Thread: Need help removing CID pop-ups
View Single Post
Join Date: Jul 2008
Posts: 3,083
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 175
Moderator
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Sensei

Re: Need help removing CID pop-ups

 
0
  #9
Sep 20th, 2008
I am still going through your combofix log, but let's try a fix using HJT and see how that goes.
First you should do the following;
You may want to print out these instructions and save them in notepad on the desktop because part of the time you are going to be in Safe mode and won't be able to access this site;

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT).
Using the F8 Method

1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode using the arrow keys.
4. Then press enter on your keyboard to boot into Safe Mode.
5. Do whatever tasks you require and when you are done reboot to boot back into normal mode.

Enable Viewing of Hidden Files and Folders
1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).
iexplore.exe (if two show then end both)
Play Send.exe
TwoEach.exe

Close task manager.
Run HJT with no other programs open(except notepad). Click the scan button. Have HJT fix the following, by placing a check mark in the little box next to the following(if there);

O4 - HKLM\..\Run: [close surf mail dupe] H:\Documents and Settings\All Users\Datos de programa\Tick Find Close Surf\Play Send.exe
O4 - HKCU\..\Run: [junk peak] H:\DOCUME~1\user\DATOSD~1\grimfrag\TwoEach.exe

Click on the fix checked button.

Close HJT.

Now search for and delete the following bold files and/or directories(if there).

H:\Documents and Settings\All Users\Datos de programa\Tick Find Close Surf\<Delete the entire folder in bold.

H:\DOCUMENTS & SETTINGS\user\DATOSD~1\grimfrag\<Delete the entire folder in bold.
Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log
Meanwhile I am still going through that combofix log and will get back on that.
Judy
Last edited by jholland1964; Sep 20th, 2008 at 1:55 pm.
Reply With Quote