getting many pop ups

See http://www.virus-buster.com/en/viruslab/descriptions/sambud.n

Did you complete all steps in the READ ME FIRST. If so, do the below.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Please follow the steps in my message exactly. You do not have the current version of HijackThis.
Did you search your PC for the msole32.exe file?
According to your HJT log, it is here: C:\WINDOWS\System32\msole32.exe


You could also use the below to find files like this.
If you use Search, you need to do the following:
Click Search and the Select "All files and folders"
Enter the filename in the "All or part of the file name:" box, so enter msole32.exe
Now select "More advanced options"
Make sure the following check boxes are checked:
- Search system folders
- Search hidden files and folders
- Search subfolders
Then click the Search button.

You have other problems too. Get the new HJT program and post a new log.

 

Looks like you found and deleted the msole32.exe file?

 

Remember to exit all browsers (C:\PROGRA~1\MOZILL~1\FIREFOX.EXE) before running HJT.

Go to Add/Remove programs and uninstall if found
Security iGuard

Let me know if you find it there.


If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekpz32.exe

Nothing (not even majorgeeks) belongs in the Trusted Zone.
O15 - Trusted Zone: http://www.majorgeeks.com
O16 - DPF: {2D3F1F38-4BD7-0A75-F6BC-04235BEE35CA} - http://216.118.71.185/1/rdgUS1828.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Security iGuard <--- the whole folder
C:\windows\system32\elitekpz32.exe <--- also delete all other file names beginning with elite and ending with .exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.


Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Yes! You did not get the below fixed:


O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekpz32.exe

Repeat the steps. Make sure hidden & system file viewing is enabled. Also make sure you look for ALL files named elitexxxxx.exe (where xxxxx can be anything). Delete all of them.

 

That's better!

Is everything working okay now?

 

You're welcome! Happy I could help.