I am getting lots of pop-ups and going crazy as neither spybot nor ad-ware will detect anything. Have read the coolwebsearch post but, although i did delete some items, i'm still getting the pop-ups and am not sure about fixing more stuff as I'm afraid I might tamper with something I could need. Anyhelp would be much appreciated. HJT log attached. Thanks!
problems with pop-ups (cassava, dating direct et al)
- Thread starter cremaster714
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by pressing the ctrl/alt/delete keys together.
Click on the processes tab, and end process for(if there).
teekids.exe
mslaugh.exe
Close task manager.
Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
Fix all 01-Hosts entries.
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKCU\..\Run: [LDM] \Program\
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
Fix all 016-DPF entries.
Fix all 018-Protocol entries.
Now click on the fix checked button.
Close HJT.
Click start/search, and Locate, and delete the following bold files(if there).
teekids.exe
mslaugh.exe
Click start/run, and copy and paste this into the run box, and press the enter key.
notepad c:\windows\system32\drivers\etc\hosts
When notepad opens. Delete everything in your hosts file except 127.0.0.1 localhost. Close notepad. You will be prompted to save the file. Click yes.
Reboot your system into normal mode, and turn system restore back on
Go and follow the instructions in this thread HERE
Then post a fresh HJT log.
Regards Howard :wave: :wave:
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by pressing the ctrl/alt/delete keys together.
Click on the processes tab, and end process for(if there).
teekids.exe
mslaugh.exe
Close task manager.
Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
Fix all 01-Hosts entries.
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKCU\..\Run: [LDM] \Program\
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
Fix all 016-DPF entries.
Fix all 018-Protocol entries.
Now click on the fix checked button.
Close HJT.
Click start/search, and Locate, and delete the following bold files(if there).
teekids.exe
mslaugh.exe
Click start/run, and copy and paste this into the run box, and press the enter key.
notepad c:\windows\system32\drivers\etc\hosts
When notepad opens. Delete everything in your hosts file except 127.0.0.1 localhost. Close notepad. You will be prompted to save the file. Click yes.
Reboot your system into normal mode, and turn system restore back on
Go and follow the instructions in this thread HERE
Then post a fresh HJT log.
Regards Howard :wave: :wave:
thanks
Hello there,
Thanks a lot for your help. I have followed your instructions but I am still getting some more pop-ups. I am attaching another HJT log... Thx a lot!
Hello there,
Thanks a lot for your help. I have followed your instructions but I am still getting some more pop-ups. I am attaching another HJT log... Thx a lot!
Btw, don´t know if it might help, but after running spy sweeper it has found this (Along with loads of spycookies´)
Adware found: blazefind
Adware found: blazefind_adstat
Adware found: metadirect
Trojan Horse found: msblast
Adware found: orbit explorer
Adware found: searchrelevancy
Trojan Horse found: topconverting downloader
Adware found: winad
Adware found: ist software
Adware found: ist yoursitebar
Trojan Horse found: ukvideo
Adware found: blazefind
Adware found: blazefind_adstat
Adware found: metadirect
Trojan Horse found: msblast
Adware found: orbit explorer
Adware found: searchrelevancy
Trojan Horse found: topconverting downloader
Adware found: winad
Adware found: ist software
Adware found: ist yoursitebar
Trojan Horse found: ukvideo
Cheers!
Adware found: blazefind
Adware found: blazefind_adstat
Adware found: metadirect
Trojan Horse found: msblast
Adware found: orbit explorer
Adware found: searchrelevancy
Trojan Horse found: topconverting downloader
Adware found: winad
Adware found: ist software
Adware found: ist yoursitebar
Trojan Horse found: ukvideo
Adware found: blazefind
Adware found: blazefind_adstat
Adware found: metadirect
Trojan Horse found: msblast
Adware found: orbit explorer
Adware found: searchrelevancy
Trojan Horse found: topconverting downloader
Adware found: winad
Adware found: ist software
Adware found: ist yoursitebar
Trojan Horse found: ukvideo
Cheers!
howard_hopkinso
Posts: 21,238 +17
- Status
