s3.cookingluck.com pop-up help needed

I have gone through the read and run me first steps. I am still having problems.

My pc has pop ups labeled s3.cookingluck.com and nothing appears on the browser, but I get many of them at once. Help please.

 

Help please, I am getting many of the same s3.cookingluck.com pop ups, they are really annoying.

 

Hi KCDuncan!
Welcome to Major Geeks!

Your computer is infected with at least one known virus. It will take some time to go through your logs, so thanks for being patient.

abri

 

Hi KCDuncan,
We can get started with a few things now.

Please do the following:

Download and run FindAWF by noahdfear.

• Please download FindAWF by noahdfear.
  • FindAWF.exe
• Save to your desktop.
• Double-click the FindAWF icon.
  • If a Security Alert shows, allow the program to run.
• As instructed, press any key to continue.
• Use the following option: Press 1 then Enter to scan for bak folders
• The scan may take a while, please be patient.
• When done, a text file, Find AWF report is produced.
• Please attach the Find AWF report in your next post.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 9

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

abri

 

OK, ran awf and saved the log file.

Also removed the java file and downloaded the current update 9.

 

Hi KCDuncan,

Please continue with the following instructions after you attach the AWF report:

1) To begin with, please disable your guest account if this has not already been done.


2) Next, if you are not using anything from Symantec like Ghost, you can uninstall the following entry from add/remove programs:

LiveReg (Symantec Corporation)

3) What part of your security are you using McAfee for?

4) Is the following support service one you signed up for? If so, do you use it?

C:\Program Files\support.com
C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft
C:\Program Files\Common Files\SupportSoft


5) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - S-1-5-18 Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PalNetaware.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe (User 'Default user')
O4 - .DEFAULT Startup: PalNetaware.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe (User 'Default user')
O4 - .DEFAULT User Startup: PalNetaware.lnk = ? (User 'Default user')
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe


Do the following belong to programs you know or want to keep? If not, please fix them as well.


O16 - DPF: {CC1E9F72-AFBE-4C67-B6E1-AB992035E562} (CFM2005TurboDMCrsnorun.UserControl1) - http://www.racelm.com/rlm/cfmturbo/cfm2005turboDMCrsnorun.CAB

After you click fix, just close hijackthis.


6) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

7) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

8) Now I would like for you to have the following files scanned at one of the following websites:
jotti or VirusTotal or virus.org, Kaspersky or at viruschief and let me know the results.

C:\WINDOWS\APFB.INI
C:\WINDOWS\sndhv71.sr_
C:\WINDOWS\system32\{2913B080-BC7F-447F-A0B5-93447885EB05}.dat

9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


There's a bit more to be done still. Let me know how things are running so far?

abri

 

1) To begin with, please disable your guest account if this has not already been done. --- NOT SURE HOW TO DO THIS.

2) add/remove programs: LiveReg (Symantec Corporation) --Gone

3) What part of your security are you using McAfee for?
----I dont use McAfee anymore, I am guessing those were some left over files, I got rid of them.

4) Is the following support service one you signed up for? If so, do you use it?

C:\Program Files\support.com
C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft
C:\Program Files\Common Files\SupportSoft
---No idea, they dont even sound familiar

5) Run C:\MGtools\analyse.exe --Done

6) Now download The Avenger ---Done

7) Please download ATF Cleaner by Atribune. ---Done

8) Now I would like for you to have the following files scanned at one of the following websites: ---Done on VirusTotal

9) Please run C:\MGtools\GetLogs.bat ---Done


So far I am keeping up with you. I really appreciate the help, my wife is needing the computer for online classes, so she appreciates it as well.

I am still getting pop ups, especially when I reboot.

 

Go to Start / Control Panel / User Accounts - see if the guest user account is off. If it's not, highlight it and then it may ask you if you want to turn it on or off, or you may have to click on change user account or change how to log on to that account.

See if this appears in your Start / All Programs list and if so, if there is an uninstall program with it.

Did you get a a report on this? Did it come up with nothing?

This didn't run correctly. Please make sure to run it from the GetLogs.bat file which is located in the MGTools folder under C. Double click on the GetLogs.bat file and make sure to allow it to go all the way to completion. Then repost the MGlogs.zip which is directly under C.

There's one infection left on your computer for which the removal has to be set up correctly. Please be patient while I work on this. Then we can see if the popups are gone. It's a damaging form of malware, so please try to use your computer as little as possible until it can be removed.

abri

 

The guest user was off.

C:\Program Files\support.com was something installed when the cable guy from comcast installed my cable a coulpe months ago when we moved. I dont use it so I uninstalled it.

There was nothing found on all three scans at VirusTotal.

I ran the GetLogs.bat again and have attached the zip.

Thanks again for the help.

 

Hi KCDuncan,
I'm not sure why, but 4 of the scans aren't running. I need the scans, so let's try something else. Please go back to the Windows XP Cleaning Procedure and install the MGTools, following the instructions just as you did the first time. If it asks you if it should be installed over the existing one, just say yes. After following the installation instructions and allowing it to run again, please attach the MGlogs.zip and hopefully it will contain those logs we need.
Thanks.
abri

 

OK, here is the file, hope it worked this time.

 

Hi KCDuncan,

1) Please begin by running CCleaner at the default setting with the Windows tab as the one on top.

2) Next go to Windows Explorer and find the following file, being sure to note that it is in a folder called bak:

C:\WINDOWS\SMINST\bak\RECGUARD.EXE

After you find it, copy RECGUARD.EXE from the bak folder into the SMINST folder (one folder higher). Then delete the bak folder. That will leave you with the copy you need in the SMINST folder.

3) Then please delete the following folders:

C:\hp\KBD\bak
C:\Program Files\Alwil Software\Avast4\bak
C:\Program Files\Gateway\EzTune\bak
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak
C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak
C:\Program Files\iTunes\bak
C:\Program Files\McAfee
C:\Program Files\Portrait Displays\Pivot Software\bak
C:\Program Files\QuickTime\bak
C:\Program Files\VERITAS Software\Update Manager\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\WINDOWS\system\bak
C:\WINDOWS\system32\bak

4) Rename the following two files by adding .zzz to the end of each one:

C:\WINDOWS\APFB.INI -----> APFB.INI.ZZZ
C:\WINDOWS\sndhv71.sr_ ----->sndhv71.sr_.zzz

5) Now reboot your computer.

6) And finally run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.

Let me know how things are running now?

abri

 

I have done all of the instruction posted. I am still getting massive popups when I reboot.

 

Hi KCDuncan,

1) First I want you run analyse.exe (in the MGTools folder). Select Do a system scan and when it's finished, put a check next to the following entry and have hijackthis fix it. Remember to close all browsers before clicking on FIX.

O21 - SSODL: CDDrive - {735d0c81-9ef5-47bd-9a04-172acda82f3b} - C:\WINDOWS\Installer\{735d0c81-9ef5-47bd-9a04-172acda82f3b}\CDDrive.dll

2) Download and install Erunt. Use it to create a backup of your registry.

3) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

4) Now run CCleaner.

5) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now? If you are still getting all the popups, I will have you run a couple of online scans.

abri

 

After the reboot, no more pop-ups.

 

Hi KCDuncan,
That's good news! Your logs look good. If your computer seems to be working the way it should, please go ahead with our final cleanup instructions:

abri

 

Abri,

Thank you for all the help, my pc is running great. I apreciate everything you and the others at MajorGeeks have done to help me repair my computers. I will refer freinds to you guys as long as your around.

KC

 

You're welcome!
Happy surfing!