Tech Support Forum - View Single Post - unstoppable pop-ups and unders did everything i could...

sUBs · 01-16-2006, 02:45 PM

I see SpySweeper on your machine. Is it the trial version which scans but doesnt clean?
If so, please get rid of it. Without the ability to clean, it's just excess baggage.

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.

Right click on this & select 'Save As' - DNSManual.bat
Doubleclick on DNSManual.bat & allow it to run.

SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

* * * * * *

Start HJT & goto Config > Misc Tools - Open Uninstall Manager
From the box on the left, select DH & hit the "Delete this entry" button located on the righte

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\Program Files\Common Files\zfif\

C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-1982352d.zip

C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-7e1f6873.zip

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.
6. Reboot/logoff if prompted.

This would clear the System Volume Information folder
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

Tick on the checkbox - Turn off System Restore on all drives
Click Apply

Turn it back 'On' by unticking the same checkbox & click OK

Considering the amount of junk we found in the last scan, let's do another online scan from a different vendor.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on see report. Then click Save report

Post the contents of the report in your next reply along with a new HJT log

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

01-16-2006, 02:45 PM	#9 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,322 OS: N/A	I see SpySweeper on your machine. Is it the trial version which scans but doesnt clean? If so, please get rid of it. Without the ability to clean, it's just excess baggage. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards. Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. Right click on this & select 'Save As' - DNSManual.bat Doubleclick on DNSManual.bat & allow it to run. SpywareBlaster 3.5.1 Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain * * * * * * Start HJT & goto Config > Misc Tools - Open Uninstall Manager From the box on the left, select DH & hit the "Delete this entry" button located on the righte * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\Program Files\Common Files\zfif\ C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-1982352d.zip C:\Documents and Settings\RJay\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-3d7228d6-7e1f6873.zip * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. 6. Reboot/logoff if prompted. This would clear the System Volume Information folder Go to Start >> Run - type control sysdm.cpl,,4 & press Enter Tick on the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK Considering the amount of junk we found in the last scan, let's do another online scan from a different vendor. Perform an online scan with Internet Explorer with Panda ActiveScan Click Scan your PC & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on see report. Then click Save report Post the contents of the report in your next reply along with a new HJT log You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Question - what have you done for the community today?