started receiving pop ups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kdac

Thread Starter
Joined
Jul 26, 2006
Messages
36
this was originally in <All Other Software>, but have moved it to here as suggested by a Senior Member (Rollin_Again).

Hi Guys,

It's been a while, but my computer has been up and running after all my problems and up until last week, it has been working quite nicely.

I have McAfee Anti Virus, but this week I have started receiving popups on my PC.

I have all pop-ups blocked and my firewall/privacy/spam killer services are enabled. I am not sure how to get rid of these popups. Running Ad-Aware does not help.

I have checked my Programs installed and nothing appears out of the ordinary.

Can I please have some ideas as to what to do??

Rollin_Again has given me the link to download Hijack This which I have done.

I eagerly await information on how to use this.

Thanks in advance,

Kizzy
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!


Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

kdac

Thread Starter
Joined
Jul 26, 2006
Messages
36
this is what i get:

Logfile of HijackThis v1.99.1
Scan saved at 11:50:36, on 21/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Documents and Settings\peaches\My Documents\chkspyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164764689892
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164767950250
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
 

kdac

Thread Starter
Joined
Jul 26, 2006
Messages
36
thanks for your quick response. Messenger Service is already disabled.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.





Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
 

kdac

Thread Starter
Joined
Jul 26, 2006
Messages
36
i have done what you instructed (took 90 minutes for the AVG scan) and this is the log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:05:53 21/01/2007

+ Scan result:



C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP159\A0016009.exe -> Adware.Trymedia : Cleaned.
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP159\A0016011.exe -> Adware.Trymedia : Cleaned.
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP151\A0013207.exe -> Adware.Wildtangent : Cleaned.
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP151\A0013213.exe -> Adware.Wildtangent : Cleaned.
:mozilla.333:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.261:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.385:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.391:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.392:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.393:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.394:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.395:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.396:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.282:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.283:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.320:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.321:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.375:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.376:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.377:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.378:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.379:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.334:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.405:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.292:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.293:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.294:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.295:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.388:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.356:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.357:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.358:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.359:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.324:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.278:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.401:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.402:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.403:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.404:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.335:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.336:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.337:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.271:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.272:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.273:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.368:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.369:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.297:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.329:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.330:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.383:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.384:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.407:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.408:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.409:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.325:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.227:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.44:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.45:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.304:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.305:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.306:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.307:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.142:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.143:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.286:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.287:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.249:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.250:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.251:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.252:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.253:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.390:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.236:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.208:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.31:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.32:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.276:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.29:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.260:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.181:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.331:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.332:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

I am still getting pop ups - I have attached an example (hope the attachment came through!). I also get pop ups relating to Drive Cleaner and various other things.
 

Attachments

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Don&#8217;t do anything with it yet!


Reboot to safe mode.


Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.


Reboot to normal mode.


  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.
 

kdac

Thread Starter
Joined
Jul 26, 2006
Messages
36
There are too many characters when I try to paste and post - I have attached instead
 

Attachments

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please go to this web site: http://virusscan.jotti.org/
and in the File to upload & scan box copy and paste
C:\WINDOWS\SYSTEM32\sfiuflwdfr.exe

Copy the information to notepad and paste it back here in your next reply.
 

kdac

Thread Starter
Joined
Jul 26, 2006
Messages
36
File: sfiuflwdfr.exe
Status: INFECTED/MALWARE
MD5 4a23bc140c72d5ed9bbce6946aa238c0
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT, PE_PATCH

Scanner results
Scan taken on 21 Jan 2007 23:05:34 (GMT)
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.NaviPromo.ad (4, 1, 400)
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.NaviPromo.ad
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Click Here and download Killbox and save it to your desktop.


Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\SYSTEM32\sfiuflwdfr.exe


Click on the button that has the red circle with the X in the middle after you enter the file name.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
 

kdac

Thread Starter
Joined
Jul 26, 2006
Messages
36
I have done this and upon reboot, I got the attached popups. popup1 first then popup2 (i had to click on the close button on popup1 as it wouldn't close any other way).
 

Attachments

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run Panda ActiveScan here

Once you are on the Panda site click the "Scan your PC" button.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Scan Now" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.
 

kdac

Thread Starter
Joined
Jul 26, 2006
Messages
36
the results from Active Scan:


Incident Status Location

Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top