Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

popup keep popping up [RESOLVED]

Started by red123 , Dec 10 2005 01:12 PM

  • This topic is locked This topic is locked

#1
red123
Posted 10 December 2005 - 01:12 PM

red123

    Member

  • Member
  • PipPip
  • 19 posts
I have done every almost every single step at http://www.geekstogo...-Log-t2852.html. For some reason the popup still won't go away. Every now and then I keep getting popup from partypokers.com. Here is the log of ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:49:12 AM, 12/10/2005
+ Report-Checksum: A038222

+ Scan result:

:mozilla.26:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Popularix : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Ne : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Lam\Application Data\Mozilla\Firefox\Profiles\bok0n4x0.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Common Files\Download\mc-110-12-0000122.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\InetGet\mc-110-12-0000122.exe -> Spyware.Maxifiles : Cleaned with backup
C:\WINDOWS\gmnwxyqx.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\dwdsregt.exe -> Spyware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\mc-110-12-0000122.exe -> Spyware.Maxifiles : Cleaned with backup
C:\WINDOWS\system32\rldsregn.exe -> Spyware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\sate.exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\system32\zdinst_CORN001.exe -> Spyware.ZenoSearch : Cleaned with backup
C:\WINDOWS\tcmnjevi.dll -> Adware.BookedSpace : Cleaned with backup


::Report End


And here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:07:57 AM, on 12/10/2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\sf\sf.exe
C:\Program Files\CNET\WConfig\WConfig.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lam\Desktop\New Folder\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E8F9FE8-86C9-28CB-676D-810C5AE72E4F} - C:\WINDOWS\gmnwxyqx.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Search - {F565947E-E027-21D3-7578-6362517ECDA4} - C:\WINDOWS\gmnwxyqx.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinmsaw.exe CORN001
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [nwf] C:\WINDOWS\nwf.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinmsaw.exe
O4 - Global Startup: WConfig.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F0B783F-E3F0-44BC-8449-245DB02E1B99}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe


I would appreciated if anyone would help me with this problem. Thanks

Edited by red123, 11 December 2005 - 02:35 PM.

  • 0

Advertisements

#2
Cloutz
Posted 13 December 2005 - 10:04 AM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Hi there red123,

I'm currently working on your log,and as soon as another staff member reviews it I'll post a reply.

Thank you for your patience.

Nick :tazz:
  • 0

#3
Cloutz
Posted 13 December 2005 - 01:26 PM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Hi rock,
Post is here
--------------------------------------
Hi red123,

First of all, you may want to print out this post so that you have a hard copy of these instructions.

RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Please run HijackThis and click "Scan." Place checks next to the following entries:

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll
O2 - BHO: (no name) - {0E8F9FE8-86C9-28CB-676D-810C5AE72E4F} - C:\WINDOWS\gmnwxyqx.dll (file missing)
O3 - Toolbar: Search - {F565947E-E027-21D3-7578-6362517ECDA4} - C:\WINDOWS\gmnwxyqx.dll (file missing)
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinmsaw.exe CORN001
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [nwf] C:\WINDOWS\nwf.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinmsaw.exe
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe

Close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis remove the entries you checked.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Enabling the Viewing of Hidden and System Files
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Check Show hidden files and folders.
  • Uncheck Hide file extensions for known types.
  • Uncheck Hide protected operating system files
  • Click Yes to confirm.
  • Click OK.

Next, delete the following folders (if they exist):
C:\Program Files\sf

Also, delete the following files (if they exist):
C:\WINDOWS\DH.dll
C:\WINDOWS\gmnwxyqx.dll
C:\WINDOWS\system32\owinmsaw.exe
C:\Program Files\sf\sf.exe
C:\WINDOWS\nwf.exe
C:\WINDOWS\system32\owinmsaw.exe

Disabling the Viewing of Hidden and System Files
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect Show hidden files and folders
  • Select Hide file extensions for known types
  • Select Hide protected operating system files
  • Click Yes to confirm.
  • Click OK.

Restart your computer into normal mode.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\igfxpers.exe
  • Click on the submit button
  • Do the same for this file:
    • C:\WINDOWS\system32\hkcmd.exe
  • Take note of the results and post them in your next reply.
Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the results of the Jotti Scan.
Thanks,
Nick :tazz:
  • 0

#4
red123
Posted 13 December 2005 - 08:25 PM

red123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Cloutz, thanks for taking your time helping me. Anyway I was able to follow all your step except the following:
Also, delete the following files (if they exist):
C:\WINDOWS\DH.dll
C:\WINDOWS\gmnwxyqx.dll

Currently I have the file dh.ini and gmnwxyqx.ini instead of the .dll extension. Do I need to delete the .ini one anyway?

Here is the scanner results from Online Malware Scan:
File: igfxpers.exe
Status:
OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 4b10675852fe8862521024778e264d5f
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

File: hkcmd.exe
Status:
OK
MD5 42344ddf30337979216ea6afa58bb42a
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

From HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 6:08:45 PM, on 12/13/2005
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\CNET\WConfig\WConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lam\Desktop\New Folder\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: WConfig.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F0B783F-E3F0-44BC-8449-245DB02E1B99}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

From ActiveScan:

Incident Status Location

Adware:adware/iedriver Not disinfected C:\WINDOWS\SYSTEM32\Searchx.htm
Adware:adware/consumeralertsystemNot disinfected C:\PROGRAM FILES\System Files
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/searchforit Not disinfected Windows Registry
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3b347171-36515beb.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3b347171-36515beb.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3b347171-36515beb.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3b347171-36515beb.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ef836e7-59562b92.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ef836e7-59562b92.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ef836e7-59562b92.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ef836e7-59562b92.zip[Beyond.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Lam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-34b083ed.zip[InstallerApplet.class]
Possible Virus. Not disinfected C:\Documents and Settings\Lam\Desktop\New Folder\backups\backup-20051213-175025-715.dll
Adware:Adware/Favadd Not disinfected C:\Documents and Settings\Lam\Local Settings\Temporary Internet Files\Content.IE5\K5QBWHAN\nwf[1].exe

And again thanks for taking your time helping me, I'm going to see how my system is running now.

Edited by red123, 14 December 2005 - 05:46 PM.

  • 0

#5
Cloutz
Posted 16 December 2005 - 10:11 AM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Hi red123,

Sorry for the delay.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\Searchx.htm
    C:\PROGRAM FILES\System Files
    C:\PROGRAM FILES\COMMON FILES\InetGet
    C:\Documents and Settings\Lam\Local Settings\Temporary Internet Files\Content.IE5\K5QBWHAN\nwf[1].exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Next,

1. Go to Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked:

1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

Next,

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Once installed, run CCleaner click the Windows [tab]
Select the following:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

So hows the pc running now? Any pop-ups?

Thanks,
Nick :tazz:
  • 0

#6
red123
Posted 16 December 2005 - 11:47 PM

red123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I did what you ask me too even though I didn't know why all my cookies was deleted when I unchecked the box :tazz: . So far no popup have been showing up, but I'm going to wait and see to confirm if it is fix. Thanks.
  • 0

#7
Cloutz
Posted 17 December 2005 - 08:59 AM

Cloutz

    Visiting Staff

  • Member
  • PipPipPip
  • 547 posts
Congratulations, your pc is now CLEAN!!!

Here is a list of tools I like to suggest to users to prevent future infections.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware -Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.
  • Firefox- Internet Explorer is NOT the most secure browser. I highly recommend Firefox as a safer alternative.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Nick :tazz:
  • 0

#8
red123
Posted 17 December 2005 - 12:37 PM

red123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
In the past few hours, I haven't had any popup so I guess I'm adware-free for now :tazz: . Thanks alot for your time Nick.
  • 0

#9
therock247uk
Posted 19 December 2005 - 07:01 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP