Can't kill the pop ups

Re: Can't kill the pop ups by myself, need help please!

You need to post in your own thread. We prefer not to work multiple user problems in the same thread because it always leads to confusion. And typically the problems on each PC are not exactly the same (as is the case here) and they may not even be the same OS. I'm moving you into your own thread. For reference purposes, you originally posted in: http://forums.majorgeeks.com/showthread.php?t=60362

In the future do not post requests for help in another users thread. Also, please do not post HJT logs unless requested.

 

Re: Can't kill the pop ups by myself, need help please!

Do you know why you have the below ProxyServer setting?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitefex32.exe

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\mm15201518.Stub.exe
C:\WINDOWS\sixtypopsix.exe
C:\windows\system32\elitefex32.exe <--- also look for and delete other files beginning with elite and ending with exe. There could be as many as ten more.

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).
Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You did not post in the wrong forum! You posted in a thread that belongs to someone else.

You may have missed some of the elitexxxx.exe files. You must make sure you have the following options setup.

Right Click Start.
Select Explorer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide extensions for known file types option.
Uncheck the Hide protected operating system files (recommended) option.
Click Apply.
Click OK.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitefex32.exe

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\windows\system32\elitefex32.exe <--- also look for and delete other files beginning with elite and ending with exe. There could be as many as ten more.

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).
Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You're welcome! Your clean now. To help you stay that way, make sure you follow the steps in the below link:

How to Protect yourself from malware!