Hi, I am new to this board and would greatly appreciate if I could receive some help.
I am getting pop-ups at an alarming rate and have tried using: Spy-bot, Ad-aware, Spy-sweeper, and anti-virus with no success.
I tried deleting some generic registry items that were associated with the pop-ups but that also did not work.
If anyone here can offer some advice, I would be grateful.
One of the pop-ups in particular from "grand virtual" a casino program of some sort is popping frequently and consecutively.
The others are of adult nature.
Thank You again,
dave

Hello and welcome to Techspot.

Go Here and follow the instructions it should help you.

Regards Howard :wave: :wave:

could someone please explain, in some detail, about the HijackThis program, how it works and how to use it.
I am a little wary about downloading it because have read some bad reviews about it on the web.
I still need help getting rid of the pop-ups as spy-bot, ad-aware, and spy-sweeper do nothing to fix the problem.
Thanks again
dave

There`s absolutely no need to worry about Hijackthis.

I`ve been using it for quite some time without any problems.

In fact Hijackthis has helped me and hundreds of other Techspot members get rid of loads of nasties

Regards Howard :grinthumb

Thanks for the replies, however, I do not understand how HijackThis works, I was wondering if someone could explain in detail how the software works and best to use it.
Thanks

Basically Hijack this scans your computer for running programmes etc and allows you to see and stop various programmes from being exicuted on your machine.

Regards Howard :grinthumb

If you had followed Howards advise in the firstv place and gone to the post he mentioned, you would have found: Read the HJT instructions on that website!
Go there now, and READ them. It tells you what HJT does and how.
www.tomcoyote.org/hjt/

So basically, I run the HijackThis program then post the resulting log and hope that I receive useful instruction on what to remove?

That is correct, got it in one.

That`s why I said it will help you.

The rest as they say is up to you.

Regards Howard

Log too long

Downloaded HijackThis and tried to post the logfile but it exceeded the allowed character limit for a post.
Not sure which information from the log is relevant....how should I go about posting the log?
Thanks

Go Here and follow the instructions on how to post your Hijackthis log.

Regards Howard :grinthumb

HijackThis log (i hope)

Here is my HijackThis log in TXT format.
Thanks again

Did you even bother to read my first post in this thread?

Do so now click on the link I gave you and follow the instructions.

Howard is right. Do your homework first, AFTER that post a new log as attachment.

Alright, here is my NEW hijackthislog....I notice that a few of the items that I had deleted the first time have returned to the log, such as "09-your system is infected with spyware"
any assistance would be appreciated, thanks
sorry about my previous attempts

Click Start/Run and type in msconfig, then hit enter.
See if you can UNcheck: RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k

Reboot in Safe Mode

UNinstall anything to do with (if you can):
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\PROGRA~1\Web Offer\wo.exe

Next, go into Task Manager (ctrl-alt-del) and try to STOP these processes (if still there):
quoycv.exe
ViewMgr.exe
packager.exe
tibs3.exe
AutoUpdate.exe
umdbk32.exe
lmrredir.exe
CxtPls.exe
wo.exe
satmat.exe
farmmext.exe
enhupdt.exe
18btul.exe

Next, run HJT on its own, and let it 'fix' (if still there):
C:\WINDOWS\System32\quoycv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\packager.exe
C:\WINDOWS\System32\tibs3.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\umdbk32.exe
C:\WINDOWS\System32\lmrredir.exe
C:\Program Files\CxtPls\CxtPls.exe
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [bspftoyxyfntn] C:\WINDOWS\System32\quoycv.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [t3FT33S] umdbk32.exe
O4 - HKLM\..\RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [c0w3RTeEW] lmrredir.exe
O4 - HKCU\..\RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe

Delete the bold files, except MSCONFIG. When a directory is also bold, delete everything in it, including that directory itself.

thank you

Thanks guys......