Partypoker.com pop-ups

Hi, I've followed your instructions under "READ & RUN ME FIRST Before Asking for Support" and I still can't seem to get rid of these pop-ups. Every few minutes, I keep getting windows advertising anything from Partypoker.com to Screensavers.com.

I would really appreciate some help. I really don't know what to do anymore.

Thanks. I've also attached my HijackThis log.

 

I just realized I forgot to include the results of step 6. I've attached the reports from steps 6 & 7 below.

 

Thank you so much for your reply. I followed your instructions but there were a few problems. After I used E2TakeOut and rebooted my computer, it did not open a report and I can't seem to find one. When I clicked on E2TakeOut again, it just generated a pop-up window stating that the "fix has been applied."

Secondly, there is no c:\winnt\system32 directory in my computer. The closest one is c:\winnt\system, but it did not contain the files that I should delete.

I was also unable to find the following:
C:\WINNT\QkJU
C:\Documents and Settings\BBT.BBT-UIN7WRE7PEI\Application Data\??curity\?hkntfs.exe

I've run HJT again and attached the log below. I also managed to locate the original BitDefender log and attached it. The forum won't let me upload an html file so it's a word document.

Thanks again. I really appreciate this.

 

Thanks again for the response.

I've managed to delete more of the system32 files except two which I still couldn't find (cloudsim.exe; locsec.exe).

I followed the rest of your instructions and I've attached the HJT log.

The popups for Partypoker.com are still coming up though. Is there anything else I should do?

I really appreciate this.

 

I did reboot my computer after E2TakeOut, but as I mentioned in an earlier post, it never opened up a report when I rebooted. When I tried to use it again, it just generates a pop-up stating that the "fix has already been applied."

I also have the new logs as requested below.

Thanks.

 

I'm embarassed to say that I'm still using Windows 2000. I don't have XP on my computer. Is there something else I can use?

 

Try this file

W2kFiles.exe

 

Thanks! I unzipped the file and clicked on "command" but all I'm getting is a DOS window. Am I supposed to type in a command?

 

You don't Unzip the file. You double click the exe, accept the default directory location, click Unzip and close the file. This will place 3 files in the System32 folder, that may be needed by GetRunKeys and ShowNew.

Once you have run W2kFIles.exe, reboot.

Then run GetRunKeys and ShowNew; and post the logs.

 

Okay, I followed all the steps and here's the logs.

 

Download
- Pocket Killbox
- ExplorerXP

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Okay. Done.

Just a note, all the files I was supposed to delete with ExplorerXP couldn't be found.

I've attached the most recent HJT log.

 

That's a good thing.

Your HijackThis log is clean.

How is your computer running?

 

Unfortunately, I'm still getting those annoying Partypoker.com pop-ups. Is there anything else I can do?

 

Incidentally, I don't know if this information is helpful. But around the time I started getting the pop-ups, I also had Mirar "anti-popup" software automatically install into my computer without my knowledge.

 

Rename hijackthis.exe to analyse.exe. Do this now, before proceeding.

Post a fresh HijackThis log.

 

Okay. Here is the new log.

 

The log is clean.

Follow the directions for Running WinPfind by OldTimer.

Post WinPFind.txt when finished.

 

Okay. Here is the WinPFind log.

 

I'm not seeing anything in theh logs to explain this behavior. Run teh BitDefender and Panda ActiveScan Olines scanners again and post the logs. I may be overlooking something.

 

Sorry for the delay in reply. Here are the reports.

Incidentally, I've noticed the pop-ups seems to have decreased in the last two days. Do you think we've finally got rid of it?

 

PandaActive Scan is finding some things in the registry, but not telling me where.

Install CounterSpy , update the definitions. Run a full system scan and post the log.

 

Shadow Puter Dude, my computer won't seem to install CounterSpy. It keeps getting interrupted by an error message: "Error 1606. Could not access network location %USERPROFILE%\Desktop\."

chaslang, I think that file has been deleted.

 

I'm not sure but it's no longer in the directory. I might have deleted it.

 

OK, forget CounterSpy. Follw the directions for Running Ewido Anti-Malware.

Post the Ewido log when finished.

 

Sorry for the delay. Here is the Ewido report.

 

Ewido found mostly Cookies, and some Adware; that was removed.

How is your computer running?

 

It's running alright. Sporadically, I would get a barrage of pop-ups. This time around, it seems to be for anti-virus software. What's strange is that I'm currently using Firefox, yet the pop-ups would be in Internet Explorer.

 

Download ShowNew and GetRunKey again, run the tools and post the logs.