Elusive Popups and Other things

By Meowzer2u
Jun 14, 2006
  1. Okay to start off...A few days ago I somehow. . .managed to get major popups and other malicious things in my computer...

    My computer suddenly started being really slow, froze up...and tadah!...I see a bunch of new icons and TONS of popups!...Thinking well oh jee great...I first ran Adaware...At first it seemed to fix the problem...then when I decided to play some games...which take up the whole screen...(World of Warcraft, Age of Empires...)...I hear my popup blocker going crazy w/ the little like "ping" sound...and everytime it did'd window me out of my games...

    So being annoyed I ran Adaware again, it brought up nothing...So I moved on to Spybot Search and Destroy...Spybot found a bunch of stuff, claiming to clean I once again tried to play my games. . .but yay. . .once again everytime it'd kick me out due to the poups...

    So..I decided to unblock the popups, to see what kind they are to google them to see if I could find something about them to get rid of them. . .

    I found this

    Which led me to this forum...I read that, and it's about the exact same thing. . .with what I'm getting. . .except I didn't click on any "Aim ad"..or w/e...dunno what I did!....But seeing that the guy didnt have any solution....I tried..many more anti virus things etc...I've tried Avast, and Etrust (which I got from the Microsoft website)...and many more that I can't even think of...all to no avail of getting rid of my popups.

    Sooo...I went to bed angry and woke up in the middle of the my computer talking to me...Apparently my popups are getting they're some how getting past my popup blocker...and now every 30 seconds I get this...Would you like to go to something of the sort, poker here at!

    And it's also making my computer MUCH worse. . .its VERY slow...and I'm having trouble opening/running things now...I tried doing the Ewido thing...and tried running it in safemode...but it wouldnt even open in safemode, so I ran it in regular mode, and it found 1440 things!...Said it cleared them all...buuuuut not the 'elusive popups'...

    Anyways....mucho help would be TERRIFIC...because I'm scared my computer is going to burst into flames soon :( (btw i cannot upload the ewido scan -...says its too big..if anyone would want me to email them to it, or have me send it to them over msn)

    Thanks Brittany (or..Meowzer2u)
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).


    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.


    close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).


    Close task manager.

    Click start/run and type regsvr32 /u C:\Program Files\DNS\Catcher.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Click start/run and type regsvr32 /u C:\WINDOWS\system32\x3cqp0.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cgqltpb.exe

    O2 - BHO: (no name) - {59DC5B54-C0B9-EC33-9F99-94FC5A87E7E1} - C:\WINDOWS\system32\uyi.dll (file missing)

    O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll (file missing)

    O2 - BHO: (no name) - {FACBE853-D658-44A1-AEF0-6B8685A31A56} - C:\Program Files\Internet Explorer\hocenybi.dll (file missing)

    O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll

    O4 - HKLM\..\RunServices: [WinLoader] yrftwjdslumk.exe

    O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000140.exe

    O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM

    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - (file missing)

    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - (file missing)

    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - (file missing)

    Fix all 016-DPF entries.

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)

    O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll

    O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\wwfapi.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
    C:\Program Files\Common Files\mc-110-12-0000140.exe
    C:\Program Files\DNS\Catcher.dll

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log. See HERE for instructions.

    Regards Howard :wave: :wave:
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...