Im getting popups and adware - Page 4

antoinejones · 09-12-2009

ok i found the problem, as for selecting what driive I wanna scan (the selected drive having a red dot) that option only applies if youre doing a custom scan, you dont get those options under complete or express scans, so i choose complete scan, but i still get the "detected a problem and has to reboot" error message, it wont allow me to complete any scan (express or complete)

antoinejones · 09-16-2009

pretty quiet around here >.>

chiaz · 09-16-2009

Try this instead.

Download " SUPERAntiSpyware Free Edition" from this link:
SUPERAntiSpyware.com - Downloads

Install and update the scanner.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
PC Hell: How to Start Windows in Safe Mode

Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window). Select "Perform Complete Scan" (in the right window). Click "next"

The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it.
Reboot your computer. After reboot, open the scanner again. Click "preferences"-> "stastics/logs". Mark the log. Click "View log", and attach the log into your next reply.

antoinejones · 09-22-2009

ok heres the superantispyware log and new hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:40 PM, on 9/21/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal
Running processes:
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Tony\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Get 2 FREE Audiobooks.lnk = C:\Users\Tony\AppData\Local\Temp\HelpInstaller_Sta rtUp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6646 bytes
------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/21/2009 at 08:08 PM
Application Version : 4.29.1002
Core Rules Database Version : 4115
Trace Rules Database Version: 2055
Scan type : Complete Scan
Total Scan Time : 00:18:57
Memory items scanned : 267
Memory threats detected : 0
Registry items scanned : 6166
Registry threats detected : 0
File items scanned : 21359
File threats detected : 147
Adware.Vundo/Variant-[Fixed]
C:\PROGRAMDATA\DAPOFENO\DAPOFENO.DLL
C:\PROGRAMDATA\GUFEZAKI\GUFEZAKI.DLL
C:\PROGRAMDATA\JIYAKIKU\JIYAKIKU.DLL
C:\PROGRAMDATA\KENOYUJE\KENOYUJE.DLL
C:\PROGRAMDATA\TUVODIRO\TUVODIRO.DLL
C:\PROGRAMDATA\YIPOSOLU\YIPOSOLU.DLL
Adware.Vundo/Variant
C:\PROGRAMDATA\VILOFOBO\VILOFOBO.DLL
Adware.Tracking Cookie
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@invitemedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.adultswim[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@servedby.adxpower[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.financialcontent[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.128b[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@animetoplist[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@hotbarebacking[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@livesex[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.clicksor[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adultadworld[1].txt
C:\U sers\Tony\AppData\Roaming\Microsoft\Windows\Cookie s\Low\tony@app.insightgrit[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@track.superb-rewards[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@a1.interclick[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.imarketservices[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@account.live[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ad2.doublepimp[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@porntube[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@girlfriendsfucking[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@straightfuckfest[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@bbwsex4u[1].txt
C:\Users \Tony\AppData\Roaming\Microsoft\Windows\Cookies\Lo w\tony@serving.xxxwebtraffic[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.adultadvertising[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.cnn[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads3.blastro[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@crackle[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@specificclick[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@chitika[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@tracking.the7thchamber[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@server.cpmstar[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@findingsingles[2].txt
C:\Users\Tony\AppD ata\Roaming\Microsoft\Windows\Cookies\Low\tony@pri metrafficsite[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.definitivejux[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@media.ntsserve[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@gettraffic[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@stopsearchclick[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ad1.clickhype[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adv.dmv[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner468.utro[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adserver.easyadult[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner.izvestia[2].txt
C:\Users\Tony\AppD ata\Roaming\Microsoft\Windows\Cookies\Low\tony@ad2 .clickhype[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.ovguide[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.sun[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@jumps.ez-tracks[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ad.yieldmanager[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@count.rbc[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@media.brandreachsys[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads4.blastro[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.doubleagent[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@t.lynxtrack[2].txt
C:\Users\Tony\AppData\Roaming\Microsof t\Windows\Cookies\Low\tony@media.mtvnservices[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@advert.funimation[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@openxxx.viragemedia[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@count6.rbc[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.couplesseduceteens[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.googleadservices[3].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@foobanner[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.googleadservices[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@couplesseduceteens[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@bizrate[1].txt
C:\Users\Tony\AppData\Roa ming\Microsoft\Windows\Cookies\Low\tony@flvtools.s pacash[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@xml.trafficengine[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@mediatraffic[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@livesexasian[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@clickbooth[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.cartoonnetwork[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.porntube[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@incentaclick[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@reduxmedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adprotraffic[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\W indows\Cookies\Low\tony@trafficregenerator[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner234.utro[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@cdnh.tremormedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.hypem[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.mediafire[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adinterax[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.100.rbcmedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.fatvine[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@clickz.lonelycheatingwives[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@cdn4.specificclick[2].txt
C:\Users\Tony\AppData\Roaming\Micr osoft\Windows\Cookies\Low\tony@interclick[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.vclick[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@webpower[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@pleaseclickhere[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@alivemedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@stats.gamestop[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@sexinyourcity[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@specificmedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.mediamayhemcorp[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@collective-media[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co oki es\Low\tony@serv.clicksor[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@atdmt[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ez-tracks[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.socialtrack[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@banners.tribute[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.blogtalkradio[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@media6degrees[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@dustindiamondsextape[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner100.utro[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@findlyrics[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ www.234.rbcmedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@serw.clicksor[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@richmedia.yahoo[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.ad4game[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@mediafire[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@track.bestbuy[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@eztracks.aavalue[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.bootcampmedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@br.naked[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.incentaclick[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@teen[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ad.us-ec.adtechus[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.bootcampmedia[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@clickaider[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@imageads3.googleadservices[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.mynortonaccount[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@imageads3.googleadservices[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@sexgaymes[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@eyewonder[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@alladultchannel[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adservin g.ezanga[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@server.iad.liveperson[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@server.iad.liveperson[3].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ero-advertising[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner.utro[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@tizer.mediarotator[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@track.dig4me[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@naiadsystems[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adultswim[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@12.go.globaladsales[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\to ny@ad.netcrefer[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@doubleclick[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@euroclick[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@go.globaladsales[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@optimost[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@openx.viragemedia[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@optimize.indieclick[2].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@qnsr[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@tracking.gajmp[1].txt
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@vhost.oddcast[2].txt

