Firefox troubles, malware, adware- oh my!

I am also having problems with my computer- it has become terribly slow and I keep getting popups every three or four seconds. I tried running two or three adware programs on it (Spybot S&D and Ad-Aware SE) and so far, nothing. My computer continues to be slow, but there have been some programs removed that were being pesky. I have also run a program called "hijackthis," I think you guys here might know what I'm talking about, and I was wondering if I could post my log from that here so you might point out some of the problems to me. Thanks.

-Ron

 

Please follow standard cleanup procedures as given below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps below:



Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

I did all of those steps and am proud to report that I have significantly fewer popups than before- thank you. However, my Firefox browser still doesn't start up - I ran hijackthis and this is what I found: (File Attached)

Thank you so much, guys, I really appreciate it.

 

you MUST run Hijackthis from a location OTHER than

C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.exe
Put the program in its own folder like C:\hjt , make sure firefox and IE are CLOSED before running HJT and then run HJT and post a new log.

 

GuitarRon89,

After you address the re-location of HJT as per Kodo's instructions procede with the below.


Please look in Add or Remove Programs for the following and Uninstall them if found:

MessengerPlus! 3

Tewtpi

Now, download Nail/Bolder/Aurora Remover 0.3.3 Beta and save it to its own folder like c:\ABIremover

- Now extract the abiremover.exe file from the ZIP file into the folder you created but do not run the EXE yet.

- Reboot into Safe Mode with no network suppost and do not run anything else but what I tell you to run!

- Run the ABIRemover.exe, press install, wait (explorer window will disappear)

- When it finishes just reboot and continue with the below steps.


Now, run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.


Now come back here and post all three logs as attachments.

 

Updated version...

 

GuitarRon89,

Please pay close attention to our post. Now complete post #4 and post #5.

 

Sorry, I started hijackthis before I got the opportunity.

 

It's ok, just follow post#4 & #5!

 

How long does it take this Pandasoftware or w/e to run? I've had it running for a little bit over six hours now. =\

 

Well, I let it run all night and it finished this morning, here's the log for Pandasoftware.

 

Logs for RK and Qoologic attached- thanks again guys.

First: Qoologic
Second: RK

 

Download Pocket KillBox
(Don't run it yet)


NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\etb ←–– Delete this whole folder if it exist!

C:\Program Files\C2Media ←–– Delete this whole folder if it exist!

C:\Program Files\CasStub ←–– Delete this whole folder if it exist!

C:\Program Files\Cas ←–– Delete this whole folder if it exist!


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

C:\WINDOWS\ru.exe
C:\WINDOWS\usta33.ini
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\myurlff.exe
C:\WINDOWS\abiuninst.htm
C:\WINDOWS\joyiconsbbb.exe
C:\WINDOWS\tkvjgglglfi.exe
C:\WINDOWS\RMAgentOutput.dll

C:\WINDOWS\inf\imgiant.inf
C:\WINDOWS\inf\adrmimg.inf

C:\WINDOWS\system32\pwggg.dat
C:\WINDOWS\system32\jerrr.dll
C:\WINDOWS\system32\dkaaajk.dll
C:\WINDOWS\system32\bdxxxrd.exe
C:\WINDOWS\system32\dkaaajk.dll
C:\WINDOWS\system32\azpqjp.exe

After you complete the above, reboot and attach a fresh HJT log.

 

Reboot in regular or safe mode?

 

After you have completed the entire fix, reboot into normal mode and attach a fresh HJT log.

 

Thanks.

New log up.