popups viruses etc.... :(...help my newb self

dunno wtf is wrong with my computer....what logs do i need to give you guys to help me....i've spent all day trying to fix it....i did a qoo fix and it said it was removed but i think i still have a few other viruses....any help is appreciated.

 

here is a hijack this log.....you need any other logs....i read the stickys and ran all the programs it asked if you are wondering

 

'Big Pimping Gangster'

You have HijackThis installed incorrectly:

You have it here --> C:\Documents and Settings\Big Pimping Gangster\Desktop\hijackthis\HijackThis.exe


This is exactly where we specify not to put it. The instructions indicate:

- not a temp folder
- not on the Desktop
- no sub folder of C:\Documents and Settings

Please install it where recommended so that the backups created by HJT are in a safe location.

We aslo asked you to rename it to analyse.exe as per Step 7 of the Sticky

C:\Program Files\HJT\analyse.exe


Your HJT log shows no evidence of WIndow Defender, Bitdefender or ActiveScan.

Please run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

Here are all 3 .......i went through the list on panda and deleted some of the files but still get popup after popup when not running in safe mode......i've deleted about 3 kabillion different things now lol.....one of the popus that i get in bannerconnect and heavy.com...those seem to be the two most popular. Plz help and thx for your time...here are some logs......i fixed the location of hijackthis also

 

Download
- Pocket Killbox

Download LSP-Fix

After download is complete, Run LSP-Fix

Check the Box labeled "I know what I'm doing" and then click on the xfire_lsp_10650.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move xfire_lsp_10650.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
(Note: If the file xfire_lsp_10650.dll is already in the remove section, then just click FINISH.)

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Fresh HJT log....was able to successfully remove everything you told me to remove including the O20 that ive been trying to remove all day.....the popups started within 10 seconds of windows booting .... any other ideas....btw your help is appreciated and thx for ur time.

 

I'm pretty sure i have or have had in the last few days....virtumonde, sidekcik, and qoo....

 

Follow the directions for the following:
Running WinPfind by OldTimer
Using GetRunKey
Using ShowNew

Post WinPFind.txt, runkey.txt, and newfiles.txt.

 

Once again thx for your time!

Here are my logs.

 

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

Run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

How's your computer running now?

 

I've been logged in on normal mode for 10 minutes now with no popups. Hopefully it keeps working. I downloaded opera because i.e. sux. I have one last question for you unless my computer gets messed up again.....Is it possible to change my windows serial because I have an invalid one on here although i have a legit one....i would like to get the updates considering i paid good money for windows.

Thx for all your help! I didnt want to reinstall

 

Do the below registry patch. I missed that entry last night.

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop.

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Reboot

Yes you can change Serial Keys on Windows; but the key has to be for teh version of Windows you are using. There are OEM, Retail, Upgrade and VLK keys

 

Reg Edit done...., thx again

 

Flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.