Solve : Internet Explorer websites keeps popping up?

1.	Solve : Internet Explorer websites keeps popping up?
Answer» I've ran many anti-VIRUS programs to try and remove it. For example, I've used SpyBlaster, Ad-Aware, Vundo, AVG Anti-Virus, Super Antivirus, HiJackThis, and etc. When I'm on Firefox, the pop ups in IE tends to pop up more than usual. I've ran the programs and supposedly it was removed but for some strange reason, the pop up still seems to be happening. Thank you very much.OK, what site pops up? Or does IE just open? And can you post us a HijackThis log (just scanning with it does nothing) to take a look at? It might take up a few posts, so post in sections (include all headers and such). Quote When I'm on Firefox, the pop ups in IE tends to pop up more than usual Explain. I think two of them was getmusicfree and revenueloop. Another one seemed to be http://url.cpvfeed.com/cpv.jsp?p=111131&ron=on IE opens with sites. When I'm off Firefox, it doesn't seem to load as much as when I'm on. Logfile of HijackThis v1.99.1 Scan saved at 6:44:54 PM, on 6/15/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AIM\aim.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\DOCUME~1\Default\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeIs that the whole log? There should be more.Nope, that's basically it. You win the new record for the SHORTEST log I've ever seen. Your HijackThis is in a temporary location. If you leave it there, it (along with its important backups) can and will eventually be deleted. Please navigate to its current location (C:\DOCUME~1\Default\LOCALS~1\Temp\Rar$EX00.078) and it move to a new permanent folder at C:\Program Files\HJT. I would also like for you to rename HijackThis.exe to HughJackman.exe. Before moving on, I'm going to have to ask you to apply Service Pack 1a (do not install Service Pack 2) for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx Apply the update, reboot, and post a fresh HijackThis log.Okay, done. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Default\Desktop\HughJackman.exe O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ewffqhlf.dll O2 - BHO: (no name) - {93505CBB-CA59-48C2-88E3-4BDF6730B2A0} - C:\WINDOWS\System32\rqoon.dll (file missing) O2 - BHO: (no name) - {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} - C:\WINDOWS\System32\xxywt.dll O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\dnsersnd.dll (file missing) O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: rqrssqq - rqrssqq.dll (file missing) O20 - Winlogon Notify: winlnu32 - winlnu32.dll (file missing) O20 - Winlogon Notify: xxywt - C:\WINDOWS\System32\xxywt.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe xxywt.dll - Trojan dnsersnd.dll - Trojan Other than that, everything's fine. No unusual programs running. I'm not very good at this, so that's all I can gather. Wait for CBMatt, he'll fix your problem. And I Googled the sites that you said popped up before. revenueloop and the long sitename one (ww.smashits - the site it links to) both look legit from what I gathered, but getmusicfree isn't so good. Email spamming and links to virus infested sites are what I found out about it.Dark Blade is right about those being infected files (there are more). You have a Vundo infection, which is most likely causing these popups... 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your COMPUTER, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post. And then, just to be thorough... 1. Download VirtumundoBeGone and save it to your desktop. 2. Reboot into Safe Mode. 3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions. 4. Exit when it has finished and reboot back into normal mode. Vundo should now be removed from your computer. After doing so, open up HijackThis and scan. In a minute, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet... O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ewffqhlf.dll O2 - BHO: (no name) - {93505CBB-CA59-48C2-88E3-4BDF6730B2A0} - C:\WINDOWS\System32\rqoon.dll (file missing) O2 - BHO: (no name) - {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} - C:\WINDOWS\System32\xxywt.dll O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\dnsersnd.dll (file missing) O20 - Winlogon Notify: rqrssqq - rqrssqq.dll (file missing) O20 - Winlogon Notify: winlnu32 - winlnu32.dll (file missing) O20 - Winlogon Notify: xxywt - C:\WINDOWS\System32\xxywt.dll Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders. Navigate to and delete the following file(s) if present (they should be gone after VundoFix, but look for them anyway)... C:\WINDOWS\System32\ewffqhlf.dll C:\WINDOWS\System32\rqoon.dll C:\WINDOWS\System32\xxywt.dll C:\WINDOWS\System32\dnsersnd.dll C:\WINDOWS\System32\rqrssqq.dll C:\WINDOWS\System32\winlnu32.dll Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps. *When you post your next log, please post the whole* thing, including the header that lists information about Windows and Internet Explorer.**The pop ups are still there. Logfile of HijackThis v1.99.1 Scan saved at 10:14:10 AM, on 6/16/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Default\Desktop\HughJackman.exe O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\jjevutlj.dll",realset O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe Here's the one on VBG: [06/16/2007, 9:40:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" ) [06/16/2007, 9:40:28] - Detected System Information: [06/16/2007, 9:40:29] - Windows Version: 5.1.2600, [06/16/2007, 9:40:29] - Current Username: Default (Admin) [06/16/2007, 9:40:29] - Windows is in NORMAL mode. [06/16/2007, 9:40:29] - Searching for Browser Helper Objects: [06/16/2007, 9:40:29] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/16/2007, 9:40:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:40:29] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm [06/16/2007, 9:40:29] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing. [06/16/2007, 9:40:29] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} () [06/16/2007, 9:40:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:40:29] - Checking for HKLM\...\Winlogon\Notify\xxywt [06/16/2007, 9:40:29] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing. [06/16/2007, 9:40:29] - Finished Searching Browser Helper Objects [06/16/2007, 9:40:29] - Finishing up... [06/16/2007, 9:40:29] - Nothing found! Exiting... [06/16/2007, 9:48:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" ) [06/16/2007, 9:48:02] - Detected System Information: [06/16/2007, 9:48:02] - Windows Version: 5.1.2600, [06/16/2007, 9:48:02] - Current Username: Administrator (Admin) [06/16/2007, 9:48:02] - Windows is in SAFE mode with Networking. [06/16/2007, 9:48:02] - Searching for Browser Helper Objects: [06/16/2007, 9:48:02] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/16/2007, 9:48:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:48:02] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm [06/16/2007, 9:48:02] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing. [06/16/2007, 9:48:02] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} () [06/16/2007, 9:48:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:48:02] - Checking for HKLM\...