Please Help, Can't remove pop-ups, have tried cleaners unsuccessfully

[telex]

Hi, I am new to this board and would greatly appreciate if I could receive some help.
I am getting pop-ups at an alarming rate and have tried using: Spy-bot, Ad-aware, Spy-sweeper, and anti-virus with no success.
I tried deleting some generic registry items that were associated with the pop-ups but that also did not work.
If anyone here can offer some advice, I would be grateful.
One of the pop-ups in particular from "grand virtual" a casino program of some sort is popping frequently and consecutively.
The others are of adult nature.
Thank You again,
dave

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go Here and follow the instructions it should help you.

Regards Howard :wave: :wave:

 

[telex]

could someone please explain, in some detail, about the HijackThis program, how it works and how to use it.
I am a little wary about downloading it because have read some bad reviews about it on the web.
I still need help getting rid of the pop-ups as spy-bot, ad-aware, and spy-sweeper do nothing to fix the problem.
Thanks again
dave

 

[howard_hopkinso]

There`s absolutely no need to worry about Hijackthis.

I`ve been using it for quite some time without any problems.

In fact Hijackthis has helped me and hundreds of other Techspot members get rid of loads of nasties

Regards Howard :grinthumb

 

[telex]

Thanks for the replies, however, I do not understand how HijackThis works, I was wondering if someone could explain in detail how the software works and best to use it.
Thanks

 

[howard_hopkinso]

Basically Hijack this scans your computer for running programmes etc and allows you to see and stop various programmes from being exicuted on your machine.

Regards Howard :grinthumb

 

[RealBlackStuff]

If you had followed Howards advise in the firstv place and gone to the post he mentioned, you would have found: Read the HJT instructions on that website!
Go there now, and READ them. It tells you what HJT does and how.
www.tomcoyote.org/hjt/

 

[telex]

So basically, I run the HijackThis program then post the resulting log and hope that I receive useful instruction on what to remove?

 

[howard_hopkinso]

That is correct, got it in one.

That`s why I said it will help you.

The rest as they say is up to you.

Regards Howard

 

[telex]

Log too long

Downloaded HijackThis and tried to post the logfile but it exceeded the allowed character limit for a post.
Not sure which information from the log is relevant....how should I go about posting the log?
Thanks

 

[howard_hopkinso]

Go Here and follow the instructions on how to post your Hijackthis log.

Regards Howard :grinthumb

 

[telex]

HijackThis log (i hope)

Here is my HijackThis log in TXT format.
Thanks again

 

[howard_hopkinso]

Did you even bother to read my first post in this thread?

Do so now click on the link I gave you and follow the instructions.

 

[RealBlackStuff]

Howard is right. Do your homework first, AFTER that post a new log as attachment.

 

[telex]

Alright, here is my NEW hijackthislog....I notice that a few of the items that I had deleted the first time have returned to the log, such as "09-your system is infected with spyware"
any assistance would be appreciated, thanks
sorry about my previous attempts

 

[RealBlackStuff]

Click Start/Run and type in msconfig, then hit enter.
See if you can UNcheck: RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k

Reboot in Safe Mode

UNinstall anything to do with (if you can):
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\PROGRA~1\Web Offer\wo.exe

Next, go into Task Manager (ctrl-alt-del) and try to STOP these processes (if still there):
quoycv.exe
ViewMgr.exe
packager.exe
tibs3.exe
AutoUpdate.exe
umdbk32.exe
lmrredir.exe
CxtPls.exe
wo.exe
satmat.exe
farmmext.exe
enhupdt.exe
18btul.exe

Next, run HJT on its own, and let it 'fix' (if still there):
C:\WINDOWS\System32\quoycv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\packager.exe
C:\WINDOWS\System32\tibs3.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\umdbk32.exe
C:\WINDOWS\System32\lmrredir.exe
C:\Program Files\CxtPls\CxtPls.exe
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [bspftoyxyfntn] C:\WINDOWS\System32\quoycv.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [t3FT33S] umdbk32.exe
O4 - HKLM\..\RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [c0w3RTeEW] lmrredir.exe
O4 - HKCU\..\RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe

Delete the bold files, except MSCONFIG. When a directory is also bold, delete everything in it, including that directory itself.

 

[telex]

thank you

Thanks guys......