First post - please help me remove popups

Hi everyone,
this forum has helped me out several times in the past, but this is actually the first time I post here.

Anyways, for some time now my computer seems to have slowed down and I get a lot of popups, mainly from adultfriendfinder.com...

I have a popupblocker which does it's job, but I now this thing is slowing down my computer.

I ran Adaware, Spybot, CWShredder and Norton but they found nothing.

I'll post my Hijackthislog at the bottom. Please be patient with me as I have no clue what I'm doing...

Thanks for your help.

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Welcome to MajorGeeks.com,

Your OS is way out dated. This is a major security threat and should be addressed as soon as we get your system cleaned. Please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender (Step 6)
• Panda Scan (Step 6)
• HijackThis

 

Tutorial results and other attachments are in the next reply...

 

Thank you for answering..

I did everything in the tutorial to the letter, but I still seem to have some problems..

Before I started the tutorial, I updated XP with SP2.


CCleaner deleted a lot of files.

The Microsoft Windows Malicious Software Removal Tool couldn't find anything.

Spybot found two threats:
WindowsSecurityCenter.AntivirusDisableNotify &
WindowsSecurityCenter.FirewallDisableNotify
I did NOT delete them cause I thaught they were actual windows files!?

Microsoft Windows Defender found the following adware:
WhenUSaveNow

I was unable to connect to the internet in the save mode with network support, so I ran Bitdefender and Pandascan in normal mode. They both found some malware.

You can find all the logs as attachments to this reply and the one before this one.

I hope I did everything right. Thanks again for your help.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

AutoUpdate

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\AutoUpdate ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you complete this post, please follow the last step below..

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Ok, that seemed to have killed those nasty popups so thanks. I could not find any files or folders named AutoUpdate, everything else went fine.

My computer is still slower than it used to however (I re-installed XP only 6 months ago..)

It sometimes freezes up on me for about a minute or even longer, while the processor light lights up...

Anything more I can do the enhance the performance?

HJT-log attached.

 

Your HJT log looks good! If you want me to be honest, yes you can improve your performance by removing Norton and using something better with a smaller footprint such as AVG AntiVirus but it's up to you.

Are you having any current malware related issues?

 

No more popups, no (visible) malware what so ever so thanks alot!

I just might get an other viruskiller after my Norton subscription expires...

Thanks again,
See you next time
Koen Van Damme

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!