\Winlogon\Notify\xxywt [06/16/2007, 9:48:02] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing. [06/16/2007, 9:48:02] - Finished Searching Browser Helper Objects [06/16/2007, 9:48:02] - Finishing up... [06/16/2007, 9:48:02] - Nothing found! Exiting... [06/16/2007, 9:48:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" ) [06/16/2007, 9:48:43] - User choose NOT to continue. Exiting... [06/16/2007, 9:48:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" ) [06/16/2007, 9:48:52] - Detected System Information: [06/16/2007, 9:48:52] - Windows Version: 5.1.2600, [06/16/2007, 9:48:52] - Current Username: Administrator (Admin) [06/16/2007, 9:48:52] - Windows is in SAFE mode with Networking. [06/16/2007, 9:48:52] - Searching for Browser Helper Objects: [06/16/2007, 9:48:52] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} () [06/16/2007, 9:48:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:48:52] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm [06/16/2007, 9:48:52] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing. [06/16/2007, 9:48:52] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} () [06/16/2007, 9:48:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/16/2007, 9:48:52] - Checking for HKLM\...\Winlogon\Notify\xxywt [06/16/2007, 9:48:52] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing. [06/16/2007, 9:48:52] - Finished Searching Browser Helper Objects [06/16/2007, 9:48:52] - Finishing up... [06/16/2007, 9:48:52] - Nothing found! Exiting... Try running VundoFix again, as you still have traces of it left on your computer. Also, it's very important to update to Service Pack 1 like I stated in my first post. Once you have done these things, go ahead and post a new HijackThis log.When I scanned for Vundo, there wasn't anything. Also, I did another scan on AVG. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:15:01 PM 6/16/2007 + Scan result: :mozilla.348:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -&GT; TrackingCookie.Adbrite : Cleaned. :mozilla.349:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.350:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.351:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.352:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.353:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.354:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.355:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.356:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.357:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.358:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.359:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.360:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.361:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.362:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.363:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.364:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.365:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.366:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.367:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.370:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.373:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.374:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.375:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.376:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.519:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.536:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.529:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.530:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.484:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.485:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.486:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.487:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.488:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.483:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.310:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.311:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.312:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.313:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.314:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.315:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.316:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.397:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\Default\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.413:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.398:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.399:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.400:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.549:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.550:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.551:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.552:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.553:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.521:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.525:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.526:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.527:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.528:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Default\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned. :mozilla.212:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.213:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.470:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.341:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.342:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.343:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.344:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.345:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.403:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.404:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.405:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.406:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.407:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.408:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. ::Report end It still seems to pop up websites on Internet Explorer.Okay...install Service Pack 1a if you haven't already and then post a new HijackThis log. Without SP1, it makes it very easy for you to become reinfected.

