Browser Redirects and Popups on Dell Laptop

This is a Dell Latitude C840 running Windows 2000. After the recommended basic cleaning it is running much faster but when browsing I still get numerous browser redirects to various search pages, registry cleaner pages, and the like, and advertisement popups and popups inviting me to chat with someone in my vicinity. In addition to the recommended basics I've ran AdAware, cwshredder, and Trend Micro housecall. Also installed and ran AVG antivirus, and Sygate personal firewall. Have not yet installed a popup blocker. Do I need to?
The requested logs are attached. The initial run of AVG AntiSpyware found a lot more stuff but I forgot to save the logfile.
Thanks.

 

Hi depawl!
Welcome to Major Geeks!

Your logs didn't get attached. Please try again. Be sure to check the remember me button when you log on.
Thanks.
abri

 

wow, sorry about that, let's try again

 

One other thing I forgot to mention, I was not able to run Hijack This, I got an error message stating that windows had shut it down. I had to rename the hijackthis.exe file, then it ran ok.

 

Hi depawl,

1) What is in the following folders under C:\Program Files, under C:\WINNT\system32 and under C:\WINNT? (do not open any files)

C:\Program Files\
Jkojuvd

C:\WINNT\system32\
BITS
comg9
knis6
nGpxx01
vip4

C:\WINNT\
Q0FSLUZSRVNITkVSIENvcnBvcmF0aW9u

2) Go to add/remove programs and uninstall the below:

Viewpoint Manager (Remove Only)
Viewpoint Media Player


3) Install the current version of Sun Java from: Sun Java Runtime Environment


4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {4F3DBC56-D85A-4303-9581-7E23A3ACF563} - C:\WINNT\system32\oppno.dll (file missing)
O2 - BHO: (no name) - {91741601-e63b-4c90-b2ce-4e497346520b} - C:\WINNT\system32\urbavxe.dll
O2 - BHO: {a8fe8328-db7b-304a-e184-8269aef82f99} - {99f28fea-9628-481e-a403-b7bd8238ef8a} - C:\WINNT\system32\eamjqhtx.dll (file missing)
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O4 - HKCU\..\Policies\Explorer\Run: [{54B73BE5-0958-1033-0107-040605020001}] "C:\Program Files\Common Files\{54B73BE5-0958-1033-0107-040605020001}\Update.exe" te-110-12-0000213
O20 - Winlogon Notify: ejkxhrsa - ejkxhrsa.dll (file missing)
O20 - Winlogon Notify: ljjgdcb - ljjgdcb.dll (file missing)

Do the following belong to programs you know or want to keep? If not, please fix them as well.

O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxanet.net/code/chm/xpre.chm::/xpreload.ocx

After you click fix, just close hijackthis.


5) Download and install Erunt. Use it to create a backup of your registry.


6) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

7) Now run CCleaner in the default setting with the Windows tab on top.

8) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates. Also, please tell me if you get a success message for the REGEDIT4 when you run it.


Let me know how things are running now?

abri

 

abri:
Thanks so much for the assistance. In response to your questions:
1) All of those folders were empty except for BITS which contains a file named qmgr.dll
Completed all the other steps. REGEDIT4 ran successfully.
New logs attached. Computer seems to be running much better now, no popups or browser hijacks after about half hour of browsing.
Just a couple issues which may or may not be spyware related.
On startup, in processes, winlogon.exe shows high cpu usage for a minute or so, then the "windows update" icon appears in the taskbar. When I go to Control Panel and try to open Windows Updates, nothing happens (it doesn't open).
Also, when I try to open Add/Remove Programs from Control Panel, the window opens part way, then locks up and I have to reboot the computer to get rid of it. I believe that both of these worked ok prior to spyware cleaning.
Thanks.

 

Hi depawl!

1) Download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

2) Now run CCleaner in the default setting with the Windows tab as the one on top.


3) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

abri:
My new logs are attached. On the first Avenger run it did not delete the 3 folders located in winnt\system32
Your instructions had a space before the file name, I removed the space and ran it again and it removed those 3 folders, so it did remove all 5. System is running great. I fixed the Add/Remove programs problem by running:
regsvr32 appwiz.cpl
The only remaining issue is the high cpu usgage by winlogon.exe at startup. After some research I rememberd that I had previously had this problem and isolated it to AVG antivirus running on Windows 2000. I never did find a solution and it is not that big of a deal.
So once again thanks for all your assistance, it is much appreciated.
depawl

 

At the end of my instructions, I'll post a thread called How to protect yourself from malware which offers some alternatives to AVG. Also, the version of AVG you're running as Antivirus is not the most current one. I don't know if this would make a difference though.

Thanks for catching my syntax error in the Avenger.

I noticed you still have files in the temp folders (these can be seen in the MGlogs / newfiles.txt towards the bottom of the page just above the uninstalls list). These files should all be deleted except those from the current day if CCleaner is working the way it's supposed to. Alternatively, you can empty those folders yourself.

Other than this, your logs are clean and you can do the final cleanup instructions:

abri

 

abri:
You are correct, forgot to run ccleaner at the end. Have removed all the files you directed me to and then ran ccleaner again. Really appreciate your expert advise. Computer is running great.
depawl.

 

depawl!
That's good to hear!
Hope all goes well and much enjoyment to you and your computer.
abri