• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

win32.PornPopup

L

lordquark

New member
Spybot keeps finding win32.PornPopup, but has been unable to permanently remove it. Malwarebytes doesn't pick up anything. I have slowed performance and keep getting IE popup ads (surprisingly non-porn popup ads) even though I use Firefox and never IE.
Here is my DDS log.

Thanks in advance.
---

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 12:54:43.21 on Wed 07/14/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.465 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe 4
svchost.exe 4
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Administrator\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [PRONoMgr.exe] e:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [Smapp] e:\program files\analog devices\soundmax\Smtray.exe
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] e:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "e:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - e:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274017759015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\kqozxujm.default\
FF - component: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: e:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 fasttrak;fasttrak;e:\windows\system32\drivers\Fasttrak.sys [2002-5-12 73600]
R1 AvgTdiX;AVG Free Network Redirector;e:\windows\system32\drivers\avgtdix.sys [2010-5-25 242896]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [2010-5-25 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;e:\windows\system32\drivers\avgmfx86.sys [2010-5-25 29584]
S2 avg9emc;AVG Free E-mail Scanner;e:\program files\avg\avg9\avgemc.exe [2010-5-25 916760]
S2 avg9wd;AVG Free WatchDog;e:\program files\avg\avg9\avgwdsvc.exe [2010-5-25 308064]
S3 RT80x86;Ralink 802.11n Wireless Driver;e:\windows\system32\drivers\rt2860.sys [2007-11-15 572416]

=============== Created Last 30 ================

2010-07-14 04:41:04 98816 ----a-w- e:\windows\sed.exe
2010-07-14 04:41:04 77312 ----a-w- e:\windows\MBR.exe
2010-07-14 04:41:04 256512 ----a-w- e:\windows\PEV.exe
2010-07-14 04:41:04 161792 ----a-w- e:\windows\SWREG.exe
2010-07-14 03:41:56 0 d-----w- e:\docume~1\admini~1\applic~1\Malwarebytes
2010-07-14 02:38:03 0 d-sh--w- e:\documents and settings\administrator\IETldCache
2010-07-13 00:10:23 0 d-----w- E:\$AVG
2010-07-05 01:30:58 444776 ----a-w- e:\windows\system32\d3dx10_36.dll
2010-07-05 01:29:36 2297552 ----a-w- e:\windows\system32\d3dx9_26.dll
2010-07-05 01:29:06 0 d-----w- e:\windows\Logs
2010-07-05 00:59:32 0 d-----w- e:\program files\Steam
2010-07-04 22:32:42 38 ----a-w- e:\windows\cdplayer.ini
2010-07-04 22:29:51 0 d-----w- e:\program files\common files\xing shared
2010-07-03 18:25:24 0 d-----w- e:\program files\iPod
2010-07-03 18:25:04 0 d-----w- e:\program files\iTunes
2010-07-03 18:20:10 0 d-----w- e:\program files\Bonjour
2010-06-24 22:34:18 499712 ----a-w- e:\windows\system32\msvcp71.dll
2010-06-24 22:34:18 348160 ----a-w- e:\windows\system32\msvcr71.dll
2010-06-24 22:34:13 0 d-----w- e:\program files\common files\Real
2010-06-23 06:06:53 0 d--h--w- e:\windows\PIF

==================== Find3M ====================

2010-06-03 13:24:15 242896 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2010-05-25 23:11:57 12464 ----a-w- e:\windows\system32\avgrsstx.dll
2010-05-25 23:11:41 216200 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2010-05-18 20:35:16 91424 ----a-w- e:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- e:\windows\system32\dns-sd.exe
2010-05-18 01:43:48 411368 ----a-w- e:\windows\system32\deploytk.dll
2010-05-14 01:42:53 21640 ----a-w- e:\windows\system32\emptyregdb.dat
2010-05-06 10:41:53 916480 ----a-w- e:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- e:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- e:\windows\system32\atmfd.dll
2010-04-20 00:47:44 3062048 ----a-w- e:\windows\system32\usbaaplrc.dll

============= FINISH: 12:55:10.39 ===============
 
:snwelcome:

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

This is just starting to surface, have many users complaining about it, first we need to find out where its coming from

Run SpyBot check for problems, fix all red items, when its finished right click and choose copy results (not full report) to clipboard and paste that back here please.
 
I've run spybot a number of times, and when this problem started it would find and 'fix' win32.pornpopup, but it no longer detects anything. I keep getting IE popup windows, though.

Here's my most recent Spybot report:
Congratulations!: No immediate threats were found. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-05-17 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-06 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-06 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-06 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-07-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-06 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-06 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-06 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-29 Includes\Trojans.sbi (*)
2010-07-06 Includes\TrojansC-02.sbi (*)
2010-07-06 Includes\TrojansC-03.sbi (*)
2010-07-06 Includes\TrojansC-04.sbi (*)
2010-07-06 Includes\TrojansC-05.sbi (*)
2010-07-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
 
OK, lets keep an eye on it, it may resurface . I will leave this thread open for you for a few days, post back and let me know how its going
 
Ok- I had actually been running in safe mode since my first post. I restarted out of safe mode and immediately ran spybot, revealing that everything came right back. Here are my spybot results.

------------
DoubleClick: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


WebTrends live: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


BurstMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


BurstMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


BurstMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


BurstMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Win32.PornPopUp: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)


BlueStreak: Tracking cookie (Firefox: Administrator (default)) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-05-17 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-06 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-06 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-06 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-07-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-06 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-06 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-06 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-29 Includes\Trojans.sbi (*)
2010-07-06 Includes\TrojansC-02.sbi (*)
2010-07-06 Includes\TrojansC-03.sbi (*)
2010-07-06 Includes\TrojansC-04.sbi (*)
2010-07-06 Includes\TrojansC-05.sbi (*)
2010-07-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
 
Hi,

Those are from Firefox, lets do this

Before you do this make sure you write down passwords and user names for sites you frequent as deleting all cookies you will be prompted for them again

Open Firefox and go to Tools > Options > Privacy Tab > Remove Individual Cookies > delete all cookies



Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean






Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
Win32.pornpopup
:folderfind
Win32.pornpopup
:regfind
Win32.pornpopup
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
I ran the utilities you've mentioned, and systemLook and Spybot are no longer picking up win32.pornpopup, but I continue to get IE popup windows. Is there anything else I might scan for the problem with?
 
Hi,

Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
You must log in or register to reply here.
Back
Top