Pop-ups wont stop

Welcome to MGs!

You need to complete ALL the steps in the READ & RUN ME. I can see the Microsoft Windows Defender was not installed and run as requested. Also you have not done what was requested in step 6. Both online scanners must be run and both logs must be posted. The READ ME has not been followed until ALL directions in steps 0 thru 7 are completed.

After completing the other steps attach the requested logs from step 6 followed by a new HJT log. Then we will be able to complete the rest of your fixes.

 

It was not necessary to start all over again! Just completing the steps that were not run would have been okay at this point. Make sure you attach the two online scan logs this time along with a new HJT log. This is the reason we have the below statement at the beginning of the READ & RUN ME

It only slows down progress and takes longer for users to get there PC's fixed up if steps are not followed.

 

Do you know what the below is:

C:\Documents and Settings\Owner\Desktop\WinHIIP V.1.7.3\hdl_dump.exe

Make sure viewing of hidden files is enabled (per the tutorial).
Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\WINDOWS\ms0642273-10683.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ms0642273-10683] C:\WINDOWS\ms0642273-10683.exe
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\ms0642273-10683.exe
C:\Windows\System32\winemx32.dll
C:\WINDOWS\drsmartload2.dat
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

What Internet Explorer thing? You need to be more precise in your messages. I doubt it was a message from Internet Explorer but rather a message from CounterSpy or something else asking if you want to change your home page. This is a result of the Reset Web Settings I asked you to do. If you do not approve the change, the reset of settings will not take place.

At any rate, your log is clean. Are you having any other malware problems?

 

You're welcome. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!