Hi, this has been occurring for quite some time, whenever i load mozilla i will get internet explorer popups. I've tried running softwares to clean it, but it just doesn't go away. Recently I watched something using real player and it just opened websites non stop

Is there anyway to stop these Internet explorer pop ups?

-Have you tried uninstalling Mozilla completely and then reinstalling it?
..from Control Panel, then Program files, then registry?

- Do you have a Firewall protecting your internet connection?

- Do you have a third-party pop-up blocker? - http://www.stopzilla.com/download/d...POP BLOCKER&gclid=CKaKjbb3lo4CFRrnPgodpzqrXg&

- Is your Mozilla pop-up blocker on? - http://www.bsu.edu/techtrain/popup/mozpopup/

- What do you mean by Internet Explorer pop-ups?

***Try this and post your results: http://www.popuptest.com/***

- Oh and by the way, welcome to TechSpot!

No i haven't, but sometimes i will get popups even though mozilla isn't opened

My system says i have firewall turned on.
I don't use third party popup blockers, and i have just checked, the inbuilt mozilla popup blocker is checked.

These popups can be like adds, or links to various sites I've never seen so its very random.

Thanks for the warm welcome ^_^

There are settings in Internet Explorer 7.0 to opt out of most pop ups.
I have been using Firefox for years. Popups are almost never a problem, unless your settings allow them.
See the Help section in Mozilla... There is a section there on "Controlling PopUps."

Go and read this thread HERE and post a HJT log as an attachment into this thread.

Regards Howard

I have done the HJT scan and here is the .txt file attatched

Just click on where it says HERE.

Regards Howard

log posted, do i have a virus ?

Your system is badly infected with malware.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

1 sec following the instructions

It`ll take you quite a while to follow the instructions. Take your time and don`t skip any of them, unless it states otherwise.

Regards Howard

This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

for step 11 - Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path" Do not fix anything yet. Let me know what is found in your reply and I`ll instruct you on how to proceed. Reconnect to the net.

i finished the scan but how do i post it ?

I think i found it in the folder, is it called Results? It is like 10 mbs and i cant upload it

You don`t post the AVG Antirootkit scan, just the results(location/file path) of what it finds(if anything).

Example: C:\windows\system32\somefile.exe

Regards Howard

This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

the rookie scan finds like thousands of things like c:\Documents and Settings\user\Application Data\Microsoft\Msn Messenger.....

In that case, I think the better option would be to reformat and reinstall from scratch.

Before doing that, can you post a screen shot of the AVG Antirootkit scan?

Regards Howard

This is a print screen of the rootkit scan

Well i dont know if this matters of not, these are the HJT and AVG scans:

i also did another AVG scan later on.

I`m not 100% sure what`s going on here, but would like you to do the following.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Run AVG Antirootkit as per the instructions in step11 of this thread HERE and have it fix everything it finds.

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the filepaths you need to enter into Vundofix.

C:\Program Files\Common Files\goskdl.dll
C:\WINDOWS\system32\qqxrkx.dll
C:\program files\internet explorer\nm070809.dll

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Delete all files in AVG Antispyware quarantine.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

spoolsv.exe
Update.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll

O2 - BHO: (no name) - {C9E1A926-69E5-1B4A-BD5A-3676151B0DC4} - C:\WINDOWS\system32\qqxrkx.dll

O4 - HKCU\..\Run: [Reas] "C:\PROGRA~1\SSEMBL~1\spoolsv.exe" -vt ndrv

O4 - HKLM\..\Policies\Explorer\Run: [nongmin] rundll32.exe "C:\program files\internet explorer\nm070809.dll" mymain

O4 - HKCU\..\Policies\Explorer\Run: [{40BAC257-07E3-1033-0423-040502020001}] "C:\Program Files\Common Files\{40BAC257-07E3-1033-0423-040502020001}\Update.exe" mc-110-12-0000904

O4 - HKCU\..\Policies\Explorer\Run: [{40BAC257-07E4-1033-0423-040502020001}] "C:\Program Files\Common Files\{40BAC257-07E4-1033-0423-040502020001}\Update.exe" mc-110-12-0000904

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\PROGRA~1\SSEMBL~1<Delete the entire folder.
C:\Program Files\Common Files\{40BAC257-07E4-1033-0423-040502020001}<Delete the entire folder.
C:\Program Files\Common Files\{40BAC257-07E3-1033-0423-040502020001}<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Run a fresh AVG Antirootkit scan and let me know if it finds anything.

Post fresh HJT and AVG Antispyware logs.

Regards Howard

This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Sorry, i was just wondering how do i Delete all files in AVG Antispyware quarantine?

Open AVG Antispyware and click on the Infections button, then the qurantine tab. Click select all, then click Remove Finally.

Regards Howard

This thread is for the use of toneeh only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I have experienced my system crashing at times, like programs will get critical errors after deleting things and stuff.

The two programs which have crashed are:

World of warcraft - game
Ventrilo

i will post the logs shortly.