was changed to Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Also, thanks for your co-operation so far with your Issue.

Live Return to OTMoveIt, right click on the "Paste Custom List of Files/Folders to Move" window under the "yellow" bar at the bottom,and choose Paste,see image below: Click the red text Moveit! Similar Topics Infected with the CiD virus Jul 20, 2008 CiD Popup virus Dec 28, 2007 CiD popup virus thing... Please re-open HiJackThis and scan. Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India Windows Tweaks Windows 8 Windows 7 Windows Vista Windows XP Servers Software Books WinGeek Forum CiD Popups

Posted: 03-Aug-2009 | 10:35AM • Permalink Hi, emichele, Have you tired Scanning in the Administrator Account in Safe Mode? Thread Status: Not open for further replies. Please can you confirm what the "Actor" is. http://softsystechnologies.com/hjt-log/hjt-log-cant-work-with-these-popups.html If you feel that step was absolutely critical, I can uninstall Mcafee entirely and try running Combofix again.

Skip to main content Norton.com Norton Community Home Forums Blogs Search HelpWelcome Message FAQs Search Tips Participation Guidelines Terms and Conditions MenuUserLog in Sign up English简体中文 Français Deutsch 日本語 Português Español Register now! Without regular updates you WILL NOT be protected when new malicious programs are released. Floating_Red Rootkit Eradicator19 Reg: 30-May-2008 Posts: 5,237 Solutions: 32 Kudos: 597 Kudos0 Re: Getting frequent "attempted access blocked" msg in Norton AV history log.

This to avoid confusion. I've read about IE8 having some incompatibility problems with Norton, so I uninstalled IE8 and went back to IE7. Posted: 31-Jul-2009 | 1:13PM • Permalink What's my next step? You may get a prompt because ComboFix does not have a digital signature.

H:\Archivos de programa\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe (Adware.Comet) -> Quarantined and deleted successfully. Be sure to follow the instructions exactly and turn off all security programs while running it. Not sure, but the programs have appeared to remedy the problem my nephew was having with CID popups and generally slow computer performance. H:\Archivos de programa\Screensavers.com\SSSInstaller\temp\dm6B.tmp (Adware.Comet) -> Quarantined and deleted successfully.

Click Yes at the Delete on Reboot prompt. Start HijackThis 2. H:\Documents and Settings\All Users\Datos de programa\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully. I run windows xp and I have explorer 7.

This will ensure your computer has always the latest security updates available installed on your computer. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large Posted: 03-Aug-2009 | 10:50AM • Permalink See here  http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=63824#M63824  Quads Does this mean that I can assume what's happening is benign and it's safe to begin using online banking etc again