Answer»

I've ran many anti-VIRUS programs to try and remove it. For example, I've used SpyBlaster, Ad-Aware, Vundo, AVG Anti-Virus, Super Antivirus, HiJackThis, and etc. When I'm on Firefox, the pop ups in IE tends to pop up more than usual. I've ran the programs and supposedly it was removed but for some strange reason, the pop up still seems to be happening. Thank you very much.OK, what site pops up? Or does IE just open? And can you post us a HijackThis log (just scanning with it does nothing) to take a look at? It might take up a few posts, so post in sections (include all headers and such).

Quote

When I'm on Firefox, the pop ups in IE tends to pop up more than usual

Explain.
I think two of them was getmusicfree and revenueloop. Another one seemed to be http://url.cpvfeed.com/cpv.jsp?p=111131&ron=on

IE opens with sites. When I'm off Firefox, it doesn't seem to load as much as when I'm on.

Logfile of HijackThis v1.99.1
Scan saved at 6:44:54 PM, on 6/15/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Default\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeIs that the whole log? There should be more.Nope, that's basically it. You win the new record for the SHORTEST log I've ever seen.

Your HijackThis is in a temporary location. If you leave it there, it (along with its important backups) can and will eventually be deleted. Please navigate to its current location (C:\DOCUME~1\Default\LOCALS~1\Temp\Rar$EX00.078) and it move to a new permanent folder at C:\Program Files\HJT. I would also like for you to rename HijackThis.exe to HughJackman.exe.

Before moving on, I'm going to have to ask you to apply Service Pack 1a (do not install Service Pack 2) for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
Apply the update, reboot, and post a fresh HijackThis log.Okay, done.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Default\Desktop\HughJackman.exe

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ewffqhlf.dll
O2 - BHO: (no name) - {93505CBB-CA59-48C2-88E3-4BDF6730B2A0} - C:\WINDOWS\System32\rqoon.dll (file missing)
O2 - BHO: (no name) - {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} - C:\WINDOWS\System32\xxywt.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\dnsersnd.dll (file missing)
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rqrssqq - rqrssqq.dll (file missing)
O20 - Winlogon Notify: winlnu32 - winlnu32.dll (file missing)
O20 - Winlogon Notify: xxywt - C:\WINDOWS\System32\xxywt.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

xxywt.dll - Trojan
dnsersnd.dll - Trojan

Other than that, everything's fine. No unusual programs running.
I'm not very good at this, so that's all I can gather. Wait for CBMatt, he'll fix your problem.

And I Googled the sites that you said popped up before.

revenueloop and the long sitename one (ww.smashits - the site it links to) both look legit from what I gathered, but getmusicfree isn't so good. Email spamming and links to virus infested sites are what I found out about it.Dark Blade is right about those being infected files (there are more). You have a Vundo infection, which is most likely causing these popups...

1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your COMPUTER, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode. Vundo should now be removed from your computer.

After doing so, open up HijackThis and scan. In a minute, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ewffqhlf.dll
O2 - BHO: (no name) - {93505CBB-CA59-48C2-88E3-4BDF6730B2A0} - C:\WINDOWS\System32\rqoon.dll (file missing)
O2 - BHO: (no name) - {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} - C:\WINDOWS\System32\xxywt.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\dnsersnd.dll (file missing)

O20 - Winlogon Notify: rqrssqq - rqrssqq.dll (file missing)
O20 - Winlogon Notify: winlnu32 - winlnu32.dll (file missing)
O20 - Winlogon Notify: xxywt - C:\WINDOWS\System32\xxywt.dll

Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Navigate to and delete the following file(s) if present (they should be gone after VundoFix, but look for them anyway)...

C:\WINDOWS\System32\ewffqhlf.dll
C:\WINDOWS\System32\rqoon.dll
C:\WINDOWS\System32\xxywt.dll
C:\WINDOWS\System32\dnsersnd.dll
C:\WINDOWS\System32\rqrssqq.dll
C:\WINDOWS\System32\winlnu32.dll

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.

When you post your next log, please post the whole thing, including the header that lists information about Windows and Internet Explorer.The pop ups are still there.

Logfile of HijackThis v1.99.1
Scan saved at 10:14:10 AM, on 6/16/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Default\Desktop\HughJackman.exe

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\jjevutlj.dll",realset
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

Here's the one on VBG:

[06/16/2007, 9:40:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" )
[06/16/2007, 9:40:28] - Detected System Information:
[06/16/2007, 9:40:29] - Windows Version: 5.1.2600,
[06/16/2007, 9:40:29] - Current Username: Default (Admin)
[06/16/2007, 9:40:29] - Windows is in NORMAL mode.
[06/16/2007, 9:40:29] - Searching for Browser Helper Objects:
[06/16/2007, 9:40:29] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 9:40:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 9:40:29] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm
[06/16/2007, 9:40:29] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing.
[06/16/2007, 9:40:29] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} ()
[06/16/2007, 9:40:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 9:40:29] - Checking for HKLM\...\Winlogon\Notify\xxywt
[06/16/2007, 9:40:29] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing.
[06/16/2007, 9:40:29] - Finished Searching Browser Helper Objects
[06/16/2007, 9:40:29] - Finishing up...
[06/16/2007, 9:40:29] - Nothing found! Exiting...

[06/16/2007, 9:48:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" )
[06/16/2007, 9:48:02] - Detected System Information:
[06/16/2007, 9:48:02] - Windows Version: 5.1.2600,
[06/16/2007, 9:48:02] - Current Username: Administrator (Admin)
[06/16/2007, 9:48:02] - Windows is in SAFE mode with Networking.
[06/16/2007, 9:48:02] - Searching for Browser Helper Objects:
[06/16/2007, 9:48:02] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 9:48:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 9:48:02] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm
[06/16/2007, 9:48:02] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing.
[06/16/2007, 9:48:02] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} ()
[06/16/2007, 9:48:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 9:48:02] - Checking for HKLM\...\Winlogon\Notify\xxywt
[06/16/2007, 9:48:02] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing.
[06/16/2007, 9:48:02] - Finished Searching Browser Helper Objects
[06/16/2007, 9:48:02] - Finishing up...
[06/16/2007, 9:48:02] - Nothing found! Exiting...

[06/16/2007, 9:48:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" )
[06/16/2007, 9:48:43] - User choose NOT to continue. Exiting...

[06/16/2007, 9:48:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Default\Desktop\VirtumundoBeGone.exe" )
[06/16/2007, 9:48:52] - Detected System Information:
[06/16/2007, 9:48:52] - Windows Version: 5.1.2600,
[06/16/2007, 9:48:52] - Current Username: Administrator (Admin)
[06/16/2007, 9:48:52] - Windows is in SAFE mode with Networking.
[06/16/2007, 9:48:52] - Searching for Browser Helper Objects:
[06/16/2007, 9:48:52] - BHO 1: {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} ()
[06/16/2007, 9:48:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 9:48:52] - Checking for HKLM\...\Winlogon\Notify\bmxuclwm
[06/16/2007, 9:48:52] - Key not found: HKLM\...\Winlogon\Notify\bmxuclwm, continuing.
[06/16/2007, 9:48:52] - BHO 2: {AAE11676-AB2A-4F81-BCBD-7110AC1AA822} ()
[06/16/2007, 9:48:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2007, 9:48:52] - Checking for HKLM\...\Winlogon\Notify\xxywt
[06/16/2007, 9:48:52] - Key not found: HKLM\...\Winlogon\Notify\xxywt, continuing.
[06/16/2007, 9:48:52] - Finished Searching Browser Helper Objects
[06/16/2007, 9:48:52] - Finishing up...
[06/16/2007, 9:48:52] - Nothing found! Exiting...

Try running VundoFix again, as you still have traces of it left on your computer. Also, it's very important to update to Service Pack 1 like I stated in my first post. Once you have done these things, go ahead and post a new HijackThis log.When I scanned for Vundo, there wasn't anything. Also, I did another scan on AVG.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:15:01 PM 6/16/2007

+ Scan result:

:mozilla.348:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -&GT; TrackingCookie.Adbrite : Cleaned.
:mozilla.349:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.350:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.351:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.352:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.353:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.354:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.355:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.356:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.357:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.358:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.359:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.360:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.361:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.362:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.363:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.364:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.365:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.366:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.367:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.370:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.373:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.374:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.375:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.376:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.519:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.536:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.529:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.530:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.484:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.485:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.486:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.487:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.488:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.483:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.310:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.311:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.312:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.313:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.314:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.315:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.316:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.397:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Default\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.413:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.398:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.399:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.400:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.549:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.550:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.551:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.552:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.553:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.521:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.525:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.526:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.527:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.528:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Default\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.212:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.470:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.341:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.342:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.343:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.344:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.345:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.403:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.404:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.405:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.406:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.407:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.408:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\4bhxlc6n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

It still seems to pop up websites on Internet Explorer.Okay...install Service Pack 1a if you haven't already and then post a new HijackThis log. Without SP1, it makes it very easy for you to become reinfected.

Solve : Internet Explorer websites keeps popping up?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment