Constant Pop-up problem!

I have run all of the sticky note steps without any problems, but I cannot rid myself of popups! The PeopleOnPage and the Adintelligence Apropros items keep coming back after I've cleaned them out with AdAware.

I've attached the latest hijack this log. Can someone help me rid my 'puter of these popups?!? Thanks

 

Start by running these online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After you have ran these online scans, reboot and post a fresh HJT log.

 

The RAV Anti Virus scan homepage says it doesn't offer the Online scan any longer.

I cannot get the TrojanScan to run, even though I have the correct internet settings to allow it to run.

I did get the BitDefender to run and have a copy of what it found if that would be helpful. (attached)

The Trend scan found 3 viruses. (Troj DLOADER.MG, ISTBAR.BR, DLOADER.KX).

I went ahead and ran the hijack this and have attached a copy of that scan as well.

Thanks for your help.

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled



Please look in Add or Remove Programs for the following and Uninstall them if found:

AutoUpdate

CxtPls


Now scan with HijackThis
and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [sF6V3ni] audu2t.exe
O4 - HKCU\..\Run: [dop9RhGEl] atiemui.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://facrender.fac.unc.edu/source/Acgm.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\AutoUpdate ←–– Delete this whole folder if it exist!

C:\Program Files\CxtPls ←–– Delete this whole folder if it exist!

C:\WINDOWS\system32\audu2t.exe

C:\WINDOWS\system32\atiemui.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Here's the latest log after the below has been accomplished! Hopefully you have solved my problems! Thanks again for ALL your help!

GEEKS RULE!

 

Download Pocket KillBox
(Don't run it yet)

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled!

Scan with HJT and have it fix the below entry:

O4 - HKCU\..\Run: [dop9RhGEl] atiemui.exe

Be sure ALL browsers are closed before you click FIX.

Now, Copy and Paste C:\WINDOWS\System32\atiemui.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

Now Allow Killbox to reboot your system. After you have rebooted, post a fresh HJT log.

 

Now, Copy and Paste C:\WINDOWS\System32\atiemui.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

I'm not clear about what I'm supposed to do here. What "box" are you referring to?! Am I supposed to run Killbox at this point?

I just want to be sure I understand before I start! Thanks.

 

Good Morning flasunshine,
Yes BJ wants you to run Pocket Killbox and paste that name in the box.
Good Luck

 

Yes, run Killbox, copy and paste the EXACT filename and location. Just as the instructions say.

 

When I ran Hijack this in safe mode, the file didn't appear on the list, so I couldn't fix it. It also didn't turn blue when I typed it into killbox.

When I just ran the Hijack this log, in regular mode, it showed up again.

I've attached the log. Thanks for your help.

 

Scan with HJT and have HJT fix the entry. Right after you fix the entry REBOOT INTO SAFE MODE and run Killbox. Complete the step whether it turns blue or not then reboot and post a fresh HJT log.

 

Ok...here's the latest log. I believe the file is GONE! My popup problem seems to have stopped as well.

I've attached the latest log! Hopefully we are in the clear! Thanks again for everything BJ.!

 

Your HJT log is clean!

Are you having any further problems?