Home > Please Help > Please Help! S.clkoptimizer Popups!

Please Help! S.clkoptimizer Popups!

Bleeping computer is easily the best new tool I've discovered for quite some time to fix a wide variety of computer problems. I do not use TBE, and only very few sites produce a popup for me. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, When a pop-up is blocked, the address bar will be marked Pop-ups blocked .

Click here to Register a free account now! It will ask for confimation to delete the file on next reboot. Go to the Tools menu and choose "Delete Temp Files". Firefox blocks popups. 3.

If I click Yes I want to continue running scripts, all aspects of Norton say "refreshing". Sorry, I did not find a best place to put it! Open Killbox, click the option Replace on Reboot & click the box Use Dummy You'll see the path to the filename appear in the bottom box. Im not experienced with a program like this, but knowing microsoft, it wouldnt surprise me that this is normal activity.

Copy and paste that log here. I didnt get anything like that. This utility will find legitimate files in addition to malware. User Name Remember Me?

On the General tab under "Temporary Internet Files" Click "Delete Files". REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu NAME> REG_SZ {BDA77241-42F6-11d0-85E2-00AA001FE28C} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerArchiver Script error also causes me to "restore active desktop". http://www.bleepingcomputer.com/forums/t/8906/hijack-results-please-help-me/ Checking the C:\WINDOWS\SYSTEM32 folderC:\WINDOWS\SYSTEM32\64odhr0b.exe: UPX!C:\WINDOWS\SYSTEM32\amnrzr.exe: UPX!C:\WINDOWS\SYSTEM32\amnrzr.exe: ?u.ad-behNior.comC:\WINDOWS\SYSTEM32\ehgpypi.dll: u.ad-behavior.comC:\WINDOWS\SYSTEM32\elitepow32.exe: PEC2C:\WINDOWS\SYSTEM32\elitepow32.exe: PECompact2C:\WINDOWS\SYSTEM32\gbvqu.dat: UPX!C:\WINDOWS\SYSTEM32\gbvqu.dat: ?u.ad-behNior.comC:\WINDOWS\SYSTEM32\HyperLinker.exe: UPX!C:\WINDOWS\SYSTEM32\in10b6s.dll: UPX!C:\WINDOWS\SYSTEM32\in10b6s.dll: 'aspackC:\WINDOWS\SYSTEM32\opanr.dll: UPX!C:\WINDOWS\SYSTEM32\opanr.dll: 7u.ad-behNC:\WINDOWS\SYSTEM32\winup2date.dll: UPX!C:\WINDOWS\SYSTEM32\winup2date.dll: KavSvc{.ad-behC:\WINDOWS\SYSTEM32\wmconfig.cpl: UPX!C:\WINDOWS\SYSTEM32\wmconfig.cpl: u.ad-behNior.comC:\WINDOWS\SYSTEM32\xrocacn.exe: u.ad-behavior.com Checking all directories under the C:\WINDOWS\SYSTEM32\drivers folder Checking the

If I have helped you in any way, please consider a donation: Member of UNITE and ASAP. Comment 79 børge 2004-08-26 13:25:20 PDT ok, great! :) Firefox 0.9.3: http://www.againsthunger.org/ opend one pop-up and then the same one about one second later Comment 80 Neil Parks 2004-08-26 13:37:03 PDT Back to top Back to Resolved or inactive Malware Removal 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear SpywareInfo Forum → I briefly looked through the generated code for that home page, which pops up the ad, and found some relevant JavaScript code.

Click any link in the news section (sección noticias), then it opens a pop-up window. browse this site Very interesting... Nothing is getting rid of it. Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE" O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program

Next, please run Notepad, and copy and paste the following text into a new Notepad file:REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{7638F061-E496-11D8-80CC-00B0D0920F48}"=-Save the file to the desktop as fix.reg and make sure that in In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle Do not remove anything unless you are sure you know what you're doing. ------- System Files in System Directory ------- Volume in drive C has no label Volume Serial Number is Select Block for the behavior.

Help us fight Enigma Software's lawsuit! (Click on the above link to learn more) Become a BleepingComputer fan: FacebookFollow us on Twitter! When opening Norton, I get a script error that says "Permission denied". This is important, if you reboot before you are finished entering all the files, you will have to start over again. It uses document.createElement('script');.

