Free6 Popup

Hi guys,

I have a persistent free6 popup problem that is annoying. I've run all of the spyware programs suggested in "Read me before asking for support". I've run HijackThis and I was wondering if someone could look at the log and see if there is any issues? Thank you in advance!

TT

 

TT27,

You are running HJT improperly. Please place it in its own safe folder - C:\Program Files\HijackThis

I see a few issues in your log that can be addressed after you have done the above.

By the way, did you edit the running process list in any way before attaching your log?

PP

 

PP,

Thanks for the response. I have confirmed HJT is filed per your instructions. I did not edit the log that I attached.

TT

 

Hi TT27,

It's probably a good idea to attach a fresh log, in case some things have changed. Please do so now. I should have asked in my last post - sorry!

PP

 

Hey Chas,

I've already worked through the old log - Just waiting for a new log to make sure they match up ok. Hey TT27 - In case you missed my last post, please attach a fresh log.

By the way, I am also looking at raygt13's log - Could you do me a favor and merge his three threads together?

Thanks,
PP

 

PP & Chaslang,

I'm forwarding a fresh log per your request. I did follow the steps suggested in "Read Me First" about a week ago. I only learned of the HJT program through these instructions. Perhaps I did not install the online scanners correctly but the icons still show on my screen. Sorry for any confusion. Thank you again for your help.

TT

 

Hi TT27,

You are still running HJT improperly. You have it here: C:\DOCUME~1\STEVE\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

You MUST EXTRACT IT to its own SAFE FOLDER - C:\Program Files\HijackThis before proceeding with the following instructions. Let us know if you have trouble doing this.


Please turn System Restore OFF and enable the Viewing of Hidden Files.

Please shut down this running process via Task Manager (if found)
?hkntfs.exe

Now, run HijackThis and Check the Boxes for the Following:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media71.fastclick.net/w/safepop.cgi?mid=34789&sid=8627&id=101413&len=245&c=4&nfcp=1&fp=2

O2 - BHO: (no name) - {4BA2435C-EA60-26E5-8027-635579F12E12} - C:\WINDOWS\System32\ihzqpd.dll (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKCU\..\Run: [Geos] C:\WINDOWS\System32\?hkntfs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\system32\vbsys2 (file missing)

Make sure ALL Browser Windows are Closed before you Click FIX.

Now, boot into SAFE MODE and delete the following:
C:\WINDOWS\System32\?hkntfs.exe

Reboot to Normal Windows and attach a fresh log and tell us how things are working.

I'll try to check back when I get a chance.

Best
PP

 

Hi PP,
I followed your steps (sorry about the HJT location) and I attached a fresh log. I had previously turned System Restore OFF and enabled the Viewing of Hidden Files. However, I could not locate ?hkntfs.exe via Task Manager and shut it down. After running HJT, I looked for C:\WINDOWS\System32\
?hkntfs.exe but could not locate it while in SAFE MODE. Please let me know if I need to take additional steps. Thank you again in advance for all of your help.

TT

 

PP & Chaslang

Thank you again for all of your help. You are life savers!

Best Regards,
TT

 

Just midnight snackin'! He's right TT - We're happy to help

PP

 

Oh come on now!! I let you off the hook the other day when you dropped that OH SO LAME 10 Fast 10 Furious (was that really the best you could do ) and this is how you play me!!??

 

No. . . Baskin Robbins Ice Cream. You MUST be well acquainted with their 11111 flavors

 

I spent all day on this one and eventually found an article which worked for me on: http://forums.thetechguys.com/archive/index.php/t-10827.html

The bit which really did it was looking for and deleting the files under windows/system32 The offending item in my case was C:\WINDOWS\System32\vbsys2

Did this in safe , cleared the temps, cookies, recycle and rebooted SUCCESS!

Hope it helps

Crasher