Annoying pop-ups

Welcome to Majorgeeks!

Of course we know what it is! It is just one a the files created by the LOP infection that you have.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Mozilla Firefox (1.5)
Now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox


If you did not add this R1 line setting show below, add it to the list of things to fix with HJT further down in this procedure.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

c:\docume~1\john-o~1\applic~1\binbib~1\jumpthunkatom.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [regs wait ante move] "C:\Documents and Settings\All Users\Application Data\heart bows regs wait\Scr Slow.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Glue Body] C:\DOCUME~1\JOHN-O~1\APPLIC~1\BINBIB~1\CopySlow.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Download Plugin\DlPlugin-MSIE_1.5.0.0\setup2.exe
C:\Documents and Settings\All Users\Application Data\heart bows regs wait <--- the whole folder:
C:\Documents and Settings\John-Otto Phillips\Application Data\BIN BIB CAMP <--- the whole folder:
C:\Program Files\BIN BIB CAMP <--- the whole folder:
C:\Program Files\Download Plugin <--- the whole folder:

Now run Ccleaner.

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You missed (or something blocked the fix) one of the lines I asked you to fix. Fix the below line again and attach a new HJT log:

O4 - HKCU\..\Run: [Glue Body] C:\DOCUME~1\JOHN-O~1\APPLIC~1\BINBIB~1\CopySlow.exe

If it does not go away, you will have to shutdown Windows Defender and AVG Antispyware and then fix it.