Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Constant Popups Annoying

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Constant Popups Annoying

Unread postby TheFrigginFalcon » March 2nd, 2009, 8:50 am

Quick Follow-up ...

AVG also ran its automatic nightly scan after Kaspersky had finished, and it reported:


"C:\Documents and Settings\HP_Owner\Desktop\Misc-Desktop-Stuff\eMule0.47a-Installer.exe";"Adware Generic.JPA";"Moved to Virus Vault"
"C:\Documents and Settings\HP_Owner\Desktop\Misc-Desktop-Stuff\eMule0.47a-Installer.exe:\$CE\BHOBJ.dll";"Adware Generic.JPA";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\mlharv.dll.vir";"Adware Generic3.RDA";"Moved to Virus Vault"
"C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP11\A0002758.exe";"Adware Generic.JPA";"Moved to Virus Vault"
"C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP11\A0002758.exe:\$CE\BHOBJ.dll";"Adware Generic.JPA";"Moved to Virus Vault"
"C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP2\A0000077.dll";"Adware Generic3.RDA";"Moved to Virus Vault"
"C:\WINDOWS\system32\dthsflaq.dll";"Adware Generic3.RDA";"Moved to Virus Vault"
"C:\WINDOWS\system32\dwdoxt.dll";"Adware Generic3.RDA";"Moved to Virus Vault"
"C:\WINDOWS\system32\noodywgf.dll";"Adware Generic3.RDA";"Moved to Virus Vault"
TheFrigginFalcon
Active Member
 
Posts: 11
Joined: February 16th, 2009, 10:39 pm
Advertisement
Register to Remove

Re: Constant Popups Annoying

Unread postby davis » March 2nd, 2009, 5:53 pm

Hi TheFrigginFalcon,



Step1


  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Code: Select all
File::
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe 
C:\Documents and Settings\HP_Owner\Desktop\Misc-Desktop-Stuff\eMule0.47a-Installer.exe 
C:\Program Files\ComPlus Applications\profsyvyq.html
C:\WINDOWS\system32\dthsflaq.dll
C:\WINDOWS\system32\dwdoxt.dll 
C:\WINDOWS\system32\noodywgf.dll 


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



In your next reply, please post back:

1.Combofix log
2.New HJT log

Tell me how your pc is running now.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Constant Popups Annoying

Unread postby TheFrigginFalcon » March 2nd, 2009, 10:07 pm

My computer seems to be running fine. I haven't done a lot of Internet access, but when I have, no pop-ups, hijacks, or other undesirable behavior.

Here is the ComboFix log ...


ComboFix 09-02-24.02 - HP_Owner 2009-03-02 17:55:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.215 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated)
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\documents and settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe
c:\documents and settings\HP_Owner\Desktop\Misc-Desktop-Stuff\eMule0.47a-Installer.exe
c:\program files\ComPlus Applications\profsyvyq.html
c:\windows\system32\dthsflaq.dll
c:\windows\system32\dwdoxt.dll
c:\windows\system32\noodywgf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe
c:\program files\ComPlus Applications\profsyvyq.html