I got the startuplist log, the Silent Runners log and the qoologic log, but after clicking on Make a log of what was found on dllcompare, it was taking way to It is not a Firefox problem. http://bugzilla.mozilla.org/show_bug.cgi?id=259117 Comment 126 Dagan McGregor 2004-09-21 00:47:32 PDT I would like to add another site which has popups which were getting passed the current popup blocker.

Click Apply then OK.

Finally go to Control Panel > Internet Options. Total of file sizes: 908,416 bytes 887.13 K ------------ Strings.exe Qoologic Results ------------ C:\WINDOWS\enhnac.dll: excl_urls=photobucket.com,c1.zedo.com,media.deskwizz.com,stats.eblocs.com,passportimages.com,banners.searchingbooth.com,ads234.com,click2.containsitall.com,media.fastclick.net,sandboxer.com,a.websponsors.com,ads.clickagents.com,trk.bestmagsdirect.com,toprebates.com,ad.doubleclick.net,as.casalemedia.com,m3.doubleclick.net,dw.dailywinner.net,img2.mailpostdirect.com,bv.channel.aol.com,adlog2.lzio.com,host239.ipowerweb.com,popups.ad-logics.com,clickserve.cc-dt.com,hits.clickandtrack.net,ads.mydailyhoroscope.net,c5.zedo.com,affiliates.4lowrates.com,couponage.com,ekmas.com,creativeby.viewpoint.com,mydailyhoroscope.net,images.trafficmp.com,actualdeals.com,download.websearch.com,aim-charts.pf.aol.com,aol.com,target.com,yahoo.com,microsoft.com,anrdoezrs.net,isg05.casalemedia.com,jbigpops.cjt1.net,whenusearch.com,trk.pcsecurityshield.com,license.hotbar.com,web.icq.com,sc.musicmatch.com,comcast.net,filter.belkin.com,clickit.go2net.com,adverts.lzio.com,windowsupdate.microsoft.com,v4.windowsupdate.microsoft.com,odysseusmarketing.com,join1.winhundred.com,advert.runescape.com,top-banners.com,sr.websearch.com,messenger.msn.com,download.abetterinternet.com,adserv.internetfuel.com,pops.browseraid.com,banners.pennyweb.com,tv.180solutions.com,s.clkoptimizer.com,adserv1.gruvmedia.com,cdn.icq.com,messenger.zango.com,smileycentral.com,wwp.icq.com,web.tickle.com,isapi60.weatherbug.com,websearch.com,hop.clickbank.net,media76.fastclick.net,mmm.media-motor.net,rightmedia.net,bannerserver.gator.com,www4.yesadvertising.com,ww2.weatherbug.com,servedby.advertising.com,adsrv.qoologic.com,games.yahoo.com,weatherbug.com,jicmedia.cjt1.net,ad.trafficmp.com,updates.qoologic.com,ads1.revenue.net,ar.atwola.com,ads.addynamix.com,wisapidata.weatherbug.com,popuppers.com,as.adwave.com,look2me.com,jbns2.cydoor.com,bannerfarm.ace.advertising.com,delfinproject.com,view.atdmt.com,mm.delfinproject.com,download.smileycentral.com,xadso.offeroptimizer.com,webpdp.gator.com,ayb.lop.com,stopzilla.com,pgq.yahoo.com,jmnad1.com,topicks.com,e.rn11.com,focusin.ads.targetnet.com,insider.msg.yahoo.com,m2.doubleclick.net,mail.yahoo.com,jcontent.bns1.net,ctl.twain-tech.com,master.mx-targeting.com,hotmail.com,searcheffect.com,ads.delfinproject.com,cfg.mywebsearch.com,akapp.whenu.com,newupdates.lzio.com,allaboutsearching.com,amch.questionmarket.com,adfarm.mediaplex.com,hotmail.msn.com,by.optimost.com,cdn-cf.aol.com,paypopup.com,popuptraffic.com,xadsq.offeroptimizer.com,jnictech.cjt1.net,xanga.com,count.exitexchange.com,servedby.adscpm.com,search200.com,cdn-aimtoday.aol.com,kill-pop-ups.com,us.update.companion.yahoo.com,qksrv.net,clickspring.net,xlime.offeroptimizer.com,sr.adwave.com,zone.msn.com,radio.launch.yahoo.com,ads.bidclix.com,counters.honesty.com,oz.valueclick.com,i.emarketresearchgroup.com,ads2.revenue.net,popup.msn.com,adsv2.delfinproject.com,u.clkoptimizer.com,ezula.com,server.iad.liveperson.net,loadingwebsite.com,pan-advert.com,t.trafficmp.com,clicktrk.com,aaabesthomepage.com,ads.exitexchange.com,us.a1.yimg.com,trafficmp.com,yimg.com,a.as-us.falkag.net,a1.yimg.com,z1.adserver.com,falkag.net,as-us.falkag.net,loginnet.passport.com,ads.inet1.com,pagead2.googlesyndication.com,login.passport.net,v8.alwaysupdatednews.com,adv.eblocs.com,alwaysupdatednews.com,fxfeeds.mozilla.org,cdn.aim.com,ar.atwola.com,c4.maxserving.com,maxserving.com,mediaplex.com,altfarm.mediaplex.com,topmoxie.com,global.msads.net,msads.net,banner.goldenpalace.com,goldenpalace.com,us.i1.yimg.com,cdn.comcast.net,us.yimg.com,us.js1.yimg.com,js1.yimg.com,switch.atdmt.com,atdmt.com,update32.searchmiracle.com,onemoresearch.net, C:\WINDOWS\SYSTEM\pav.sig: Qoologic C:\WINDOWS\SYSTEM\pav.sig: Qoologic -------------- Strings.exe Aspack Results ------------- C:\WINDOWS\SYSTEM\pav.sig: AsPack ----------------- HKLM Run Key ------------------ Is anybody else seeing this? Firefox does a good job but DID fail at least one of these tests (pop-unders): http://www.kephyr.com/popupkillertest/index.html Comment 82 Jeremy M.

If I have helped you in any way, please consider a donation: Member of UNITE and ASAP. Click on the Locate.com button. No popups on either of those two or the Onion page here. Back to top #11 Jaybird934 Jaybird934 Topic Starter Members 110 posts OFFLINE Local time:09:00 PM Posted 16 January 2005 - 04:19 PM I don't have the "C:\PROGRAM Files\Web Offer" folder

my website: http://twentyfifteen.tripod.com As an FYI, tripod has been known for their spectacular programming techniques to force browsers to open new windows. Hang with us on LockerDomeCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector Simple and easy ways to keep your computer safe and secure on the Internet Check the "I know what I'm doing" Button and move all instances of cdlsp.dll from the left panel to the right panel then click Finish Reboot the Computer Open Highjackthis, take StartupList report, 1/22/2005, 10:26:58 PM StartupList version: 1.52.2 Started from : C:\Program Files\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including

It may take as long as ten minutes to run. Comment 50 tve 2004-08-13 04:57:45 PDT Some people see popups on www.chip.de - on the front page as well as on other pages. The two it allowed through was the [url=http://www.popuptest.com/popuptest8.html]Drop Down Popup[/url] and the [url=http://www.popuptest.com/popuptest6.html]Sticky Popup[/url]. This utility will find legitimate files in addition to malware.

Former Microsoft MVP Windows-Security 2005-2009 If we have helped you please consider a donation Thank You Back to top khurleyJunior MemberJoined: 22 Mar 2005Last Visit: 19 May 2008Posts: 15 Posted: Thu I cannot reproduce it in Firefox's 20040811 Aviary, and others can't reproduce it on 0.9.3, but here's some screenshots from people who see them: http://firefox.stw.uni-duisburg.de/forum/viewtopic.php?p=41728#41728 Comment 51 Jeremy Redburn 2004-08-13 09:04:54 I want to add it to our startup list. findit log: Warning!

Seperately, bug 240210 is about popups opening from Flash/Shockwave plugins. That said, I dislike the yellow bar at the top, and would prefer the doodad at the bottom like it used to be. EDIT: Tried with new profile. Thank you for you excellent cooperation during this fix.Joe.

This page is so long that I missed the bit about -safe-mode the first run through. The system is fully patched. they have a pop-up stopper test web page to put your pop-up stopper through it's paces. It won't let me update or run a scan.

It has since been updated again and the old find_it will not find all files yet. Then double-click on fix.reg and click Yes to merge it with the registry.Next, please download the Hoster from here:http://members.aol.c...dbee/hoster.zipUnzip it to the desktop and run it. Click Yes. ballardp, Mar 20, 2005 #3 Flrman1 Joined: Jul 26, 2002 Messages: 46,329 Do all the following in this order: Click Here and download the VX2Finder9x.exe tool.