Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am getting random pop ups!


  • Please log in to reply
21 replies to this topic

#1 moonkey008

moonkey008

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 23 September 2009 - 11:19 PM

I am getting random pop ups whenever i open my browser or opening a new tap or window in a webpage! I already ran Malwarebytes' Anti-Malware, nothing is dectected.
here is my MAM latest log:
Malwarebytes' Anti-Malware 1.41
Database version: 2854
Windows 6.0.6002 Service Pack 2

2009/9/23 19:50:07
mbam-log-2009-09-23 (19-50-07).txt

Scan type: Quick Scan
Objects scanned: 82120
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 24 September 2009 - 12:59 AM

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 moonkey008

moonkey008
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 24 September 2009 - 02:57 AM

thx for replying! i try booting in safe mode and scan with Super. however when the scanning go to program files it auto turns my laptop down. i cant complete the scanning.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 24 September 2009 - 04:32 PM

Try running the scan in Normal Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 moonkey008

moonkey008
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 02 October 2009 - 12:35 AM

Sorry for the late reply! I didnt bring my laptop to my dorm last week. I am home now.
Heres my Log I am still getting pop ups !




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2009 at 06:19 PM

Application Version : 4.29.1002

Core Rules Database Version : 4139
Trace Rules Database Version: 2071

Scan type : Complete Scan
Total Scan Time : 03:39:38

Memory items scanned : 268
Memory threats detected : 0
Registry items scanned : 6993
Registry threats detected : 0
File items scanned : 271311
File threats detected : 28

Adware.Tracking Cookie
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\eddie@adserver.bettyconfidential[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@247realmedia[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@2o7[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ad.yieldmanager[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@admarketplace[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ads.addynamix[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ads.pointroll[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ads.right-ads[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@adserver.adtechus[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@advertising.healthguru[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@bridge2.admarketplace[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@bs.serving-sys[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@collective-media[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@content.yieldmanager[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@content.yieldmanager[3].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@eas.apm.emediate[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@electronicarts.112.2o7[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@insightexpressai[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@mediatraffic[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@multimedia.paretologic[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@oasn04.247realmedia[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@questionmarket[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@qyclick[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@revsci[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@serving-sys[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@sex.healthguru[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@tacoda[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@www.burstbeacon[1].txt

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 02 October 2009 - 12:43 AM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

If that doesn't work here is another one to try:

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 moonkey008

moonkey008
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 02 October 2009 - 02:09 AM

I tried both ways in safe mode, but both failed. For the SDFix scan, when I type in C:\SDFix\RunThis.bat in Run, a screen poped up and closed. I tried 2 times, i still cannot get the RunThis.bat working. For the CureIt, I complete the quick scan but when i start the complete scan for about 5mins I got a blue screen error. BTW I m using Window Vista, does that matters? Should i perform it in normal mode?!

Edited by moonkey008, 02 October 2009 - 02:18 AM.


#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 03 October 2009 - 01:49 AM

Sorry, I forgot that SDFix only works for XP. Try the DrWebCureIt scan in Normal Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 moonkey008

moonkey008
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 08 October 2009 - 04:45 PM

I tried to scan in normal mode, but then the it restarts by itself during the scan. I tried many times.

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 08 October 2009 - 05:26 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 moonkey008

moonkey008
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 08 October 2009 - 11:17 PM

Omg, it give me a blue screen this time :thumbsup: ! While scanning!

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 08 October 2009 - 11:20 PM

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 moonkey008

moonkey008
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 09 October 2009 - 09:32 PM

Heres the log! 11 items detected, but they are all Removable:Yes (but clean up not recommended for this file), so i didnt make any actions

