k im stupid and i installed winzix before i knew it was a stupid adware. After i unistalled, i (obviously) still get random pop-ups with 3 iexplorer.exe processes are appearing on task manager. Everytime i tried to end the iexplorer.exe, 2 of them just comes back while the other one is the real one. Im a noob in computing and i really need help for removing the stupid pop-ups...
I attached my log from hijackthis

Thanks everyone

Attached Files

hijackthis.log (9.6 KB, 6 views)

i think normal procedure is follow the 8 steps and wait for some one to look at the 3 logs,

www .techspot.com/vb/topic58138.html << 8 steps

in other words try to follow all of those steps and come back with the malwarebytes log and the supper antispyware one.

if your having problems there are people on this board who can help .

Your HijackThis log indicates you have a LOP malware infection.

But there is also indication of the use of the AQW Hacking Toolbar, used to pirate software.

We an help with the Lop infection but:
If you feel this is in error, please provides all three of the logs for Virus & Malware Removal. We will be able to verify any pirating with them.

lol that took a while

@vexon13
Thank you for being so remindful to new members like me!!

@bobbye
thank you for your patience and nice altitude, however aqw hacking toolbar is just a toolbar that lets you go to game forums faster, like cheatengine.org, where people post cheats, walkthroughs and glitches in swf games. It is absolutely NOT crack/warez and have completely NOTHING TO DO with piracy. You can check and prove it on my 3 new logs. (i uninstalled the toolbar before the logs were made and hope that im in your favour and get more support...) anywayz here are my 3 new logs.
im sorry if i've made any offense to you but i really didnt mean to.

Alternatively, in control panel -> add/remove programs, i've found this thing called Cid help, which came with the winzix. So should i remove it by using add/remove programs or should i do something else?

sorry double post... forgot to attach logs

Attached Files

	mbam-log-2009-04-22 (10-17-57).txt (1.2 KB, 1 views)
	SUPERAntiSpyware Scan Log - 04-22-2009 - 12-54-06.log (559 Bytes, 1 views)
	hijackthis.log (9.4 KB, 1 views)

Looks like you´ve got rid of AQW Hacking Toolbar.

We have a special fix tool to remove LOP/CID infections, I´ll therefore suggest we use it


Download http://eric.71.mespages.googlepages.com/LopSD.exe
by Eric_71 and save it to your desktop.

Double-click LopSD.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 2 to choose Option 2 (Fix + Hosts), then press Enter
Wait until the end of the scan have finished
A report will be generated, attach the contents of it in your next reply.

@touch
i've installed LopSD to my desktop.
i've double-clicked the icon and clicked on 'run' in the security thing
however, the cmd-like window gets a blue screen and immediately shuts...nothing more happens
EDIT: the words 'please wait...' appears in the middle of the screen before it closes itself

Ok, try from safe mode then

nope, didnt work...
the same thing happened

That´s odd

Let´s try this scanner ->

Please Download NoLop to your desktop:

http://www.greyknight17.com/spy/NoLop.exe
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK

Now click the "REBOOT" Button.

A Message should popup from NoLop. If not, double click the program again and it will finish Please attach the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder then rerun the program.

@touch
thanks for the software
i've done everything and here are the logs

Attached Files

	NoLop.log (3.1 KB, 4 views)
	hijackthis.log (9.3 KB, 4 views)

touch, Lop is still on board as seen below:
.How about trying Lop S&D again:

Download Lop S&D by Eric_71 and save it to your desktop.

Disable your antivirus and anti-malware programs so they do not interfere with the running of Lop S&D. You can usually do this via a right click on the System Tray icon.

• Double-click LopSD.exe
  If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
• Choose the language by typing of the corresponding letter and press Enter
  
• Click OK at the informative window
• Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  
• Wait until the end of the scan
  
• A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Maybe the images will help.

Nope, the same thing happened
i double clicked on lopSD and click 'run' on the security thing.
the blue screen comes up and says please wait...
then it closes and nothing more happens
however, this time i was just able to see a line saying something about: " 'find'............." before it closes
(this message appears really fast just before lopSD closes itself)

By the way, as mentioned earlier

Please go to the Event Viewer and find the Error that corresponds to the BSOD.

Start> Run> type in eventvwr

Please ignore Warnings and Information Events. You do nor need to include the lines of code-if ant- in the box below the Description. Please do not attach the entire Event log.

Force the BSOD if you have to and check the time on the computer clock. The logs are time-coded so you will be looking for Errors occurring at the same time.

I had hoped that maybe the images might help with the Lop program.

This CAN be normal [B]in IE8, but it can also be malware disguised.

Touch, do you think it's worth tryng another Lop program? IF so, how about this?

Download FindLop HEREand save to the desktop.
A Notepad file will open.
Copy the content of that file and paste it into your reply to this thread.

Also, copy the part in bold below into notepad and save it as direxie.bat
Set File type to "All files"

Start the file by double clicking direxie.bat
That will open a file called directory.txt. Post the content of that file.

Please do a right click> Delete on the 2 setup files for the previous Lop programs.

CiD Help is a Malware and Adware. You could get this Malware if you download a software from some un-trusted web sites.

To remove CiD Help, go to Start–>Settings–>Control Panel–> Add and Remove Programs, then select CiD Help, click remove.

Please wait to see if Touch agrees to this before running.

@Bobbye
Unforunately, my system shows all the information from event viewer in chinese, including event logs.
I'm cannot understand the chinese words nor able to translate them into english.
So do you think there are any chances of skip this step?

It´s not easy to understand Chinese, and it almost impossible to pronounce it

Please download http://swandog46.geekstogo.com/avenger2/download.php
by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop

Start Avenger


Copy/Paste all the text in the above quote box into the main window
Click Execute

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.

This log file will be located at C:\avenger.txt

Attach C:\avenger.txt in next reply, along with fresh hijackthis log and tell how things are running now ?

when i pressed execute, an error appears:
"Error: Invalid script, a valid script must begin with a command directive. Aborting execution!"

should i use direxie.bat or remove 'CiD Help' with Add and Remove Programs before any other steps?

If avenger don´t close, just continue.

i have to press 'ok' when the error occurs and avenger does not start executing.
however, avenger does not close but everytime i press execute, i get error and have to press ok, which stops the execution process.

Ok. Then you´ll have to delete the folders (in bold) manually:

C:\Documents and Settings\All Users\Application Data\License Ford Hope Draw
C:\Documents and Settings\Zihao\Application Data\Defaultwaitremote
C:\Documents and Settings\Zihao\Application Data\Utorrent

Reboot, attach new hijacktis log and tell how thing are running

i'm not able to delete the folder: License Ford Hope Draw
because an error that 'Idle Dumb.exe' is being used or something like that.
However. the other two folders are now deleted.
(dumb.exe is not shown in task manager)