tetonbob

Not sure if this will solve the new IE issue, but it is the cause of the popups.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download HostsXpert.

• Unzip HostsXpert to it's own folder.
• Run HostsXpert.exe
• Click "Make Writable?" in the upper left corner.
• Click "Restore MS Hosts file" and then click OK.
• Close HostsXpert.
• Note: If a custom Hosts file was in place, you'll have to edit those entries back in.

---------------------------------------------------------------------------------------------

Please Download NoLop to your desktop from here or here

• First close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it

• Now click the button labelled "Search and Destroy"
  <<your computer will now be scanned for infected files>>
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log in your next reply at the end of this fix.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

---------------------------------------------------------------------------------------------


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

CiD Help

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - HKLM\..\Run: [AXIS TONS THE MP3] C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons\Cool sixth.exe
O4 - HKCU\..\Run: [skip htm] C:\DOCUME~1\Zak\APPLIC~1\PUREWI~1\jugs chic.exe

Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\Documents and Settings\Zak\Application Data\pure window first
C:\Program Files\pure window first
C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

So I need logs from NoLOP, findlop and HijackThis


Do you have any idea what this folder is?

C:\Cs1.6ÖÐÎÄ°æ

I believe it's related to this program:

Esai Cs1.6

Do you recognize this as something you've intentionally installed?