chiaz · 09-23-2009

Java is outdated on the PC, and this could be causing all the re-infection taking place in your machine.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

After you have done this, run a new scan one by one with SUPERAntiSpyware, MBAM as well as ComboFix. Post the new ComboFix log in your reply.

antoinejones · 09-23-2009

thats odd I did javara alread but ok. Also just post the combofix log and not the mbram and superantispyware ones?

antoinejones · 09-24-2009

yeah when i tried to re reinstall it (the latest i seen was java 6 update 16) it said this software is installed on your pc (even though i had javara remove older versions) and as i look as the hjt logs posted above i see jre6 listed so I dont see how its out dated bbut i reinstalled it anyway lol

09-12-2009	#22
antoinejones Elite Member Join Date: Dec 2005 Posts: 409	Re: Im getting popups and adware ok i found the problem, as for selecting what driive I wanna scan (the selected drive having a red dot) that option only applies if youre doing a custom scan, you dont get those options under complete or express scans, so i choose complete scan, but i still get the "detected a problem and has to reboot" error message, it wont allow me to complete any scan (express or complete)

09-16-2009	#23
antoinejones Elite Member Join Date: Dec 2005 Posts: 409	Re: Im getting popups and adware pretty quiet around here >.>

09-16-2009	#24
chiaz Senior Security Analyst Join Date: Jun 2006 Location: Singapore Posts: 5,176 PC Experience: PC Guru	Re: Im getting popups and adware Try this instead. Download " SUPERAntiSpyware Free Edition" from this link: SUPERAntiSpyware.com - Downloads Install and update the scanner. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: PC Hell: How to Start Windows in Safe Mode Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window). Select "Perform Complete Scan" (in the right window). Click "next" The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it. Reboot your computer. After reboot, open the scanner again. Click "preferences"-> "stastics/logs". Mark the log. Click "View log", and attach the log into your next reply.

09-22-2009	#25
antoinejones Elite Member Join Date: Dec 2005 Posts: 409	Re: Im getting popups and adware ok heres the superantispyware log and new hjt log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:37:40 PM, on 9/21/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16890) Boot mode: Normal Running processes: C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\System32\notepad.exe C:\Windows\system32\wuauclt.exe C:\Users\Tony\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [?????????] ??????????????e O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Get 2 FREE Audiobooks.lnk = C:\Users\Tony\AppData\Local\Temp\HelpInstaller_Sta rtUp.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 6646 bytes ------------------ SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/21/2009 at 08:08 PM Application Version : 4.29.1002 Core Rules Database Version : 4115 Trace Rules Database Version: 2055 Scan type : Complete Scan Total Scan Time : 00:18:57 Memory items scanned : 267 Memory threats detected : 0 Registry items scanned : 6166 Registry threats detected : 0 File items scanned : 21359 File threats detected : 147 Adware.Vundo/Variant-[Fixed] C:\PROGRAMDATA\DAPOFENO\DAPOFENO.DLL C:\PROGRAMDATA\GUFEZAKI\GUFEZAKI.DLL C:\PROGRAMDATA\JIYAKIKU\JIYAKIKU.DLL C:\PROGRAMDATA\KENOYUJE\KENOYUJE.DLL C:\PROGRAMDATA\TUVODIRO\TUVODIRO.DLL C:\PROGRAMDATA\YIPOSOLU\YIPOSOLU.DLL Adware.Vundo/Variant C:\PROGRAMDATA\VILOFOBO\VILOFOBO.DLL Adware.Tracking Cookie C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@invitemedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.adultswim[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@servedby.adxpower[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.financialcontent[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.128b[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@animetoplist[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@hotbarebacking[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@livesex[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.clicksor[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adultadworld[1].txt C:\U sers\Tony\AppData\Roaming\Microsoft\Windows\Cookie s\Low\tony@app.insightgrit[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@track.superb-rewards[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@a1.interclick[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.imarketservices[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@account.live[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ad2.doublepimp[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@porntube[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@girlfriendsfucking[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@straightfuckfest[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@bbwsex4u[1].txt C:\Users \Tony\AppData\Roaming\Microsoft\Windows\Cookies\Lo w\tony@serving.xxxwebtraffic[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.adultadvertising[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.cnn[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads3.blastro[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@crackle[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@specificclick[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@chitika[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@tracking.the7thchamber[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@server.cpmstar[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@findingsingles[2].txt C:\Users\Tony\AppD ata\Roaming\Microsoft\Windows\Cookies\Low\tony@pri metrafficsite[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.definitivejux[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@media.ntsserve[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@gettraffic[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@stopsearchclick[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ad1.clickhype[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adv.dmv[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner468.utro[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adserver.easyadult[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner.izvestia[2].txt C:\Users\Tony\AppD ata\Roaming\Microsoft\Windows\Cookies\Low\tony@ad2 .clickhype[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.ovguide[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.sun[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@jumps.ez-tracks[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ad.yieldmanager[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@count.rbc[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@media.brandreachsys[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads4.blastro[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.doubleagent[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@t.lynxtrack[2].txt C:\Users\Tony\AppData\Roaming\Microsof t\Windows\Cookies\Low\tony@media.mtvnservices[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@advert.funimation[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@openxxx.viragemedia[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@count6.rbc[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.couplesseduceteens[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.googleadservices[3].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@foobanner[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.googleadservices[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@couplesseduceteens[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@bizrate[1].txt C:\Users\Tony\AppData\Roa ming\Microsoft\Windows\Cookies\Low\tony@flvtools.s pacash[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@xml.trafficengine[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@mediatraffic[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@livesexasian[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@clickbooth[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.cartoonnetwork[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.porntube[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@incentaclick[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@reduxmedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adprotraffic[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\W indows\Cookies\Low\tony@trafficregenerator[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner234.utro[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@cdnh.tremormedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.hypem[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.mediafire[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adinterax[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.100.rbcmedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.fatvine[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@clickz.lonelycheatingwives[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@cdn4.specificclick[2].txt C:\Users\Tony\AppData\Roaming\Micr osoft\Windows\Cookies\Low\tony@interclick[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.vclick[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@webpower[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@pleaseclickhere[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@alivemedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@stats.gamestop[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@sexinyourcity[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@specificmedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.mediamayhemcorp[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@collective-media[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co oki es\Low\tony@serv.clicksor[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@atdmt[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ez-tracks[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.socialtrack[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@banners.tribute[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.blogtalkradio[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@media6degrees[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@dustindiamondsextape[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner100.utro[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@findlyrics[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ www.234.rbcmedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@serw.clicksor[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@richmedia.yahoo[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.ad4game[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@mediafire[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@track.bestbuy[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@eztracks.aavalue[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.bootcampmedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@br.naked[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.incentaclick[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@teen[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ad.us-ec.adtechus[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ads.bootcampmedia[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@clickaider[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@imageads3.googleadservices[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@www.mynortonaccount[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@imageads3.googleadservices[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@sexgaymes[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@eyewonder[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@alladultchannel[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adservin g.ezanga[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@server.iad.liveperson[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@server.iad.liveperson[3].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@ero-advertising[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@rotabanner.utro[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@tizer.mediarotator[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@track.dig4me[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@naiadsystems[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@adultswim[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@12.go.globaladsales[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\to ny@ad.netcrefer[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@doubleclick[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@euroclick[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@go.globaladsales[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@optimost[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@openx.viragemedia[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@optimize.indieclick[2].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@qnsr[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@tracking.gajmp[1].txt C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Co okies\Low\tony@vhost.oddcast[2].txt

