Can't get rid of pop ups

Hi there


I'm having 3 problems at the moment with my HP DV2175EA Laptop.


1) I keep getting a popup for a malicious software removal tool that I can't get rid of. I've run adaware, spybot, cc cleaner, trendmicro housecall and the panda active scan and all the tests and instructions in the READ & RUN ME FIRST Before Asking for Support sticky and still I'm having the problems...

2) When I search in google then select the page I want, occasionally (more often than not in fact) "netster" pops up and I can't stop it.....

3) When my laptop is stood doing very little (i.e. like when reading a long post on a forum etc...), a murmur and then a click from the laptop (possibly the hard drive) can be heard, similar to the sound of a DVD drive lens moving.... (it's not the DVD drive though, I've heard it happening when there isn't a disk in the drive and even when the drive is open. It seems to be coming from the hard drive area under the laptop) It might be normal, but it doesn't seem it, and I can't recollect it happening before...


I have run all the tests as advised, but I can't seem to sort any of the above problems at all...

The file logs are attached below, I've zipped them together so that they can be in the one message... (hope this is allowed, if not can someone please let me know so that I can unzip)

Any help at all will be greatly appreciated...


Merry Christmas Everyone!

 

If possible please attach your logs individually, you will have to post twice to attach them all but that's ok.

You should attach these logs...

• CounterSpy
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

 

Ok, Thanks, Here goes...

 

and here are the other ones!!!


If anyone can help with this, I will be over the moon.... It's been driving me crazy of late!!!


Thanks in advance....

 

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

 

Hi there;


The two files requested are attached....

 

I would like to try this new tool just to see how it handles this infection.

Download f-vmonde.exe, save to your desktop and run. Once completed reboot and attach a fresh HJT log and the log from the scan if possible.

 

Hi there,

I have run the f-vmonde.exe program, it simply opened a command prompt window, asked me to press y to run a test, when I ran the test it immediately said "no infection found" and "press any key to exit"

Is this right? has it been able to scan and conclude that there is no infection in literally less than a second?

What should I do now? Should I still run HJT or dos it seem that something is not quite right???

 

Attach a fresh HJT log, if it said that then obviously it's no good.

 

Here it is, the log file as requested....



cheers

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - HKLM\..\Run: [nhghez.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nhghez.dll,kutyhuf

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://web.contacts.orange.co.uk/wuk_webab/VoxsyncX.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\nhghez.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Next, run CCleaner to clean up cookies and temp files.

After you complete this, reboot and let me know how things are running.

 

Hi there;


I've done all that now, I'll give it a while and see if I get the pop ups again.


What do you recommend for daily routine maintenance to erase malware?

The ones that I generally use are Spybot Search & Destroy and Adaware, with the occasional (approx fortnightly) run of registry mechanic and a weekly scan with Panda Platinum 2007... Is there anything else I should do?


Have a good xmas btw, and thanks for your help so far!

 

Well it's been a few days now, and I've not had an more pop ups!!


THANK YOU!!!!


What do you recommend to do for general maintenance? I curently have panda 2007 platinum installed and I regularly run spybot and adaware...

Is there anything else that I should be doing?



Thanks again

 

Sorry about the delay, had a few problems setting up my new system.

You should see this article on How to Protect yourself from malware!