1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

started receiving pop ups

Discussion in 'Virus & Other Malware Removal' started by kdac, Jan 21, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. kdac

    kdac Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    36
    this was originally in <All Other Software>, but have moved it to here as suggested by a Senior Member (Rollin_Again).

    Hi Guys,

    It's been a while, but my computer has been up and running after all my problems and up until last week, it has been working quite nicely.

    I have McAfee Anti Virus, but this week I have started receiving popups on my PC.

    I have all pop-ups blocked and my firewall/privacy/spam killer services are enabled. I am not sure how to get rid of these popups. Running Ad-Aware does not help.

    I have checked my Programs installed and nothing appears out of the ordinary.

    Can I please have some ideas as to what to do??

    Rollin_Again has given me the link to download Hijack This which I have done.

    I eagerly await information on how to use this.

    Thanks in advance,

    Kizzy
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. kdac

    kdac Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    36
    this is what i get:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:50:36, on 21/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Documents and Settings\peaches\My Documents\chkspyware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164764689892
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164767950250
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  5. kdac

    kdac Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    36
    thanks for your quick response. Messenger Service is already disabled.
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.





    Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
    (This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
    1. After download, double click on the file to launch the install process.
    2. Choose a language, click "OK" and then click "Next".
    3. Read the "License Agreement" and click "I Agree".
    4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
    7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    8. Go to Start > Run and type: services.msc
    • Press "OK".
    • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
    • When you find the guard service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Manual".
    • Now click "Apply", then "OK" and close the Services window.
    9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

    Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with AVG Anti-Spyware as follows:
    1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan?" check all (default).
    • Under "Possibly unwanted software" check all (default).
    • Under "What to Scan?" make sure "Scan every file" is selected (default).
    • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
    2. Click the "Scan" tab to return to scanning options.
    3. Click "Complete System Scan" to start.
    4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

    IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

    5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
    1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

    2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
     
  7. kdac

    kdac Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    36
    i have done what you instructed (took 90 minutes for the AVG scan) and this is the log:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 21:05:53 21/01/2007

    + Scan result:



    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP159\A0016009.exe -> Adware.Trymedia : Cleaned.
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP159\A0016011.exe -> Adware.Trymedia : Cleaned.
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP151\A0013207.exe -> Adware.Wildtangent : Cleaned.
    C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP151\A0013213.exe -> Adware.Wildtangent : Cleaned.
    :mozilla.333:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
    :mozilla.261:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.385:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.391:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.392:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.393:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.394:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.395:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.396:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.282:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.283:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.320:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.321:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.375:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.376:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.377:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.378:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.379:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.334:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.405:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.292:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.293:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.294:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.295:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.388:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.356:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.357:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.358:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.359:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.324:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.278:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.401:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.402:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.403:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.404:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.335:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.336:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.337:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.271:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.272:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.273:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.368:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.369:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.297:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.329:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.330:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.383:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.384:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.407:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.408:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.409:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.325:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.227:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.44:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.45:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.304:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.305:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.306:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.307:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.142:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.143:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.286:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.287:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.249:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.250:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.251:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.252:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.253:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.390:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.236:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
    :mozilla.208:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.209:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.212:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.31:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.32:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.276:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.29:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.260:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.181:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.331:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.332:C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end

    I am still getting pop ups - I have attached an example (hope the attachment came through!). I also get pop ups relating to Drive Cleaner and various other things.
     

    Attached Files:

  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don&#8217;t do anything with it yet!


    Reboot to safe mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot to normal mode.


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  9. kdac

    kdac Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    36
    There are too many characters when I try to paste and post - I have attached instead
     

    Attached Files:

  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please go to this web site: http://virusscan.jotti.org/
    and in the File to upload & scan box copy and paste
    C:\WINDOWS\SYSTEM32\sfiuflwdfr.exe

    Copy the information to notepad and paste it back here in your next reply.
     
  11. kdac

    kdac Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    36
    File: sfiuflwdfr.exe
    Status: INFECTED/MALWARE
    MD5 4a23bc140c72d5ed9bbce6946aa238c0
    Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT, PE_PATCH

    Scanner results
    Scan taken on 21 Jan 2007 23:05:34 (GMT)
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.NaviPromo.ad (4, 1, 400)
    Fortinet Found nothing
    Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.NaviPromo.ad
    NOD32 Found nothing
    Norman Virus Control Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click Here and download Killbox and save it to your desktop.


    Double-click on Killbox.exe to run it.
    Put a tick by Delete on Reboot.
    In the "Full Path of File to Delete" box, copy and paste the following:

    C:\WINDOWS\SYSTEM32\sfiuflwdfr.exe


    Click on the button that has the red circle with the X in the middle after you enter the file name.
    It will ask for confimation to delete the file.
    Click Yes.
    It will ask if you want to reboot now,
    Click Yes.

    Note: It is possible that Killbox will tell you that the file does not exist.

    If your computer does not restart automatically then please restart it manually.
    If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
     
  13. kdac

    kdac Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    36
    I have done this and upon reboot, I got the attached popups. popup1 first then popup2 (i had to click on the close button on popup1 as it wouldn't close any other way).
     

    Attached Files:

  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run Panda ActiveScan here

    Once you are on the Panda site click the "Scan your PC" button.
    A new window will open... click the "Check Now" button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address.
    Select either Home User or Company.
    Click the big "Scan Now" button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
    When download is complete, click on "Local Disks" to start the scan.
    When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.
     
  15. kdac

    kdac Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    36
    the results from Active Scan:


    Incident Status Location

    Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\peaches\Application Data\Mozilla\Firefox\Profiles\ymv5cv5w.default\cookies.txt[.versiontracker.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
    Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
    Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\peaches\Cookies\[email protected][1].txt
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537055

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice