Completed (READ ME FIRST) Still pop ups

We did the whole list of virus and spyware removal as suggested. I'm sill get pop ups when I go to Major geeks or on line . Im running Win. XP Home Sp.2 SpyDoctor (full),Adware,Avg(free).I've ran this PC for a year without any pop ups till about two weeks ago. Im not getting alot of pop ups, But the most frequent is from "Registry Cleaner",. There are only a few different ones that come up. If you need anymore info.let me know. Thanks ALOT in advance. Is there anything else I can do to stop them. Oh ya my popup Blockers are enabled. Thanks Chuck

 

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT.
All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

I've included an attach. of my hijack this log file. Hope I've done this right. Can you let me know if you need anything else Thanks Chuck

 

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you see it, try to END it:

m?config.exe

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {AB463A4C-A6FD-D507-F20E-885AB3784791} - C:\WINDOWS\system32\zosuzfgk.dll

Again, make sure All Browser Windows are Closed when you Click FIX.


NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\m?config.exe

C:\WINDOWS\about.htm

C:\WINDOWS\system32\zosuzfgk.dll

NEXT:
Run CCleaner


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

When you say end the process "m?config.exe" are you speaking of "msconfig.exe"? That is the only process I have running that is close to the one you told me to end in your last post. I'm working on it. Thanks!

 

Keep in mind that msconfig.exe is a legitamate file, however the file "m?config.exe" is NOT. Do you have the System Configuration Wizard running? If not, then thats what you want to end.

 

All went well! The 3 things in "C\Window..." were not there. Attached is our latest log from Hijack This. No pop-ups so far, so it may have worked...here's hoping! Thanks so much for all of your time & assistance! Major Geeks Rocks!!!

 

Log is clean!

Are you currently experiencing any further problems? Also, regarding the files I requested you delete in Safe Mode, do you have "view hidden files and folders" enabled? If not, you most likely will not be able to see them because they are hidden. If you have it enabled and did not find them you should be ok.

Let me know!

 

Thank You Very much for your Help It's good to know people like you all are still around! It's running great . We have not changed the hidden files back, Do we need to . If so we can. Thanks again Chuck

 

Go into Control Panel > Folder Options and default all. If your not having any further problems then I would recommend your taking a look at this thread on How to Protect yourself from malware!