e.rn11.com popups?

So are any of your familiar with this popup? I have used Spybot, Ad-Aware, Panda Scan, Trend Soulutions - and still, every time I log on , there it is - annoying as ever. There doesn't seem to be any ryhme or reason to when it pops up either. I timed it - there is no corresspondence between moving my cursor, clicking, opening browsers... The pop up has e.rn11.com at the top with a message saying something like "You have Spyware - click here to scan your computer" - No, I am not retarded.. lol I didn't intentionally click it, but inadvertantly I did. It tried to download something onto my computer, but the but I clicked "No" to the security warning.

I have gone into safe mode and scanned using different programs and still it comes back . Something that I found interesting is that I could scan for adware once, delete all on the menu and do it again and they would all still be in the same location.

One other thing - the only thing that turns up on my scan that I cannot find , so therefore cannot delete is as follows :C:\windows\system32\ELITEO~1.EXE - It's just not there. (Note: I have clicked the "See hidden files" under the tool bar)

Any thoughts on this? It's tormenting the Hell out of me!

 

sorry to double post.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

WinTools

WebSearch <-- Uninstall anything related to WebSearch

After you uninstall the above you will need to reboot. During the reboot, BOOT into Safe Mode. Be sure you have the viewing of hidden files and folders enabled per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O4 - HKLM\..\Run: [hghgt] C:\WINDOWS\hghgt.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\Canada.exe -N
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteozi32.exe

O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\Common Files\WinTools ←–– Delete this whole folder if it exist!

C:\Program Files\Toolbar ←–– Delete this whole folder if it exist!

C:\WINDOWS\hghgt.exe

C:\WINDOWS\System32\pc32.exe

C:\WINDOWS\System32\Canada.exe

C:\WINDOWS\System32\eliteozi32.exe <-- Also look for more files starting with ELITE and ending with EXE. There could be up to 10 more!

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.