Drive Cleaner Problem

new combofix log:

Paul - 06-10-04 23:30:10.27 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\TEMP\Desktop\Setup "

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\TEMP\My Documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\TEMP\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\TEMP\My Documents\SMBOLS~1\userinit.exe
C:\QooBox\Purity\Documents and Settings\TEMP\My Documents\WNSXS~1\javaw.exe
C:\QooBox\Purity\Documents and Settings\TEMP\My Documents\WNSXS~1\W?nSxS
C:\QooBox\Purity\WINDOWS\SYSTEM32\SMANTE~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-02 19:00 967 --a------ C:\WINDOWS\ScUnin.pif
2006-10-02 19:00 94,208 --a------ C:\WINDOWS\ScUnin.exe
2006-10-02 18:00 5,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\d347prt.sys
2006-10-02 18:00 155,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\d347bus.sys
2006-09-30 17:09 94,208 --a------ C:\WINDOWS\SYSTEM32\HPZipt12.dll
2006-09-30 17:09 69,632 --a------ C:\WINDOWS\SYSTEM32\HPZipm12.exe
2006-09-30 17:09 61,440 --a------ C:\WINDOWS\SYSTEM32\HPZinw12.exe
2006-09-30 17:09 57,344 --a------ C:\WINDOWS\SYSTEM32\HPZisn12.dll
2006-09-30 17:09 278,584 --a------ C:\WINDOWS\SYSTEM32\HPZidr12.dll
2006-09-30 17:09 204,800 --a------ C:\WINDOWS\SYSTEM32\HPZipr12.dll
2006-09-30 17:05 51,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys
2006-09-30 17:05 21,744 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
2006-09-30 17:05 16,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
2006-09-30 17:03 98,304 --a------ C:\WINDOWS\SYSTEM32\hpzjsn01.dll
2006-09-30 17:03 606,208 --a------ C:\WINDOWS\SYSTEM32\hpotscl.dll
2006-09-30 17:03 393,216 --a------ C:\WINDOWS\SYSTEM32\hpzcon12.dll
2006-09-30 17:03 278,528 --a------ C:\WINDOWS\SYSTEM32\hpgwiamd.dll
2006-09-30 17:03 274,432 --a------ C:\WINDOWS\SYSTEM32\HPZc3212.dll
2006-09-30 17:03 258,122 --a------ C:\WINDOWS\SYSTEM32\hpovst08.dll
2006-09-30 17:03 196,608 --a------ C:\WINDOWS\SYSTEM32\hpzcoi12.dll
2006-09-30 17:03 139,345 --a------ C:\WINDOWS\SYSTEM32\hpzlnt12.dll
2006-09-30 16:49 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2006-09-29 23:32 446,464 --a------ C:\WINDOWS\SYSTEM32\HHActiveX.dll
2006-09-29 23:32 24,576 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2006-09-29 23:31 9,488 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2006-09-18 00:00 180,224 --a-s---- C:\WINDOWS\SYSTEM32\archlib.dll
2006-09-17 23:54 356,864 C:\WINDOWSTrueCrypt Setup.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 23:29 -------- d-------- C:\Program Files\Common Files
2006-10-04 22:12 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 23:00 -------- d-------- C:\Program Files\BillP Studios
2006-10-03 23:00 -------- d-------- C:\Documents and Settings\TEMP\Application Data\WinPatrol
2006-10-02 22:57 -------- d-------- C:\Program Files\Starcraft
2006-10-02 19:57 -------- d-------- C:\Program Files\SlySoft
2006-10-02 19:56 -------- d-------- C:\Program Files\Lavasoft
2006-10-02 19:56 -------- d-------- C:\Documents and Settings\TEMP\Application Data\Lavasoft
2006-10-02 18:00 -------- d-------- C:\Program Files\D-Tools
2006-10-02 17:48 -------- d-------- C:\Program Files\Zone Labs
2006-10-02 17:48 -------- d-------- C:\Program Files\GRETECH
2006-10-02 06:56 0 --a------ C:\AUTOEXEC.BAT
2006-10-02 06:56 -------- d-------- C:\Program Files\Panda Software
2006-10-02 00:27 -------- d-------- C:\Documents and Settings\TEMP\Application Data\Windows Live Safety Center
2006-10-02 00:24 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-01 23:15 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-01 23:14 -------- d-------- C:\Program Files\Common Files\Panda Software
2006-10-01 01:04 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-30 17:19 -------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-09-30 17:17 -------- d-------- C:\Documents and Settings\TEMP\Application Data\AdobeUM
2006-09-30 17:09 -------- d-------- C:\Program Files\HP
2006-09-30 10:31 -------- d-------- C:\Program Files\X3watch
2006-09-30 10:31 -------- d-------- C:\Program Files\Windows Media Player
2006-09-30 10:31 -------- d-------- C:\Program Files\Messenger
2006-09-30 10:20 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-30 10:18 -------- d-------- C:\Program Files\Canon
2006-09-30 10:16 -------- d-------- C:\Program Files\Gabest
2006-09-30 10:15 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-30 10:14 -------- d-------- C:\Program Files\Rio
2006-09-30 10:14 -------- d-------- C:\Program Files\Musicmatch
2006-09-30 10:12 -------- d-------- C:\Program Files\hoonnet
2006-09-30 10:11 -------- d-------- C:\Program Files\HiDownload
2006-09-30 10:11 -------- d-------- C:\Program Files\FlashGet
2006-09-30 10:09 -------- d-------- C:\Program Files\Britannica
2006-09-29 23:30 -------- d-------- C:\Program Files\I8kfanGUI
2006-09-24 18:28 -------- d-------- C:\Program Files\Picasa2
2006-09-24 18:01 -------- d---s---- C:\Documents and Settings\TEMP\Application Data\Microsoft
2006-09-24 18:01 -------- d-------- C:\Program Files\Project64 1.6
2006-09-21 23:15 -------- d-------- C:\Program Files\iRiver
2006-09-20 15:26 -------- d-------- C:\Program Files\Comodo
2006-09-20 09:32 -------- d-------- C:\Documents and Settings\TEMP\Application Data\Comodo
2006-09-20 09:10 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-09-20 09:10 -------- d-------- C:\Program Files\AWS
2006-09-19 20:07 -------- d-------- C:\Documents and Settings\TEMP\Application Data\Tenebril
2006-09-17 23:53 -------- d-------- C:\Program Files\CCleaner
2006-09-13 23:46 -------- d-------- C:\Program Files\AIM
2006-09-13 23:46 -------- d-------- C:\Documents and Settings\TEMP\Application Data\Aim
2006-08-21 08:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2006-08-17 18:08 -------- d-------- C:\Documents and Settings\TEMP\Application Data\Sun
2006-08-10 17:26 -------- d-------- C:\Program Files\Internet Explorer
2006-08-07 17:15 -------- d-------- C:\Documents and Settings\TEMP\Application Data\MSN6
2006-07-27 09:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-26 20:19 0 --a------ C:\WINDOWS\SYSTEM32\cmmgr32.exe
2006-07-26 20:19 0 --a------ C:\WINDOWS\ORUN32.EXE
2006-07-26 20:05 0 --a------ C:\Documents and Settings\TEMP\Application Data\internaldb41.dat
2006-07-26 20:02 1064 --a------ C:\WINDOWS\SYSTEM32\flo188b3.sys
2006-07-26 19:57 286 --a------ C:\WINDOWS\SYSTEM32\n.bat
2006-07-26 19:56 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui "= "C:\\Program Files\\I8kfanGUI\\I8kfanGUI.exe /startup "
"MSMSGS "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x3watch "= "C:\\Program Files\\X3watch\\x3watch.exe "
"iRiver Updater "= "\\Updater.exe "
"DAEMON Tools-1033 "= "\ "C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 "
"WinPatrol "= "C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "C:\\Program Files\\Online Services\\kyzezeroq.html "
"SubscribedURL "=" "
"FriendlyName "=" "
"Flags "=dword:00002000
"Position "=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState "=dword:40000001
"OriginalStateInfo "=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo "=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source "= "C:\\Program Files\\ComPlus Applications\\howyw.html "
"SubscribedURL "=" "
"FriendlyName "=" "
"Flags "=dword:00002000
"Position "=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState "=dword:40000001
"OriginalStateInfo "=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo "=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=dword:40000004
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"CDRAutoRun "=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Update Check (DBWRW931-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (PAUL-Paul).job
C:\WINDOWS\tasks\McAfee.com Update Check (RUNOFF-Paul).job
C:\WINDOWS\tasks\WebReg 20040829142653.job
C:\WINDOWS\tasks\WebReg 20040829142701.job

Completion time: Wed 10/04/2006 23:31:12.85
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

 

Ok, that folder is gone, are there any more pop ups?

 

it doesn't appear to be coming back up again. Thanks!

 

hrmm... maybe I jumped the gun too quick. It popped back up again

 

OK, lets rename the hijackthis.exe to something other than that, like 'filekiller' or whatever, run another HJT log file.

If that produces new entries we'll try another Vundo tool.

 

Logfile of HijackThis v1.99.1
Scan saved at 11:26:47 PM, on 10/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\X3watch\x3watch.exe
C:\Updater.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\filekiller.exe

O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O20 - Winlogon Notify: avldr - avldr.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

Ok, lets run another scanner, I can't see anything going on here to cause pop ups.

Download AVG Anti-Spyware 7.5 formerly Ewido Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run ewido and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.

• Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
• Under "Reports "

• Select "Automatically generate report after every scan "
• Un-Select "Only if threats were found "

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot, into safe mode, this way:

• Turn on the computer
• Immediately begin tapping the <F8> key.
• Use the arrow keys to highlight Safe Mode and press the <Enter> key.

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process.

Launch ewido-anti-spyware by double-clicking the icon on your desktop.

• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions "
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.(Please edit out any cookie references)

 

here is the report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:53:21 PM 10/7/2006

+ Scan result:



C:\HJT\backups\backup-20061003-190433-290.dll -> Adware.PurityScan : Cleaned.
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 07-26-2006 - 21-30-17\{BCBF8DAD-8900-4D1D-830B-0D1C9FE14B85} -> Adware.SurfSide : Cleaned.
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 07-27-2006 - 18-01-34\{5D7C350A-4CE5-4D27-9B8E-B1452EB1D608} -> Adware.SurfSide : Cleaned.
C:\Documents and Settings\Paul\Local Settings\Temp\nsc12A.tmp\cydoor_topick.exe/HtCheck2.dll -> Adware.ToPicks : Cleaned.
C:\Documents and Settings\Paul\Local Settings\Temp\nsc12A.tmp\cydoor_topick.exe/Idhost.exe -> Adware.Topicks : Cleaned.
C:\Documents and Settings\Paul\Local Settings\Temp\nsc12A.tmp\cydoor_topick.exe/IdmUp.dll -> Adware.ToPicks : Cleaned.
C:\QooBox\Purity\Documents and Settings\TEMP\My Documents\WNSXS~1\javaw.exe -> Downloader.PurityScan.dr : Cleaned.
C:\Program Files\ComPlus Applications\howyw.html -> Hijacker.Small.jf : Cleaned.
C:\Program Files\Online Services\kyzezeroq.html -> Hijacker.Small.jf : Cleaned.
C:\Documents and Settings\Paul\Cookies\paul@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Paul\Cookies\paul@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Paul\Cookies\paul@www2.enigmasoftwaregroup[1].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned.
:mozilla.35:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\h96yo5xq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\h96yo5xq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\h96yo5xq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\h96yo5xq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

 

The scan seems to have picked out few files, are you still getting pop ups?

Let me know please.

Also:
Download Atribunes ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Tick the following boxes:
  • Windows Temp
  • Current User Temp
  • All User Temp
  • Cookies
  • Temporary Internet Files
  • History
  • Prefetch
  • Java Cache
• Click the Empty Selected button.

We'll empty the Recycle Bin later, once we know you're all cleaned up and nothing needs to be restored.