|
Posted by gary on February 20, 2008, 7:34 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I recently pick up a "bug" that is driving me up the wall. I keep getting
popups in internet explorer 6 at any and all times. I get up in the morning
and there will be 15-20-25 popups on my screen. I have run all sorts of
virus (Norton, Adaware, RegClean etc to) trying to cure the problem to no
avail. I am including some screen shots of what I am getting. The key seems
to be something called CiD (see circled on the screen shots) buried in my
system. I can't find anything that looks like this CiD thing. The IE pop
up blocker does no good. Can anyone help me out or head me in the right
direction. I am using WinXP Home on an HP computer. I ran the HighJackThis
scan program and got the attached results. Can anyone tell what the culprit
might be and where to find. I made some screen shots of some of the pop ups
but IE Outlook won't send the file. In each pop up in the very left hand
top corner will always appear the letters like this CiD: (usually followed
by a company name or some other advertisement) I ran a scan using HiJackThis
and is attached the log it produced. Can someone take a look and see if
they see anything that could be causing my problem?Thanks.
begin 666 hijackthis.log
M3&]G9FEL92!O9B!(:6IA8VM4:&ES('8Q+CDY+C$-"E-C86X@<V%V960@870@
M,CHQ-#HP."!032P@;VX@,B\R,"\R,# X#0I0;&%T9F]R;3H@5VEN9&]W<R!8
M4"!34#(@*%=I;DY4(#4N,#$N,C8P,"D-"DU3244Z($EN=&5R;F5T($5X<&QO
M<F5R('8V+C P(%-0,B H-BXP,"XR.3 P+C(Q.# I#0H-"E)U;FYI;F<@<')O
M1$]74UQS>7-T96TS,EQW:6YL;V=O;BYE>&4-"D,Z7%=)3D1/5U-<<WES=&5M
M,S)<<V5R=FEC97,N97AE#0I#.EQ724Y$3U=37'-Y<W1E;3,R7&QS87-S+F5X
M90T*0SI<5TE.1$]74UQS>7-T96TS,EQS=F-H;W-T+F5X90T*0SI<4')O9W)A
M;2!&:6QE<UQ!9'=A<F5!;&5R=%Q!9'=A<F5!;&5R="YS<G8N97AE#0I#.EQ7
M24Y$3U=37%-Y<W1E;3,R7'-V8VAO<W0N97AE#0I#.EQ724Y$3U=37'-Y<W1E
M;3,R7'-V8VAO<W0N97AE#0I#.EQ0<F]G<F%M($9I;&5S7$-O;6UO;B!&:6QE
M<UQ3>6UA;G1E8R!3:&%R961<8V-3=F-(<W0N97AE#0I#.EQ724Y$3U=37$5X
M<&QO<F5R+D5810T*0SI<5TE.1$]74UQS>7-T96TS,EQS<&]O;'-V+F5X90T*
M0SI<4')O9W)A;2!&:6QE<UQ#;VUM;VX@1FEL97-<04],7$%#4UQ!3TQ!8W-D
M+F5X90T*0SI<4')O9W)A;2!&:6QE<UQ#;VUM;VX@1FEL97-<04],7%1O<%-P
M965D7#(N,%QA;VQT<VUO;BYE>&4-"D,Z7%!R;V=R86T@1FEL97-<4WEM86YT
M96-<3&EV955P9&%T95Q!;'538VAE9'5L97)3=F,N97AE#0I#.EQ0<F]G<F%M
M($9I;&5S7$-O;6UO;B!&:6QE<UQ,:6=H=%-C<FEB95Q,4U-R=F,N97AE#0I#
M.EQ724Y$3U=37%-Y<W1E;3,R7'-P;V]L7$12259%4E-<5S,R6#@V7#-<2%!:
M25!-,3(N15A%#0I#.EQ724Y$3U=37'-Y<W1E;3,R7%!325-E<G9I8V4N97AE
M#0I#.EQ724Y$3U=37'-Y<W1E;3,R7'-V8VAO<W0N97AE#0I#.EQ0<F]G<F%M
M($9I;&5S7$-O;6UO;B!&:6QE<UQ!3TQ<,3$V,#$P,#@W-UQE95Q!3TQ3;V9T
M=V%R92YE>&4-"D,Z7%=)3D1/5U-<<WES=&5M,S)<:6=F>'!E<G,N97AE#0I#
M.EQ0<F]G<F%M($9I;&5S7$A07$A0(%-O9G1W87)E(%5P9&%T95Q(4%=U4V-H
M9#(N97AE#0I#.EQ724Y$3U=37'-Y<W1E;3,R7&AK8VUD+F5X90T*0SI<4')O
M9W)A;2!&:6QE<UQI5'5N97-<:51U;F5S2&5L<&5R+F5X90T*0SI<4')O9W)A
M;2!&:6QE<UQ386US=6YG7%-A;7-U;F<@365D:6$@4W1U9&EO(#5<4TU35')A
M>2YE>&4-"D,Z7%!R;V=R86T@1FEL97-<36%R:T%N>5Q#;VYT96YT4V%F97)<
M34%!9V5N="YE>&4-"D,Z7$A07$M"1%Q+0D0N15A%#0I#.EQ0<F]G<F%M($9I
M;&5S7&E0;V1<8FEN7&E0;V1397)V:6-E+F5X90T*0SI<4')O9W)A;2!&:6QE
M<UQ#;VUM;VX@1FEL97-<4WEM86YT96,@4VAA<F5D7&-C4W9C2'-T+F5X90T*
M8SI<<')O9W)A;2!F:6QE<UQC;VUM;VX@9FEL97-<86]L7#$Q-C Q,# X-S=<
M965<<V5R=FEC97-<86YT:5-P>7=A<F5!<'!<=F5R,E\P7S,R7S%<04],4U @
M4V-H961U;&5R+F5X90T*0SI<4')O9W)A;2!&:6QE<UQ#;VUM;VX@1FEL97-<
M04],7#$Q-C Q,# X-S=<145<86]L<V]F='=A<F4N97AE#0I#.EQ724Y$3U=3
M7'-Y<W1E;3,R7&-T9FUO;BYE>&4-"D,Z7%!R;V=R86T@1FEL97-<26YT97)N
M970@17AP;&]R97)<:65X<&QO<F4N97AE#0I#.EQ0<F]G<F%M($9I;&5S7%-P
M>6)O=" M(%-E87)C:" F($1E<W1R;WE<5&5A5&EM97(N97AE#0I#.EQ0<F]G
M<F%M($9I;&5S7$%D=V%R94%L97)T7$%D=V%R94%L97)T+F5X90T*0SI<4')O
M9W)A;2!&:6QE<UQ%<G)O<E-M87)T7$5R<F]R4VUA<G0N97AE#0I#.EQ0<F]G
M<F%M($9I;&5S7%5P9&%T97,@9G)O;2!(4%PY.3<R,S(R7%!R;V=R86U<57!D
M871E<R!F<F]M($A0+F5X90T*0SI<5TE.1$]74UQ33U5.1$U!3BY%6$4-"D,Z
M7%=)3D1/5U-<04Q#3512+D5810T*0SI<5TE.1$]74UQ!3$-76E)$+D5810T*
M0SI<4%)/1U)!?C%<0T]-34].?C%<4UE-04Y4?C%<0T-01"U,0UQS>6UL8W-V
M8RYE>&4-"F,Z7'=I;F1O=W-<<WES=&5M7&AP<WES9')V+F5X90T*0SI<4')O
M9W)A;2!&:6QE<UQ*879A7&IR93$N-2XP7&)I;EQJ=7-C:&5D+F5X90T*2CI<
M<W1U9F8M<')O9W)A;7-<4$]77'!O=RYE>&4-"D,Z7%!R;V=R86T@1FEL97-<
M0V]M;6]N($9I;&5S7$%/3%Q,;V%D97)<86]L;&]A9"YE>&4-"D,Z7%!R;V=R
M86T@1FEL97-<26YT97)N970@17AP;&]R97)<:65X<&QO<F4N97AE#0I#.EQ0
M<F]G<F%M($9I;&5S7$EN=&5R;F5T($5X<&QO<F5R7&EE>'!L;W)E+F5X90T*
M0SI<4')O9W)A;2!&:6QE<UQ!;65R:6-A($]N;&EN92 Y+C!<=V%O;"YE>&4-
M"D,Z7%!R;V=R86T@1FEL97-<06UE<FEC82!/;FQI;F4@.2XP7'-H96QL;6]N
M2T-57%-O9G1W87)E7$UI8W)O<V]F=%Q);G1E<FYE="!%>'!L;W)E<EQ-86EN
M+$1E9F%U;'1?4&%G95]54DP@/2!H='1P.B\O:64N<F5D:7)E8W0N:' N8V]M
M+W-V<R]R9'(_5%E013TS)G1P/6EE:&]M929L;V-A;&4]14Y?55,F8SU1-# U
M)F)D/7!A=FEL:6]N)G!F/61E<VMT;W F<&%R;3$]<V5C;VYD=7-E<@T*4C @
M+2!(2T-57%-O9G1W87)E7$UI8W)O<V]F=%Q);G1E<FYE="!%>'!L;W)E<EQ-
M86EN+%-T87)T(%!A9V4@/2!H='1P.B\O=W=W+F%T="YN970O#0I2,2 M($A+
M3$U<4V]F='=A<F5<36EC<F]S;V9T7$EN=&5R;F5T($5X<&QO<F5R7$UA:6XL
M1&5F875L=%]086=E7U523" ](&AT=' Z+R]I92YR961I<F5C="YH<"YC;VTO
M<W9S+W)D<C]465!%/3,F=' ]:65H;VUE)FQO8V%L93U%3E]54R9C/5$T,#4F
M8F0]<&%V:6QI;VXF<&8]9&5S:W1O<"9P87)M,3US96-O;F1U<V5R#0I2," M
M($A+3$U<4V]F='=A<F5<36EC<F]S;V9T7$EN=&5R;F5T($5X<&QO<F5R7$UA
M:6XL4W1A<G0@4&%G92 ](&AT=' Z+R]I92YR961I<F5C="YH<"YC;VTO<W9S
M+W)D<C]465!%/3,F=' ]:65H;VUE)FQO8V%L93U%3E]54R9C/5$T,#4F8F0]
M<&%V:6QI;VXF<&8]9&5S:W1O<"9P87)M,3US96-O;F1U<V5R#0I2," M($A+
M0U5<4V]F='=A<F5<36EC<F]S;V9T7$EN=&5R;F5T($5X<&QO<F5R7$UA:6XL
M3&]C86P@4&%G92 ]( T*4C @+2!(2TQ-7%-O9G1W87)E7$UI8W)O<V]F=%Q)
M;G1E<FYE="!%>'!L;W)E<EQ-86EN+$QO8V%L(%!A9V4@/2 -"D\R("T@0DA/
M.B!(96QP97)/8FIE8W0@0VQA<W,@+2![,#!#-C0X,D0M0S4P,BTT-$,X+3@T
M,#DM1D-%-31!1#E#,C X?2 M($,Z7%!R;V=R86T@1FEL97-<5&5C:%-M:71H
M7%-N86=)=" W7%-N86=)=$)(3RYD;&P-"D\R("T@0DA/.B!!9&]B92!01$8@
M+3<X-$(W1#9"13!",WT@+2!#.EQ0<F]G<F%M($9I;&5S7$%D;V)E7$%C<F]B
M870@-RXP7$%C=&EV95A<06-R;TE%2&5L<&5R+F1L; T*3S(@+2!"2$\Z(%-P
M>6)O="U3)D0@244@4')O=&5C=&EO;B M('LU,S<P-SDV,BTV1C<T+3)$-3,M
M,C8T-"TR,#9$-SDT,C0X-$9]("T@0SI<4%)/1U)!?C%<4U!90D]4?C%<4T1(
M96QP97(N9&QL#0I/,B M($)(3SH@3D-/(#(N,"!)12!"2$\@+2![-C R041"
M,$4M-$%&1BTT,C$W+3A!03$M.35$04,T1$9!-# X?2 M($,Z7%!R;V=R86T@
M1FEL97-<0V]M;6]N($9I;&5S7%-Y;6%N=&5C(%-H87)E9%QC;U-H87)E9%Q"
M<F]W<V5R7#(N,%QC;TE%4&QG+F1L; T*3S(@+2!"2$\Z(%-Y;6%N=&5C($EN
M+48T-C(X1C Q,#$P0WT@+2!#.EQ04D]'4D%^,5Q#3TU-3TY^,5Q364U!3E1^
M,5Q)1%-<25!30DA/+F1L; T*3S(@+2!"2$\Z(%-35DAE;'!E<B!#;&%S<R M
M('LW-C$T.3="0BU$-D8P+30V,D,M0C9%0BU$-$1!1C%$.3)$-#-]("T@0SI<
M4')O9W)A;2!&:6QE<UQ*879A7&IR93$N-BXP7S S7&)I;EQS<W8N9&QL#0I/
M,R M(%1O;VQB87(Z(%-N86=)=" M('LX1D8U13$X,RU!0D1%+30V14(M0C Y
M12U$,D%!0CDU0T%"13-]("T@0SI<4')O9W)A;2!&:6QE<UQ496-H4VUI=&A<
M4VYA9TET(#=<4VYA9TET245!9&1I;BYD;&P-"D\S("T@5&]O;&)A<CH@4VAO
M=R!.;W)T;VX@5&]O;&)A<B M('LW1D5"149%,RTV0C$Y+30S-#DM.3A$,BU&
M1D(P.40T0C0Y0T%]("T@0SI<4')O9W)A;2!&:6QE<UQ#;VUM;VX@1FEL97-<
M4WEM86YT96,@4VAA<F5D7&-O4VAA<F5D7$)R;W=S97)<,BXP7$-O2450;&<N
M9&QL#0I/,R M(%1O;VQB87(Z($%/3"!4;V]L8F%R("T@>S0Y.#)$-#!!+4,U
M,T(M-#8Q-2U",35"+4(U0C5%.3A$,38W0WT@+2 H;F\@9FEL92D-"D\T("T@
M2$M,35PN+EQ2=6XZ(%M4:T)E;&Q%>&5=(")#.EQ0<F]G<F%M($9I;&5S7$-O
M;6UO;B!&:6QE<UQ296%L7%5P9&%T95]/0EQR96%L<V-H960N97AE(B @+6]S
M8F]O= T*3S0@+2!(2TQ-7"XN7%)U;CH@6TAO<W1-86YA9V5R72!#.EQ0<F]G
M<F%M($9I;&5S7$-O;6UO;B!&:6QE<UQ!3TQ<,3$V,#$P,#@W-UQE95Q!3TQ3
M;V9T=V%R92YE>&4-"D\T("T@2$M,35PN+EQ2=6XZ(%M!3TQ$:6%L97)=($,Z
M7%!R;V=R86T@1FEL97-<0V]M;6]N($9I;&5S7$%/3%Q!0U-<04],1&EA;"YE
M>&4-"D\T("T@2$M,35PN+EQ2=6XZ(%M097)S:7-T96YC95T@0SI<5TE.1$]7
M4UQS>7-T96TS,EQI9V9X<&5R<RYE>&4-"D\T("T@2$M,35PN+EQ2=6XZ(%M(
M4$)O;W1/<%T@(D,Z7%!R;V=R86T@1FEL97-<2&5W;&5T="U086-K87)D7$A0
M($)O;W0@3W!T:6UI>F5R7$A00F]O=$]P+F5X92(@+W)U;@T*3S0@+2!(2TQ-
M7"XN7%)U;CH@6TA0(%-O9G1W87)E(%5P9&%T95T@0SI<4')O9W)A;2!&:6QE
M<UQ(4%Q(4"!3;V9T=V%R92!5<&1A=&5<2%!7=5-C:&0R+F5X90T*3S0@+2!(
M2TQ-7"XN7%)U;CH@6TAO=$ME>7-#;61S72!#.EQ724Y$3U=37'-Y<W1E;3,R
M7&AK8VUD+F5X90T*3S0@+2!(2TQ-7"XN7%)U;CH@6TAI9V@@1&5F:6YI=&EO
M;B!!=61I;R!0<F]P97)T>2!086=E(%-H;W)T8W5T72!(1$%3:$-U="YE>&4-
M"D\T("T@2$M,35PN+EQ2=6XZ(%M1=6EC:U1I;64@5&%S:UT@(D,Z7%!R;V=R
M86T@1FEL97-<475I8VM4:6UE7'%T=&%S:RYE>&4B("UA=&)O;W1T:6UE#0I/
M-" M($A+3$U<+BY<4G5N.B!;:51U;F5S2&5L<&5R72 B0SI<4')O9W)A;2!&
M:6QE<UQI5'5N97-<:51U;F5S2&5L<&5R+F5X92(-"D\T("T@2$M,35PN+EQ2
M=6XZ(%M335-4<F%Y72!#.EQ0<F]G<F%M($9I;&5S7%-A;7-U;F=<4V%M<W5N
M9R!-961I82!3='5D:6\@-5Q335-4<F%Y+F5X90T*3S0@+2!(2TQ-7"XN7%)U
M;CH@6TU!06=E;G1=($,Z7%!R;V=R86T@1FEL97-<36%R:T%N>5Q#;VYT96YT
M4V%F97)<34%!9V5N="YE>&4-"D\T("T@2$M,35PN+EQ2=6XZ(%M+0D1=($,Z
M7$A07$M"1%Q+0D0N15A%#0I/-" M($A+3$U<+BY<4G5N.B!;4'5R92!.971W
M;W)K<R!0;W)T($UA9VEC72 B0SI<4%)/1U)!?C%<4%5214Y%?C%<4$]25$U!
M?C%<4&]R=$%/3"YE>&4B("U2=6X-"D\T("T@2$M,35PN+EQ2=6XZ(%MC8T%P
M<%T@(D,Z7%!R;V=R86T@1FEL97-<0V]M;6]N($9I;&5S7%-Y;6%N=&5C(%-H
M87)E9%QC8T%P<"YE>&4B#0I/-" M($A+3$U<+BY<4G5N.B!;0TA)3B!024Y'
M(%!(3TY%(%!)3$5=($,Z7$1O8W5M96YT<R!A;F0@4V5T=&EN9W-<06QL(%5S
M97)S7$%P<&QI8V%T:6]N($1A=&%<4')O>'D@3&]N9R!#:&EN(%!I;F=<97AI
M="!B86=S+F5X90T*3S0@+2!(2TQ-7"XN7%)U;CH@6V]S0VAE8VM=(")#.EQ0
M<F]G<F%M($9I;&5S7$YO<G1O;B!);G1E<FYE="!396-U<FET>5QO<T-H96-K
M+F5X92(-"D\T("T@2$M,35PN+EQ2=6XZ(%M%<G)O<E-M87)T72!#.EQ0<F]G
M<F%M($9I;&5S7$5R<F]R4VUA<G1<17)R;W)3;6%R="YE>&4-"D\T("T@2$M#
M55PN+EQ2=6XZ(%M(;VQD0VET>5T@0SI<1$]#54U%?C%<2%!?3W=N97)<05!0
M3$E#?C%<3$E.2T]+?C%<;V]Z97!L87EH:61E+F5X90T*3S0@+2!(2T-57"XN
M7%)U;CH@6U1#;&]C:T5X72!#.EQ0<F]G<F%M($9I;&5S7%1#;&]C:T5X7%1#
M3$]#2T58+D5810T*3S0@+2!(2T-57"XN7%)U;CH@6TE%0TA%0TLN15A%72!#
M.EQ724Y$3U=37&EE8VAE8VLN97AE#0I/-" M($A+0U5<+BY<4G5N.B!;8W1F
M;6]N+F5X95T@0SI<5TE.1$]74UQS>7-T96TS,EQC=&9M;VXN97AE#0I/-" M
M($A+0U5<+BY<4G5N.B!;4W!Y8F]T4T0@5&5A5&EM97)=($,Z7%!R;V=R86T@
M"D\T("T@2$M#55PN+EQ2=6XZ(%M!9'=A<F5!;&5R=%T@0SI<4')O9W)A;2!&
M:6QE<UQ!9'=A<F5!;&5R=%Q!9'=A<F5!;&5R="YE>&4@+6)O;W0-"D\T("T@
M2$M#55PN+EQ2=6XZ(%M!3TP@1F%S="!3=&%R=%T@(D,Z7%!R;V=R86T@1FEL
M97-<06UE<FEC82!/;FQI;F4@.2XP7$%/3"Y%6$4B("UB#0I/-" M($=L;V)A
M;"!3=&%R='5P.B!5<&1A=&5S(&9R;VT@2% N;&YK(#T@0SI<4')O9W)A;2!&
M:6QE<UQ5<&1A=&5S(&9R;VT@2%!<.3DW,C,R,EQ0<F]G<F%M7%5P9&%T97,@
M9G)O;2!(4"YE>&4-"D\X("T@17AT<F$@8V]N=&5X="!M96YU(&ET96TZ($%D
M9"!4;R!(4"!/<F=A;FEZ92XN+B M($,Z7%!23T=207XQ7$A%5TQ%5'XQ7$A0
M3U)'07XQ7&)I;B]M;V1U;&4N;6%I;B]F879O<FET97-<:65?861D7W1O+FAT
M;6P-"D\X("T@17AT<F$@8V]N=&5X="!M96YU(&ET96TZ($YA;6\@4U=&($-A
M=&-H97(@+2!#.EQ0<F]G<F%M($9I;&5S7$-O;6UO;B!&:6QE<UQ3;W5R8V54
M96-<4U=&($-A=&-H97)<26YT97)N971%>'!L;W)E<BYH=&T-"D\Q-B M($10
M1CH@4&AO=&]B=6-K970@4'5B;&ES:&5R("T@:'1T<#HO+W-M9RYP:&]T;V)U
M8VME="YC;VTO8W-V92]I95]P;'5G:6XN<&AP#0I/,38@+2!$4$8Z('LP,3$Q
M,S,P,"TS13 P+3$Q1#(M.#0W,"TP,#8P,#@Y.#<T141]("A3=7!P;W)T+F-O
M;2!#;VYF:6=U<F%T:6]N($-L87-S*2 M(&AT=' Z+R]E8VAA="YB96QL<V]U
M=&@N;F5T+W-D8V-O;6UO;B]D;W=N;&]A9"]T9V-T;&-M+F-A8@T*3S$V("T@
M1%!&.B![,#5#03E&0C M,T4S12TT0C,V+4)&-#$M,$4S035#04$X0T0X?2 H
M3V9F:6-E($=E;G5I;F4@061V86YT86=E(%9A;&ED871I;VX@5&]O;"D@+2!H
M='1P.B\O9V\N;6EC<F]S;V9T+F-O;2]F=VQI;FLO/VQI;FMI9#TV-S8S,PT*
M3S$V("T@1%!&.B![,#DQ0T1$-S,M,30P,2TT-C0S+3E".4,M-C5",#DQ0S@X
M-C@U?2 H37E,:6YK97(@0V]N=')O;"D@+2!H='1P.B\O87)I<F%N9RYC;VYT
M96YT<RYM>6QI;FME<BYC;RYK<B]M;V1U;&4O37E,:6YK97(N8V%B#0I/,38@
M+2!$4$8Z('LQ-S0Y,C R,RU#,C-!+30U,T4M03 T,"U#-T,U.#!"0D8W,#!]
M("A7:6YD;W=S($=E;G5I;F4@061V86YT86=E(%9A;&ED871I;VX@5&]O;"D@
M+2!H='1P.B\O9V\N;6EC<F]S;V9T+F-O;2]F=VQI;FLO/VQI;FMI9#TS.3(P
M- T*3S$V("T@1%!&.B![,S1&,3)!1D0M13E"-2TT.3)!+3@U1#(M-#!&030U
M,S5"13@S?2 H07A0<F]D26YF;T-T;"!#;&%S<RD@+2!H='1P.B\O=W=W+G-Y
M;6%N=&5C+F-O;2]T96-H<W5P<"]A8W1I=F5D871A+VYP<F1T:6YF+F-A8@T*
M3S$V("T@1%!&.B![-#4Y13DS0C8M,34P12TT-40U+3A$-$(M-#5#-C9&0S S
M-49%?2 H9V5T7V%T;&-O;2!#;&%S<RD@+2!H='1P.B\O87!P<RYC;W)E;"YC
M;VTO;F]S7V1L7VUA;F%G97)?9&5V+W!L=6=I;B])14=E=%!L=6=I;BYO8W@-
M"D\Q-B M($101CH@>S9!,S0T1#,T+34R,S$M-#4R02TX034W+40P-C1!0SE"
M-S@V,GT@*%-Y;6%N=&5C($1O=VYL;V%D($UA;F%G97(I("T@:'1T<',Z+R]W
M96)D;"YS>6UA;G1E8RYC;VTO86-T:79E>"]S>6UD;&UG<BYC86(-"D\Q-B M
M($101CH@>SDV,#!&-C1$+3<U-48M,3%$-"U!-#=&+3 P,#$P,C-%-D0U07T@
M*%-H=71T97)F;'D@4&EC='5R92!5<&QO860@4&QU9VEN*2 M(&AT=' Z+R]W
M96(Q+G-H=71T97)F;'DN8V]M+V1O=VYL;V%D<R]5<&QO861E<BYC86(-"D\Q
M-B M($101CH@>SE!.3,P-T$P+3=$030M-$1!1BU",#0R+34P,#E&,CE%,#E%
M,7T@+2 -"D\Q-B M($101CH@>T-%,CA$-40R+38P0T8M-$,W1"TY1D4X+3!&
M-#=!,S,P.# W.'T@*$%C=&EV941A=&%);F9O($-L87-S*2 M(&AT='!S.B\O
M=W=W+7-E8W5R92YS>6UA;G1E8RYC;VTO=&5C:'-U<' O87-A+V-T<FPO4WEM
M041A=&$N8V%B#0I/,3@@+2!0<F]T;V-O;#H@;7,M:&5L<" M('LS,30Q,3%#
M-RU!-3 R+3$Q1#(M0D)#02TP,$,P-$8X14,R.31]("T@0SI<4')O9W)A;2!&
M:6QE<UQ#;VUM;VX@1FEL97-<36EC<F]S;V9T(%-H87)E9%Q(96QP7&AX9',N
M9&QL#0I/,3@@+2!&:6QT97(@:&EJ86-K.B!T97AT+WAM;" M('LX,#<U-C-%
M-2TU,30V+3$Q1#4M038W,BTP,$(P1# R,D4Y-#5]("T@0SI<4%)/1U)!?C%<
M0T]-34].?C%<34E#4D]3?C%<3T9&24-%,3)<35-/6$U,348N1$Q,#0I/,C @
M+2!7:6YL;V=O;B!.;W1I9GDZ(&EG9GAC=6D@+2!#.EQ724Y$3U=37%-94U1%
M33,R7&EG9GAD978N9&QL#0I/,C @+2!7:6YL;V=O;B!.;W1I9GDZ(%=G84QO
M9V]N("T@0SI<5TE.1$]74UQ365-414TS,EQ79V%,;V=O;BYD;&P-"D\R,2 M
M(%-33T1,.B!74$13:%-E<G9I8V5/8FH@+2![04%!,C@X0D$M.4$T0RTT-4(P
M+3DU1#<M.31$-3(T.#8Y1$(U?2 M($,Z7%=)3D1/5U-<<WES=&5M,S)<5U!$
M4VA397)V:6-E3V)J+F1L; T*3S(S("T@4V5R=FEC93H@061W87)E06QE<G0@
M4V-A;FYI;F<@16YG:6YE("A!9'=A<F5!;&5R=%-R=BD@+2!5;FMN;W=N(&]W
M;F5R("T@0SI<4')O9W)A;2!&:6QE<UQ!9'=A<F5!;&5R=%Q!9'=A<F5!;&5R
M="YS<G8N97AE#0I/,C,@+2!397)V:6-E.B!!3TP@0V]N;F5C=&EV:71Y(%-E
M<G9I8V4@*$%/3"!!0U,I("T@04],($Q,0R M($,Z7%!R;V=R86T@1FEL97-<
M0V]M;6]N($9I;&5S7$%/3%Q!0U-<04],06-S9"YE>&4-"D\R,R M(%-E<G9I
M8V4Z($%/3"!4;W!3<&5E9"!-;VYI=&]R("A!3TP@5&]P4W!E961-;VYI=&]R
M*2 M($%M97)I8V$@3VYL:6YE+"!);F,@+2!#.EQ0<F]G<F%M($9I;&5S7$-O
M;6UO;B!&:6QE<UQ!3TQ<5&]P4W!E961<,BXP7&%O;'1S;6]N+F5X90T*3S(S
M("T@4V5R=FEC93H@075T;VUA=&EC($QI=F55<&1A=&4@4V-H961U;&5R("T@
M4WEM86YT96,@0V]R<&]R871I;VX@+2!#.EQ0<F]G<F%M($9I;&5S7%-Y;6%N
M=&5C7$QI=F55<&1A=&5<06QU4V-H961U;&5R4W9C+F5X90T*3S(S("T@4V5R
M=FEC93H@4WEM86YT96,@179E;G0@36%N86=E<B H8V-%=G1-9W(I("T@56YK
M;F]W;B!O=VYE<B M($,Z7%!R;V=R86T@1FEL97-<0V]M;6]N($9I;&5S7%-Y
M;6%N=&5C(%-H87)E9%QC8U-V8TAS="YE>&4B("]H(&-C0V]M;6]N("AF:6QE
M86YA9V5R("AC8U-E=$UG<BD@+2!5;FMN;W=N(&]W;F5R("T@0SI<4')O9W)A
M;2!&:6QE<UQ#;VUM;VX@1FEL97-<4WEM86YT96,@4VAA<F5D7&-C4W9C2'-T
M+F5X92(@+V@@8V-#;VUM;VX@*&9I;&4@;6ES<VEN9RD-"D\R,R M(%-E<G9I
M8V4Z(%-Y;6%N=&5C($QI8R!.971#;VYN96-T('-E<G9I8V4@*$-,5$YE=$-N
M4V5R=FEC92D@+2!5;FMN;W=N(&]W;F5R("T@0SI<4')O9W)A;2!&:6QE<UQ#
M;VUM;VX@1FEL97-<4WEM86YT96,@4VAA<F5D7&-C4W9C2'-T+F5X92(@+V@@
M8V-#;VUM;VX@*&9I;&4@;6ES<VEN9RD-"D\R,R M(%-E<G9I8V4Z($-/32!(
M;W-T("AC;VU(;W-T*2 M(%-Y;6%N=&5C($-O<G!O<F%T:6]N("T@0SI<4')O
M9W)A;2!&:6QE<UQ#;VUM;VX@1FEL97-<4WEM86YT96,@4VAA<F5D7%9!4V-A
M;FYE<EQC;VU(;W-T+F5X90T*3S(S("T@4V5R=FEC93H@26YS=&%L;$1R:79E
M<B!486)L92!-86YA9V5R("A)1')I=F5R5"D@+2!-86-R;W9I<VEO;B!#;W)P
M;W)A=&EO;B M($,Z7%!R;V=R86T@1FEL97-<0V]M;6]N($9I;&5S7$EN<W1A
M;&Q3:&EE;&1<1')I=F5R7#$Q7$EN=&5L(#,R7$E$<FEV97)4+F5X90T*3S(S
M("T@4V5R=FEC93H@:5!O9"!397)V:6-E("T@07!P;&4@26YC+B M($,Z7%!R
M;V=R86T@1FEL97-<:5!O9%QB:6Y<:5!O9%-E<G9I8V4N97AE#0I/,C,@+2!3
M97)V:6-E.B!,:6=H=%-C<FEB95-E<G9I8V4@1&ER96-T($1I<V,@3&%B96QI
M;F<@4V5R=FEC92 H3&EG:'138W)I8F5397)V:6-E*2 M($AE=VQE='0M4&%C
M:V%R9"!#;VUP86YY("T@0SI<4')O9W)A;2!&:6QE<UQ#;VUM;VX@1FEL97-<
M3&EG:'138W)I8F5<3%-3<G9C+F5X90T*3S(S("T@4V5R=FEC93H@3&EV955P
M9&%T92 M(%-Y;6%N=&5C($-O<G!O<F%T:6]N("T@0SI<4')O9W)A;2!&:6QE
M<UQ3>6UA;G1E8UQ,:79E57!D871E7$QU0V]M4V5R=F5R7S-?-"Y%6$4-"D\R
M,R M(%-E<G9I8V4Z($QI=F55<&1A=&4@3F]T:6-E("T@56YK;F]W;B!O=VYE
M<B M($,Z7%!R;V=R86T@1FEL97-<0V]M;6]N($9I;&5S7%-Y;6%N=&5C(%-H
M87)E9%QC8U-V8TAS="YE>&4B("]H(&-C0V]M;6]N("AF:6QE(&UI<W-I;F<I
M#0I/,C,@+2!397)V:6-E.B!0;6P@1')I=F5R($A06C$R("T@2% @+2!#.EQ7
M24Y$3U=37%-Y<W1E;3,R7'-P;V]L7$12259%4E-<5S,R6#@V7#-<2%!:25!-
M,3(N15A%#0I/,C,@+2!397)V:6-E.B!0<F]T97AI<TQI8V5N<VEN9R M(%5N
M:VYO=VX@;W=N97(@+2!#.EQ724Y$3U=37'-Y<W1E;3,R7%!325-E<G9I8V4N
M97AE#0I/,C,@+2!397)V:6-E.B!3>6UA;G1E8R!#;W)E($Q#("T@56YK;F]W
M;B!O=VYE<B M($,Z7%!23T=207XQ7$-/34U/3GXQ7%-934%.5'XQ7$-#4$0M
33$-<<WEM;&-S=F,N97AE#0H-"@``
`
end
|
|
Posted by David H. Lipman on February 20, 2008, 7:41 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| I recently pick up a "bug" that is driving me up the wall. I keep getting
| popups in internet explorer 6 at any and all times. I get up in the morning
| and there will be 15-20-25 popups on my screen. I have run all sorts of
| virus (Norton, Adaware, RegClean etc to) trying to cure the problem to no
| avail. I am including some screen shots of what I am getting. The key seems
| to be something called CiD (see circled on the screen shots) buried in my
| system. I can't find anything that looks like this CiD thing. The IE pop
| up blocker does no good. Can anyone help me out or head me in the right
| direction. I am using WinXP Home on an HP computer. I ran the HighJackThis
| scan program and got the attached results. Can anyone tell what the culprit
| might be and where to find. I made some screen shots of some of the pop ups
| but IE Outlook won't send the file. In each pop up in the very left hand
| top corner will always appear the letters like this CiD: (usually followed
| by a company name or some other advertisement) I ran a scan using HiJackThis
| and is attached the log it produced. Can someone take a look and see if
| they see anything that could be causing my problem?Thanks.
|
You posted this already and I replied to you as well !
I'll repeat one last time...
Please do NOT post otr attach HiJack This logs here or in other News Groups.
Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED in any of the below before posting a log
Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0
Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
Posted by =?Utf-8?B?TWlsbw==?= on February 25, 2008, 4:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
if you can use this site
http://hijackthis.de
then there would a log from your hijackthis and then post it there and have
it evaluated follows that you would see some are flagged as red but dont go
there yet
have only the string of the bad files indicated ok...
example like this
HKLM\*****\verybad.exe
HKLM\*****\verybad. anything that is flagged as unknown or red ok
am sure its no longer a hijackthis log but a processed and simplified form
hence it can no longer be considered as a Hijackthis log file.
and lets see what was found by the site recommended. ok
Thanks...
--
Milo
"gary" wrote:
> I recently pick up a "bug" that is driving me up the wall. I keep getting
> popups in internet explorer 6 at any and all times. I get up in the morning
> and there will be 15-20-25 popups on my screen. I have run all sorts of
> virus (Norton, Adaware, RegClean etc to) trying to cure the problem to no
> avail. I am including some screen shots of what I am getting. The key seems
> to be something called CiD (see circled on the screen shots) buried in my
> system. I can't find anything that looks like this CiD thing. The IE pop
> up blocker does no good. Can anyone help me out or head me in the right
> direction. I am using WinXP Home on an HP computer. I ran the HighJackThis
> scan program and got the attached results. Can anyone tell what the culprit
> might be and where to find. I made some screen shots of some of the pop ups
> but IE Outlook won't send the file. In each pop up in the very left hand
> top corner will always appear the letters like this CiD: (usually followed
> by a company name or some other advertisement) I ran a scan using HiJackThis
> and is attached the log it produced. Can someone take a look and see if
> they see anything that could be causing my problem?Thanks
|
|
Posted by BoaterDave on February 26, 2008, 2:56 am
If you were Registered and logged in, you could reply and use other advanced thread options
I still struggle with your English (grin!) but I think you intended to
suggest to Gary that he posted his HJT Log in the 'Auto-check' facility
available at www.hijackthis.de . I have used this facility many times
myself.
As I had a few minutes spare, I did this on Gary's behalf (in case he didn't
realise what you had meant) and the following item was highlighted as 'bad':
O4 - HKCU\..\Run: [HoldCity]
C:\DOCUME~1\HP_Owner\APPLIC~1\LINKOK~1\oozeplayhide.exe
This item was also shown up as questionable:
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
There is a 023 Entry too which mentions a "Fuzzy Algorithmcheck (3.07
/ 5.00), Neutral"
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown
owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
Just hope this information might prove helpful to you and/or Gary.
Dave
***************************************************************
> Hi garry...
> if you can use this site
> http://hijackthis.de
>
> then there would a log from your hijackthis and then post it there and
> have
> it evaluated follows that you would see some are flagged as red but dont
> go
> there yet
> have only the string of the bad files indicated ok...
>
> example like this
> HKLM\*****\verybad.exe
> HKLM\*****\verybad. anything that is flagged as unknown or red ok
>
> am sure its no longer a hijackthis log but a processed and simplified form
> hence it can no longer be considered as a Hijackthis log file.
>
> and lets see what was found by the site recommended. ok
>
> Thanks...
> --
> Milo
>
>
>
> "gary" wrote:
>
>> I recently pick up a "bug" that is driving me up the wall. I keep
>> getting
>> popups in internet explorer 6 at any and all times. I get up in the
>> morning
>> and there will be 15-20-25 popups on my screen. I have run all sorts of
>> virus (Norton, Adaware, RegClean etc to) trying to cure the problem to no
>> avail. I am including some screen shots of what I am getting. The key
>> seems
>> to be something called CiD (see circled on the screen shots) buried in my
>> system. I can't find anything that looks like this CiD thing. The IE
>> pop
>> up blocker does no good. Can anyone help me out or head me in the right
>> direction. I am using WinXP Home on an HP computer. I ran the
>> HighJackThis
>> scan program and got the attached results. Can anyone tell what the
>> culprit
>> might be and where to find. I made some screen shots of some of the pop
>> ups
>> but IE Outlook won't send the file. In each pop up in the very left hand
>> top corner will always appear the letters like this CiD: (usually
>> followed
>> by a company name or some other advertisement) I ran a scan using
>> HiJackThis
>> and is attached the log it produced. Can someone take a look and see if
>> they see anything that could be causing my problem?Thanks
>
|
|
Posted by =?Utf-8?B?TWlsbw==?= on February 26, 2008, 5:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
started with the correspondence you know me am always cryptic hahaha..
O4 - HKCU\..\Run: [HoldCity]
C:\DOCUME~1\HP_Owner\APPLIC~1\LINKOK~1\oozeplayhide.exe
|
REMOVE THIS it should not run on auto start
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
|
REMOVE THIS VIA going to its own folder and looking for
uninstall/uninst
"Just make sure you or Gary didnt purchase this product"
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown
owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
|
It did attached on the services list so better do a restart after
proceeding
with the use of its own uninstaller.
And Gary if you were mislead to purchased this product call your credit card
company
and have it cancelled.
--
Milo
"BoaterDave" wrote:
> Hi Milo :)
>
> I still struggle with your English (grin!) but I think you intended to
> suggest to Gary that he posted his HJT Log in the 'Auto-check' facility
> available at www.hijackthis.de . I have used this facility many times
> myself.
>
> As I had a few minutes spare, I did this on Gary's behalf (in case he didn't
> realise what you had meant) and the following item was highlighted as 'bad':
>
> O4 - HKCU\..\Run: [HoldCity]
> C:\DOCUME~1\HP_Owner\APPLIC~1\LINKOK~1\oozeplayhide.exe
>
> This item was also shown up as questionable:
>
> C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
>
> There is a 023 Entry too which mentions a "Fuzzy Algorithmcheck (3.07
> / 5.00), Neutral"
>
> O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown
> owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
>
>
> Just hope this information might prove helpful to you and/or Gary.
>
> Dave
>
> ***************************************************************
>
>
>
> > Hi garry...
> > if you can use this site
> > http://hijackthis.de
> >
> > then there would a log from your hijackthis and then post it there and
> > have
> > it evaluated follows that you would see some are flagged as red but dont
> > go
> > there yet
> > have only the string of the bad files indicated ok...
> >
> > example like this
> > HKLM\*****\verybad.exe
> > HKLM\*****\verybad. anything that is flagged as unknown or red ok
> >
> > am sure its no longer a hijackthis log but a processed and simplified form
> > hence it can no longer be considered as a Hijackthis log file.
> >
> > and lets see what was found by the site recommended. ok
> >
> > Thanks...
> > --
> > Milo
> >
> >
> >
> > "gary" wrote:
> >
> >> I recently pick up a "bug" that is driving me up the wall. I keep
> >> getting
> >> popups in internet explorer 6 at any and all times. I get up in the
> >> morning
> >> and there will be 15-20-25 popups on my screen. I have run all sorts of
> >> virus (Norton, Adaware, RegClean etc to) trying to cure the problem to no
> >> avail. I am including some screen shots of what I am getting. The key
> >> seems
> >> to be something called CiD (see circled on the screen shots) buried in my
> >> system. I can't find anything that looks like this CiD thing. The IE
> >> pop
> >> up blocker does no good. Can anyone help me out or head me in the right
> >> direction. I am using WinXP Home on an HP computer. I ran the
> >> HighJackThis
> >> scan program and got the attached results. Can anyone tell what the
> >> culprit
> >> might be and where to find. I made some screen shots of some of the pop
> >> ups
> >> but IE Outlook won't send the file. In each pop up in the very left hand
> >> top corner will always appear the letters like this CiD: (usually
> >> followed
> >> by a company name or some other advertisement) I ran a scan using
> >> HiJackThis
> >> and is attached the log it produced. Can someone take a look and see if
> >> they see anything that could be causing my problem?Thanks
> >
>
>
>
|
|
XML site map