.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-02 01:12 . 2009-03-02 17:46 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-01 20:09 . 2009-03-01 20:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-01 20:09 . 2009-03-01 20:09 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-01 11:09 . 2009-03-02 17:06 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-01 11:09 . 2009-03-01 11:09 <DIR> d-------- c:\program files\AVG
2009-03-01 11:09 . 2009-03-02 08:05 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-01 11:09 . 2009-03-01 11:09 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-01 11:09 . 2009-03-01 11:09 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-01 11:09 . 2009-03-01 11:09 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-01 11:08 . 2009-03-01 11:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-01 10:58 . 2009-03-01 10:58 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\AVG8
2009-02-24 21:30 . 2009-02-24 22:02 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-24 21:28 . 2008-12-20 15:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-24 21:28 . 2007-04-17 01:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-24 21:28 . 2007-03-07 21:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-24 21:28 . 2008-12-20 15:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-24 21:28 . 2008-12-20 15:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-24 21:28 . 2008-12-20 15:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-24 21:28 . 2008-12-20 15:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-24 21:28 . 2008-12-20 15:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-24 21:28 . 2008-12-19 01:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-23 20:26 . 2009-02-23 20:26 <DIR> d-------- C:\rsit
2009-02-16 18:45 . 2009-02-16 18:45 <DIR> d-------- c:\program files\Trend Micro
2009-02-07 16:06 . 2009-02-07 16:06 <DIR> d-------- c:\program files\FLV Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 04:09 --------- d-----w c:\program files\Java
2009-03-02 04:06 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-02-13 03:44 --------- d-----w c:\program files\Common Files\Adobe
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-03-01_12.31.08.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-07 19:36:59 24,681 ----a-w c:\windows\system32\java.exe
+ 2009-03-02 04:09:37 144,792 ----a-w c:\windows\system32\java.exe
- 2004-08-07 19:36:59 28,779 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-02 04:09:37 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-02 04:09:37 148,888 ----a-w c:\windows\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-01 11:09 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= c:\windows\system32\i263_32.drv
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= c:\windows\system32\i263_32.drv
"msacm.imc"= c:\windows\system32\imc32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-01 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-01 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-01 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-01 298264]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-08 31592]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211U.sys [2006-02-04 278016]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{822f6036-dfc9-11db-ac49-00038a000015}]
\Shell\AutoRun\command - G:\ONSPCLCK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-02 c:\windows\Tasks\wrSpySweeperTrialSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 19:56]

2009-03-02 c:\windows\Tasks\wrSpySweeperTrialSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 19:56]

2009-03-02 c:\windows\Tasks\wrSpySweeperTrialSweep.job
- C:\ [2009-03-02 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
Trusted Zone: net.au\toolbox.iinet
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 17:57:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-03-02 18:00:09
ComboFix-quarantined-files.txt 2009-03-03 02:00:02
ComboFix2.txt 2009-03-02 05:52:51
ComboFix3.txt 2009-02-25 05:26:17

Pre-Run: 17,589,665,792 bytes free
Post-Run: 17,652,174,848 bytes free

154 --- E O F --- 2009-03-01 19:37:07




and here is HJT log . . .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:25 PM, on 3/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://200.9.36.138:82/wg_webeye.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5805 bytes
TheFrigginFalcon
Active Member
 
Posts: 11
Joined: February 16th, 2009, 10:39 pm

Re: Constant Popups Annoying

Unread postby davis » March 3rd, 2009, 11:38 am

Hi TheFrigginFalcon,


My computer seems to be running fine. I haven't done a lot of Internet access, but when I have, no pop-ups, hijacks, or other undesirable behavior.

That sounds good. :cheers: Any issue left? If not, Let's do some housekeeping.

Step1

Click START then RUN
Now copy/paste Combofix /u in runbox and click OK.
Note the space between the X and the U, it needs to be there.

Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Remember to re-enable your real time protection of AVG8, and delete the RIST and the folder in C:\rsit.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  1. Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.

    Secunia Software Inspector
    F-secure Health Check

  2. Update your Your Adobe Acrobat Reader

    Old versions may render vulnerabilities that malware can use to infect your system. Please download Adobe Reader 9 to your desktop.
    Uninstall the old Adobe Reader from Start > Control Panel > Add/Remove Programs. Install the new one.

  3. Update SP3

    Microsoft has released the latest upgrades to the XP OS platform, which can be referenced HERE. It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems. Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system. I recommend that you visit the link above and apply the SP3 patch.

  4. Make your Internet Explorer more secure

    Please referring this thread to configure Internet Explorer 7 properly.

  5. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  6. Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  7. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Constant Popups Annoying

Unread postby Blade81 » March 5th, 2009, 1:50 pm

Since the issue appears to be resolved this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware