TechSpot

Random popups in IE even when browser is closed

By gbc1989
Dec 25, 2008
  1. Hi,

    I get these random IE popups from registry defender, yellow pages, pcantivrus, etc. Even when the browser is closed, i get these popups. I know i probably have a Adware lop or something like that, so here is my hijack this log.

    ANy help would be appreciated.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This may not do much good as it is necessary to run additional programs, but to handle the current HijackThis log:
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
    It appears that you may have had the McAfee Security Suite at one time. But if you uninstalled it, it wasn't complete.
    Have HijackThis remove the entries with above first:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK all McAfee related processes> Apply> OK.

    Control Panel> Add/Remove Programs> UNINSTALL the McAfee Suite.

    Reboot into Normal Mode. You will get a nag message that you can ignore after checking 'don't show this message again'. Stay in Selective Startup.

    Update Java:
    Please follow the steps here and then post all three logs:
    http://www.techspot.com/vb/topic58138.html

    HijackThis alone is not sufficient. You will need to rescan with HijackThis AFTER Malwaebytes and SuperAntispyware. We will deal with additional entries dependent on all the logs.
     
  3. gbc1989

    gbc1989 TS Rookie Topic Starter Posts: 21

    Hi again,

    I followed some of your steps and was able to delete some of the entries from Hijack this. Then my computer just shutdown because of a thermal event and I will work on this asap and get you those logs tomorrow.

    Thanks
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Best to have everything else closed on the system while running the malware cleaning programs. But don't worry if you can't remove the HijackThis entries at this time. We can do it after I see the logs for all 3 programs.

    It would be a good idea though to handle the McAfee and update the Java, as those can cause security issues.
     
  5. gbc1989

    gbc1989 TS Rookie Topic Starter Posts: 21

    I think i followed all the steps in order and here are the results in logs. Thanks for the input so far!
     
  6. gillianbrown

    gillianbrown Banned Posts: 141

    Why have you gone from running a current version of HJT to using an outdated version?

    Make sure you have the LATEST version of HJT (currently 2.0.0.2) from HERE.

    Double-click on the file you just downloaded.
    Click on the "Install" button to install.
    It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
    Please do not change the default install location.

    Very Important.

    You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

    Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

    Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

    You can now close the HJT directory.

    Please post a fresh HJT log.
     
  7. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    what does your antivirus and anti-trojan programs say?
     
  8. gbc1989

    gbc1989 TS Rookie Topic Starter Posts: 21

    Here you go, I had a mix up. This is the new Hijack this version's log.
     
  9. gillianbrown

    gillianbrown Banned Posts: 141

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    scourtoolbar

    Close control panel.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {2B2B96D8-7634-4799-AD47-85E621EB8884} - (no file)

    O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL

    O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,dpxwqr.dll,avgrsstx.dll mnidvt.dll

    O20 - Winlogon Notify: nnnomjj - nnnomjj.dll (file missing)

    O20 - Winlogon Notify: pmnmnkkI - pmnmnkkI.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\PROGRA~1\scourtoolbar<Delete the entire folder.

    Reboot your system.

    Post a fresh HJT log and let us know if you're still having problems.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'd like to suggest running the Vundo Fix:
    VundoFix:
     
  11. gbc1989

    gbc1989 TS Rookie Topic Starter Posts: 21

    bobbeye i ran the vundo fix. it found nothing infected.

    gillianbrown, i did what u said and here's the HJT log.
     
  12. gbc1989

    gbc1989 TS Rookie Topic Starter Posts: 21

    here's the log
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    gbc1989, please use the Edit function when you have something to add, rather than making a separate post. The log is clean but here are some suggestions that will allow faster startup, faster surfing and faster shutdown:

    Suggested programs and processes to UNCHECK on the Start menu:
    If you decide to do this, reopen HijackThis and scan. CHECK each of the processes.
    Then close all Windows except HijackThis and click Fix Checked and boot into Safe Mode.

    Remove any of the entries on Startup:
    Start> Run> msconfig> enter> Selective Startup Startup tab: UNCHECK each related process> Apply> OK.
    The do the Services as instructed:
    NONE of these need to start on boot:
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper>> ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios

    3 Media Player on start:
    Active X Objects:
    Services: Startup Type can be changes to Manual to start only as needed:
     
  14. gillianbrown

    gillianbrown Banned Posts: 141

    Your HJT log is clean.

    However, you can disable the entries as pointed out by Bobbey if you so wish.
     
  15. gbc1989

    gbc1989 TS Rookie Topic Starter Posts: 21

    thanks guys for the help! bobbye thanks for your extra suggestions, ill be on those right away.
     
  16. gbc1989

    gbc1989 TS Rookie Topic Starter Posts: 21

    Guys, I have a follow up question because I was trying to uninstall one video game called " Star Wars II Jedi Outcast" with the CCleaner, but it would not uninstall it because " an installation support file could not be installed, catastrophic failure"

    is there a manual way to do this?
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The proper way to uninstall " Star Wars II Jedi Outcast" would be:
    First: use the game uninstaller if it has one.
    2. If not, use Add/Remove Programs in the Control Panel.

    I don't recommend CCleaner or any other cleaner to do a full uninstall, only to remove left over files that can't be deleted. I need the exact 'catastrophic fsilure' message. If there is not more to it, check the Event Viewer for Error that corresponds to the failed uninstall. Most likely you have damaged the installer by improperly trying to uninstall. You may have to reinstall in order to uninstall.

    For the Event Viewer:
    Start> Run> type in eventvwr
    Please ignore Warnings and Information Events. you do not need to include the lines of code-if any-in the box below the Description. We are only looking for the specific Error-if any-that corresponds to this message
     
  18. smsmsm

    smsmsm TS Rookie

    Same issue

    Hi there,

    I got the same issue. I ran L2M destroyer and then the HJT, but there are still IE pop-ups.
    Can I get some help please... thanks
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, but it needs to be on your own thread. Tell us you specific problem and please include system specs. You have several questionable and unidentifiable entries in the HijackThis log. That program alone is not sufficient to look for and clean malware.

    Please see this and follow the steps: http://www.techspot.com/vb/topic58138.html
    After running Malwarebytes and SuperAntispyware, rescan with HijackThis, then attach all three logs:
     
  20. gbc1989

    gbc1989 TS Rookie Topic Starter Posts: 21

    I could not find the error related to the "catastrophic failure" but I did printscreen the error when i tried to uninstall it.
     
  21. gillianbrown

    gillianbrown Banned Posts: 141

    Try reinstalling Star Wars II Jedi Outcast, then uninstalling via add remove programmes again.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, as thought, the installer has been damaged.

    Use the Windows Installer Cleanup Utility. It's a small download that you Save to the desktop, then run (install) from there. Once done, open the program find " Star Wars II Jedi Outcast" and remove from there:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;290301
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...