I can't get rid of these pop-ups!!!!

[metalhead2025]

I've tried and tried, with sooo many anti-spyware tools, but nothing works.

Spybot S&D
Spysweeper
Windows Washer
AVG Free Anti-virus
Ad-Aware
Windows Defender

I don't know what to do anymore! Please help! Here is my highjack this log!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with malware, your also running an outdated version of HijackThis.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of metalhead2025 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[metalhead2025]

I followed all of the instructions, and it seems to have gone through correctly, but here's my Hjt log, please let me know if there is anything that shouldn't be running. Thanks!

Here is my AVG Anti-Spyware log file.

With this I have my combofix attached.

By the way, the Anti-root kit scan was great, nothing was installed.

 

[momok]

Hi,

Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.

Have HijackThis fix the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {166E2FE3-E93B-4AE9-AA6E-893C4D4B13FC} - (no file)
O2 - BHO: (no name) - {3536011A-9BCC-480C-B11D-125D5F684BC3} - C:\WINDOWS\system32\uojwporh.dll (file missing)
O2 - BHO: (no name) - {7E40D0DC-03DB-4320-BDEF-1A78F913D316} - (no file)
O2 - BHO: (no name) - {9581FE9A-7316-4F69-8C22-D458BFD28DF3} - (no file)
O2 - BHO: (no name) - {B1629B02-B58F-4F3E-845E-1EFCEB9EC4BD} - (no file)
O2 - BHO: (no name) - {C749B1A2-7863-49D2-9636-A7ABFC57E139} - C:\WINDOWS\system32\sstqo.dll (file missing)
O2 - BHO: (no name) - {EF0613E6-50E2-495D-AFD3-171BACE68636} - (no file)
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O20 - Winlogon Notify: ddccd - C:\WINDOWS\system32\ddccd.dll (file missing)
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll (file missing)
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll (file missing)
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll (file missing)
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll (file missing)

Close HijackThis.

Now go to you combofix folder (where you saved combofix-do.txt) and drag the Combofix-Do.txt over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job.

Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of metalhead2025 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[metalhead2025]

Combofix and Hjt log files

Here are the HJT and Combofix log files! Thanks again guys, you rock! :grinthumb

 

[momok]

Hi,

That combofix log is your previous log. Please post a fresh one after following my instructions with the Combofix-Do.txt file in my previous attachment.

That said, have HijackThis fix this entry:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Attach your latest ComboFix log after performing the action with Combofix-Do.txt.


Regards,
Your friendly momok =)

This thread is for the use of metalhead2025 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.