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 2009/10/9 at 18:01:13
User "Eddie" on computer "EDDIE-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\eddyo_0@hotmail.com\SharingMetadata\kukuri828@hotmail.com\DFSR\Staging\CS{8A33A0D9-024C-D0FE-EA0D-C05EA5A11CE2}\01\11-{8A33A0D9-024C-D0FE-EA0D-C05EA5A11CE2}-v1-{0ABD9653-B1ED-40A6-96DE-18C545DA7323}-v11-Downloaded.frx
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\xiaobaiymh@HotMAIL.COM\SharingMetadata\jjiaaa2008@hotmail.com\DFSR\Staging\CS{9173844A-D42E-E3BB-38B0-3AC57A7E7CB3}\01\13-{9173844A-D42E-E3BB-38B0-3AC57A7E7CB3}-v1-{B41FB0A3-1F02-4A38-B941-029A3164F5BF}-v13-Downloaded.frx
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\xiaobaiymh@HotMAIL.COM\SharingMetadata\brightboy2000@hotmail.com\DFSR\Staging\CS{265451E8-FE15-2ED3-DC32-CB658208CC96}\01\15-{265451E8-FE15-2ED3-DC32-CB658208CC96}-v1-{B41FB0A3-1F02-4A38-B941-029A3164F5BF}-v15-Downloaded.frx
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\xiaobaiymh@HotMAIL.COM\SharingMetadata\eddyo_0@hotmail.com\DFSR\Staging\CS{AAE724BC-F91F-E308-2F76-20A501CA9C18}\01\12-{AAE724BC-F91F-E308-2F76-20A501CA9C18}-v1-{B41FB0A3-1F02-4A38-B941-029A3164F5BF}-v12-Downloaded.frx
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\xiaobaiymh@HotMAIL.COM\SharingMetadata\super981@hotmail.com\DFSR\Staging\CS{95C628B2-371F-ECA8-14BC-6623BB52622D}\01\14-{95C628B2-371F-ECA8-14BC-6623BB52622D}-v1-{B41FB0A3-1F02-4A38-B941-029A3164F5BF}-v14-Downloaded.frx
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\xiaobaiymh@HotMAIL.COM\SharingMetadata\logusun@hotmail.com\DFSR\Staging\CS{00E75645-2422-DB6C-B03B-44A37617799A}\01\11-{00E75645-2422-DB6C-B03B-44A37617799A}-v1-{B41FB0A3-1F02-4A38-B941-029A3164F5BF}-v11-Downloaded.frx
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\xiaobaiymh@HotMAIL.COM\SharingMetadata\eddyo_0@hotmail.com\DFSR\Staging\CS{AAE724BC-F91F-E308-2F76-20A501CA9C18}\55\55-{B41FB0A3-1F02-4A38-B941-029A3164F5BF}-v55-{B41FB0A3-1F02-4A38-B941-029A3164F5BF}-v55-Downloaded.frx
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\eddyo_0@hotmail.com\SharingMetadata\sqwarrior@yahoo.com\DFSR\Staging\CS{1E6A551A-F182-142F-A2CC-78B3F62F2C6D}\01\10-{1E6A551A-F182-142F-A2CC-78B3F62F2C6D}-v1-{0ABD9653-B1ED-40A6-96DE-18C545DA7323}-v10-Downloaded.frx
Hidden: file C:\Windows\System32\drivers\sptd.sys
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\xiaobaiymh@HotMAIL.COM\SharingMetadata\brightboy2000@hotmail.com\DFSR\Staging\CS{265451E8-FE15-2ED3-DC32-CB658208CC96}\17\689-{19460EBF-C965-45CB-8095-532181AC8E60}-v17-{1504D038-A0AE-4F39-95EB-36D650AFFF95}-v689-Downloaded.frx
Hidden: file C:\Users\Eddie\AppData\Local\Microsoft\Messenger\brightboy2000@hotmail.com\SharingMetadata\xiaobaiymh@hotmail.com\DFSR\Staging\CS{265451E8-FE15-2ED3-DC32-CB658208CC96}\01\10-{265451E8-FE15-2ED3-DC32-CB658208CC96}-v1-{F8C56F92-DD86-4714-A7B5-39182B3C2840}-v10-Downloaded.frx
Info: Starting disk scan of S: (FAT).
Stopped logging on 2009/10/9 at 19:07:09

#14 moonkey008

moonkey008
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 October 2009 - 01:19 AM

In addition, I did another SuperAntiSpyware Scan dont know if it helps.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/09/2009 at 11:11 PM

Application Version : 4.29.1002

Core Rules Database Version : 4158
Trace Rules Database Version: 2085

Scan type : Complete Scan
Total Scan Time : 03:22:48

Memory items scanned : 291
Memory threats detected : 0
Registry items scanned : 6995
Registry threats detected : 0
File items scanned : 272183
File threats detected : 45

Adware.Tracking Cookie
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\eddie@ad.yieldmanager[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\eddie@ad.yieldmanager[3].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\eddie@adserver.bettyconfidential[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\eddie@count5.pconline.com[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@247realmedia[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ad.yieldmanager[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ad.yieldmanager[3].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ad.zanox[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ad1.clickhype[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ad2.doublepimp[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@admarketplace[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ads.addynamix[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@ads.right-ads[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@adserver.adtechus[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@adultadworld[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@advertising.healthguru[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@answerstv.112.2o7[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@bridge1.admarketplace[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@bs.serving-sys[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@chitika[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@collective-media[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@content.yieldmanager[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@content.yieldmanager[3].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@eas.apm.emediate[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@electronicarts.112.2o7[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@hornymatches[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@insightexpressai[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@interclick[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@invitemedia[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@lynxtrack[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@mediatraffic[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@porned[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@pro-market[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@questionmarket[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@realmedia[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@revsci[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@rotator.adjuggler[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@rts.pgmediaserve[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@serving-sys[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@sex.healthguru[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@sitestat.mayoclinic[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@social.porned[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@tacoda[1].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@trafficmp[2].txt
C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Cookies\Low\eddie@tribalfusion[1].txt

#15 moonkey008

moonkey008
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 10 October 2009 - 07:43 PM

I did a search online about my pop ups, i think i m infected with CiD pop ups or CiD Help Malware/Adware. the recommanded removal is uninstall CiD Helper in control panel->uninstall program files, but theres no such thing as CiD helper in my uninstall list. I am sure that in infected with this CiD pop ups because Popup with words CiD in upper left of title bar appears when starting IE.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users