09-23-2009	#26
chiaz Senior Security Analyst Join Date: Jun 2006 Location: Singapore Posts: 5,176 PC Experience: PC Guru	Re: Im getting popups and adware Java is outdated on the PC, and this could be causing all the re-infection taking place in your machine. Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. After you have done this, run a new scan one by one with SUPERAntiSpyware, MBAM as well as ComboFix. Post the new ComboFix log in your reply.

09-23-2009	#27
antoinejones Elite Member Join Date: Dec 2005 Posts: 409	Re: Im getting popups and adware thats odd I did javara alread but ok. Also just post the combofix log and not the mbram and superantispyware ones?

09-24-2009	#28
antoinejones Elite Member Join Date: Dec 2005 Posts: 409	Re: Im getting popups and adware yeah when i tried to re reinstall it (the latest i seen was java 6 update 16) it said this software is installed on your pc (even though i had javara remove older versions) and as i look as the hjt logs posted above i see jre6 listed so I dont see how its out dated bbut i reinstalled it anyway lol

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Popups. Need help please!	LifeIsABeach2191	[Fixed] Hijackthis! Logs	16	04-06-2009 11:58 AM
Pending: popups and more	pooky	[Pending] HJT Logs	2	04-02-2009 11:52 PM
Fixed: ad popups- help	Marye	[Fixed] Hijackthis! Logs	12	01-16-2009 01:17 AM
Fixed: Please Help. I can't get rid of popups.	bcrow79	[Fixed] Hijackthis! Logs	9	01-10-2009 09:57 PM
[Fixed] Please Help- Adware/ Popups	jcs626	[Fixed] Hijackthis! Logs	7	08-25-2007 03:48 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode