Computer Hope
Software => Computer viruses and spyware => Topic started by: zanter8 on January 06, 2008, 07:28:08 PM
-
I have these pop-ups coming up and ALL of them start with "CiD:" some nasty sites. Some not. They come up sometimes even when nothing is open.
What is this and how do I get rid of it?
I have McAfee 2008 ... but it cant seem to find anything.
-
McAfee sucks. AVG is better. Get it and scan with it. Also get SUPERAntiSpyware and use that.
-
1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/ (http://www.eset.com/onlinescan/)
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.
2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/ (http://www.superantispyware.com/)
Print these instructions out.
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html (http://www.superantispyware.com/definitions.html).)
* Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html (http://www.snapfiles.com/get/hijackthis.html)
Post HijackThis log.
-
Yeah, I was runnig AVG, but I seen Mcafee on sale for 10 bucks about 2 months ago, so I got it. haha.
Ok .. thanks guys.
Ill take off Mcafee and get AVG and Superanti spyware
-
Hijackthis log is as follows:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Webroot\POP-UP~1\POPUPW~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Punisher\Local Settings\Temporary Internet Files\Content.IE5\Z33YOEIS\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Plan trust.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [wait bold] C:\DOCUME~1\Punisher\APPLIC~1\INFOLO~1\Cash Style.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
-
SECOND PART of above post is
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
--
End of file - 11163 bytes
-
SUPERAnti-spyware log is
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/07/2008 at 05:35 PM
Application Version : 3.9.1008
Core Rules Database Version : 3375
Trace Rules Database Version: 1369
Scan type : Quick Scan
Total Scan Time : 00:19:10
Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 865
Registry threats detected : 1
File items scanned : 19246
File threats detected : 91
Trojan.Downloader-ChinaHot
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}
Adware.Tracking Cookie
C:\Documents and Settings\Punisher\Cookies\punisher@casalemedia[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@haporn[2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@precisionclick[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@adlegend[2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@mybigteenmovie[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@adtech[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@adrevolver[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@eyewonder[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@specificclick[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@realmedia[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@doubleclick[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@paycounter[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][3].txt
C:\Documents and Settings\Punisher\Cookies\punisher@hitbox[2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@valueclick[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][3].txt
C:\Documents and Settings\Punisher\Cookies\punisher@jamster[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@2o7[2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@atwola[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@revsci[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@atdmt[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@statcounter[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@clicktorrent[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@mywebsearch[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@azjmp[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@directtrack[2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@imrworldwide[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@da-tracking[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@clickbank[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@adbrite[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@mediaplex[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@tacoda[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@incentaclick[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@sexcess[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@interclick[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@tribalfusion[1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@trafficmp[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@media6degrees[2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@advertising[2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@zedo[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@fastclick[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@adinterax[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@adultadworld[2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@apmebf[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@adultfriendfinder[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@questionmarket[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][2].txt
C:\Documents and Settings\Punisher\Cookies\punisher@roiservice[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][4].txt
C:\Documents and Settings\Punisher\Cookies\punisher@redorbit[1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@indextools[2].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\[email protected][1].txt
C:\Documents and Settings\Punisher\Cookies\punisher@cpvfeed[1].txt
-
You've got a couple of infections that need to be taken care of, but before continuing, we are going to need a few of things from you...
1. You didn't include an ESET log. Please post this.
2. Your HijackThis log is missing its header (with information about Windows, IE, etc.). We need the entire log, so please post the whole thing. You may attach it if you wish.
3. Also, your HijackThis is in a temporary location. This means that HijackThis and its important backups will eventually be deleted. Please run the program from a permanent location such as C:\Program Files\HJT.
4. You appear to have a Lop infection. Please follow the below instructions...
First...
Download NoLop! (http://www.spywareedge.net/nolop/NoLop.exe) and click on Search and Destroy. Once the scan has been completed, the program will reboot your computer. Upon rebooting, you may receive errors. Don't panic; this is normal. After the reboot, locate the file C:\NoLop!.log and post the contents here.
Second...
Open HijackThis.
Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:
- List all minor sections(Full)
- List Empty Sections(Complete)
Click Generate StartupList Log.
Click Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.
Third...
Download lop.zip (http://www.geekstogo.com/forum/index.php?act=Attach&type=post&id=4967)
Unzip it to your desktop.
Go into the new lop folder and double-click lop.bat
It will run and when done, a Notepad will open. Copy the contents of the Notepad and paste it here.
Finally...
Scan with HijackThis once again and post a new log here.
To clarify, we need the following from you...
1. An ESET log.
2. A NoLop! log.
3. A StartupList log.
4. A lop.bat log.
5. A new complete HijackThis log.
I know it seems like a lot, but these five logs will help us with the removal of your infections.
-
A new complete HijackThis log
You ran HJT before Superantispyware.
-
You appear to have a Lop infection.
...a tip ....once someone mentions CiD ... it's definitely a LOP infection.
Do the "NoLop" thing, remove/uninstall Messenger Plus 3! and that infection should go.
(as to any other malware ... well, that's something else ;) )
OJ
-
Thanks for all the help guys. I really appreciate it.
I tried doing the SUPERAnti-spyware and all that ..and I probably didnt do it all right.
But I just DL'ed AVG Anti-virus and Spyware and scanned and it found 2 trojans and a bunch of infected files so it took care of it.
I also went into my "add/remove programs" and there was a "CiD" thing in there so I deleted that too.
Havent had a pop-up since.
Thnx again!
-
I'm glad you're not getting anymore pop-ups, but I feel obligated to strongly urge you to complete the rest of the instructions. Lop isn't the sort of infection to typically go away so easily. It's one that likes to linger. Just because you're not seeing any symptoms, that doesn't necessarily mean you're all clear.