Elusive PopUp source - PLEASE HELP!

Status
Not open for further replies.
I'm a computer tech that does quite a lot of work on personal computers, particularly malware removal, but this one has me absolutely stumped.

I have a laptop whose user clicked a link in an AIM message and subsequently received an infection that shut down his Internet connection. Once I got the connection restored, all hell broke loose - popups galore. I spent several days cleaning the machine, but there is still something on there that has proven to be very elusive. I have ran AdAware and MS Antivirus, but neither detects anything at this point other than tracking cookies. I have ran Housecall and Panda, but again, only cookies. I have cleared temp files, history, and cookies. Nonetheless, when the machine is started, the popups start firing up. up to 15 windows will open at a time, and every 10 minutes or so, another group pops up. The URLS for the popups include, but are not limited to:

banners.searchingbooth.com
apply.blinko.com
adserving.cpxinteractive.com
www.entrepenuer.com
www.yourstats.net
ad.yieldmanager.com
www.tipany.com
www.popuptraffic.com
Red Orbit
Fun Lotto, Inc.

And the list goes on. I have ran HijackThis, but do not see anything suspicious. The log is attached. I've also ran FindQool, RKTools, and WinPFind, and can post those logs if desired.

Thanks for any help in advance. I'm pulling my hair out over this one. My reps at stake!

B'Dog
 
Hello and welcome to Techspot.

The only thing I can see in your HJT log that is undesirable, is the AOL toolbar.

I suggest you uninstall this from add remove programmes.

I also suggest you let HJT fix this entry.

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe as it`s not clear what it does exactly. You can always restore it later if need be.

Then, go HERE and follow the instructions in the order they are given.

Let us know if this help.

Regards Howard :wave: :wave:
 
PopUps

The Ati2mdxx.exe file is associated with the video card. I tried removing that from the equation, thinking it was corrupted, but no luck. I'll follow your recommendations and see what that does.

Thanks for the reply. I'll keep you "posted".
 
Status
Not open for further replies.
Back