Thank you for all of your help with this!
Non-stop pop-ups
Started by
Herb119
, May 26 2005 02:00 AM
#16
Posted 02 June 2005 - 07:11 AM
Herb119
- Topic Starter
-
- Member
-
- 22 posts
Member
Thank you for all of your help with this!
#17
Posted 02 June 2005 - 07:15 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Still Iwantsearch?
Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip
1. Reboot into safe mode
2. Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finally finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
3. Reboot back to Normal Mode.
4. Post the log
Regards,
Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip
1. Reboot into safe mode
2. Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finally finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
3. Reboot back to Normal Mode.
4. Post the log
Regards,
#18
Posted 02 June 2005 - 05:02 PM
Herb119
- Topic Starter
-
- Member
-
- 22 posts
Member
I will do that. But first, I want to tell you that I do get the same IE Script Error message at every pop-up, so I do not know if that means anything.
It says
Line: 10
Char: 1
Error: Access is denied
Code: 0
URL: http://www.getfound....icrosoft office
The popid changes with each error message.
Does this mean anything?
Thank you.
Scott
It says
Line: 10
Char: 1
Error: Access is denied
Code: 0
URL: http://www.getfound....icrosoft office
The popid changes with each error message.
Does this mean anything?
Thank you.
Scott
#19
Posted 03 June 2005 - 12:49 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
The good news is that the bad scripts are not working either.
Let's get rid of them first and then fix the scripting errors.
One thing you can do before you make the rkfiles log:
Reboot into safe mode and use the Disk Cleanup Utility to empty all your Temp folders.
Regards,
Let's get rid of them first and then fix the scripting errors.
One thing you can do before you make the rkfiles log:
Reboot into safe mode and use the Disk Cleanup Utility to empty all your Temp folders.
Regards,
#20
Posted 26 June 2005 - 02:45 PM
Herb119
- Topic Starter
-
- Member
-
- 22 posts
Member
Hello.
Sorry for the delay. I have been away for a while.
Here is the log from the RKFiles. I have also run the Disk Cleanup Utility, which I did before I did the RKFiles.
I also have another problem. Sometimes while I am online my screen will go black, then everything will reappear when I move the mouse. It does not seem to change anything or do anything to what I was working on, it just blacks out momentarily. It will do this usually once, but sometimes two or three times within the same minute.
Thank you for all of your help and input.
Here is the log:
C:\Documents and Settings\The Moe Family\My Documents\My Downloads\rkfiles
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\silent_install.exe: PEC2
Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\Unwash5.exe: UPX!
Finished
bye
Sorry for the delay. I have been away for a while.
Here is the log from the RKFiles. I have also run the Disk Cleanup Utility, which I did before I did the RKFiles.
I also have another problem. Sometimes while I am online my screen will go black, then everything will reappear when I move the mouse. It does not seem to change anything or do anything to what I was working on, it just blacks out momentarily. It will do this usually once, but sometimes two or three times within the same minute.
Thank you for all of your help and input.
Here is the log:
C:\Documents and Settings\The Moe Family\My Documents\My Downloads\rkfiles
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\silent_install.exe: PEC2
Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\Unwash5.exe: UPX!
Finished
bye
#21
Posted 27 June 2005 - 01:00 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Please delete:
The installer for Elitebar: C:\WINDOWS\silent_install.exe
If you still get popups can you let me know the source please?
Regards,
The installer for Elitebar: C:\WINDOWS\silent_install.exe
If you still get popups can you let me know the source please?
Regards,
#22
Posted 27 June 2005 - 05:59 PM
Herb119
- Topic Starter
-
- Member
-
- 22 posts
Member
I did what you said, then rebooted my computer. I got one pop-up thus far, but sometimes I get 3 or 4 right away, so hopefully that is a good sign. How do I find out the source of pop-ups?
Thank you for your help.
Thank you for your help.
#23
Posted 27 June 2005 - 09:45 PM
Herb119
- Topic Starter
-
- Member
-
- 22 posts
Member
Unfortunately, the pop-ups are still coming at a pretty good rate.
Should I do another HijackThis?
Thank you.
Should I do another HijackThis?
Thank you.
#24
Posted 28 June 2005 - 02:04 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Your log is clean, so that's not much use.
Rightclick the popups and choose properties.
Let me know what they have in common.
Regards,
Rightclick the popups and choose properties.
Let me know what they have in common.
Regards,
#25
Posted 28 June 2005 - 11:02 PM
Herb119
- Topic Starter
-
- Member
-
- 22 posts
Member
Hello.
Here are 7 pop-ups. They are all hyeper text transfer protocol.
Here are their URLs:
http://moogoo.redirectu.com/category/index_kancat.php
http://moogoo.redirectu.com/category/index...&keyword=sport%[/url]
http://www.automaticbuilder.com/company1120/newglobe5_form5.jpg
http://66.220.17.155/ads/amp/DGSWMorgageTag1x1.html
http://c5.zedo.com/OzoDB/7/h/93597/V1/PB_720x300_2.gif
http://66.220.17.155/ads/amp/DGSWShoppingTag1x1.html
http://66.220.17.155/ads/amp/ZonedatingTag1x1.html
I hope this help.
Thank you for your assistance.
Here are 7 pop-ups. They are all hyeper text transfer protocol.
Here are their URLs:
http://moogoo.redirectu.com/category/index_kancat.php
http://moogoo.redirectu.com/category/index...&keyword=sport%[/url]
http://www.automaticbuilder.com/company1120/newglobe5_form5.jpg
http://66.220.17.155/ads/amp/DGSWMorgageTag1x1.html
http://c5.zedo.com/OzoDB/7/h/93597/V1/PB_720x300_2.gif
http://66.220.17.155/ads/amp/DGSWShoppingTag1x1.html
http://66.220.17.155/ads/amp/ZonedatingTag1x1.html
I hope this help.
Thank you for your assistance.
Edited by Metallica, 29 June 2005 - 12:35 PM.
#26
Posted 29 June 2005 - 12:33 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
C2 Media ??
Download and unzip to one folder:
http://metallica.gee...com/findlop.zip
Inside the folder find findlop.bat
Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post
I will disable the links you posted so people don't click them by accident
Regards,
Download and unzip to one folder:
http://metallica.gee...com/findlop.zip
Inside the folder find findlop.bat
Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post
I will disable the links you posted so people don't click them by accident
Regards,
#27
Posted 30 June 2005 - 12:07 AM
Herb119
- Topic Starter
-
- Member
-
- 22 posts
Member
Hello,
I did as you instructed, and here is the notepad file that was created.
Thank you again.
Scott
[TRACE] Enumerating jobs and queues
[TRACE] Activating job '3A4A1BB8F2C1A4BC.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\docume~1\themoe~1\applic~1\grimdo~1\Eachblahplan.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/29/2005 23:00:00
NextRun: 06/30/2005 0:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/13/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'McAfee.com Scan for Viruses - My Computer (ANDREWSTOY-T
he Moe Family).job'
[TRACE] Printing all job properties
ApplicationName: 'c:\program files\mcafee.com\vso\mcmnhdlr.exe'
Parameters: '/runtask:0'
WorkingDirectory: 'c:\program files\mcafee.com\vso'
Comment: 'McAfee.com Scan for Viruses - My Computer'
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 07/01/2005 20:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 09/16/2004
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'McAfee.com Update Check (ANDREWSTOY-The Moe Family).job
'
[TRACE] Printing all job properties
ApplicationName: 'C:\PROGRA~1\mcafee.com\agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'C:\PROGRA~1\mcafee.com\agent'
Comment: 'McAfee SecurityCenter periodically checks for updates for your McAfee Services.'
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 06/30/2005 0:27:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/30/2005
EndDate: 00/00/0000
StartTime: 00:27
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
I did as you instructed, and here is the notepad file that was created.
Thank you again.
Scott
[TRACE] Enumerating jobs and queues
[TRACE] Activating job '3A4A1BB8F2C1A4BC.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\docume~1\themoe~1\applic~1\grimdo~1\Eachblahplan.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/29/2005 23:00:00
NextRun: 06/30/2005 0:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/13/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'McAfee.com Scan for Viruses - My Computer (ANDREWSTOY-T
he Moe Family).job'
[TRACE] Printing all job properties
ApplicationName: 'c:\program files\mcafee.com\vso\mcmnhdlr.exe'
Parameters: '/runtask:0'
WorkingDirectory: 'c:\program files\mcafee.com\vso'
Comment: 'McAfee.com Scan for Viruses - My Computer'
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 07/01/2005 20:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 09/16/2004
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'McAfee.com Update Check (ANDREWSTOY-The Moe Family).job
'
[TRACE] Printing all job properties
ApplicationName: 'C:\PROGRA~1\mcafee.com\agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'C:\PROGRA~1\mcafee.com\agent'
Comment: 'McAfee SecurityCenter periodically checks for updates for your McAfee Services.'
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 06/30/2005 0:27:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/30/2005
EndDate: 00/00/0000
StartTime: 00:27
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
#28
Posted 30 June 2005 - 05:28 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Good job.
Copy the part in bold below into notepad and save it as remlop.bat
Set filetype to "All files" and save it in the same fol;der as findlop.bat
@echo off
jt /sd 3A4A1BB8F2C1A4BC.job
if exist c:\tasks.txt del c:\tasks.txt
jt /se >>c:\tasks.txt
Doubleclick that file to run it and reboot into safe mode and delete this folder:
c:\documents and settings\themoe~1\application data\grimdo~1 <= abbreviated, I completed the foldernames for as far as I knew them. If need be you can do a Find files for Eachblahplan.exe and delete the entire folder it's in.
Regards,
Copy the part in bold below into notepad and save it as remlop.bat
Set filetype to "All files" and save it in the same fol;der as findlop.bat
@echo off
jt /sd 3A4A1BB8F2C1A4BC.job
if exist c:\tasks.txt del c:\tasks.txt
jt /se >>c:\tasks.txt
Doubleclick that file to run it and reboot into safe mode and delete this folder:
c:\documents and settings\themoe~1\application data\grimdo~1 <= abbreviated, I completed the foldernames for as far as I knew them. If need be you can do a Find files for Eachblahplan.exe and delete the entire folder it's in.
Regards,
#29
Posted 01 July 2005 - 12:09 AM
Herb119
- Topic Starter
-
- Member
-
- 22 posts
Member
OK.
I did as you instructed. Do I now just wait to see if the pop-ups are still coming?
Thank you.
I did as you instructed. Do I now just wait to see if the pop-ups are still coming?
Thank you.
#30
Posted 01 July 2005 - 01:55 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
I hope they will stay away. Let me know if they don't.
If you have a folder called C2Media in C:\Program Files you can delete that C2Media folder.
Regards,
If you have a folder called C2Media in C:\Program Files you can delete that C2Media folder.
Regards,
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
