Help w/Hijack log I followed all directions including Read & Run Me First verbatum

Have intermittent pop up from fastclick and couple of others. It happens once or twice and hour and goes away when closed. Found that anti virus will not update as well. Did the "Read & Run Me First" verbatum; no help. Did the hijack this by the numbers and attached log. I have the other logs as well if necessary. Any help appreciated.

 

the log files

 

and another

 

Re: Help w/Hijack log I followed all directions including Read & Run Me First verbatu

Using Add or Remove Programs in the Control Panel; uninstall the following:

Delete the following file: C:\Documents and Settings\mellsworth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Now run CCleaner.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Pop-ups from Fastclick are not caused by malware. These are legit advertisements displayed by the site you are visting.

Other than what I have indicated above your logs are clean.

 

so i did that and right after I was finished the pop up fairy came... this was address: http://trafficadmin.net/out/ns/sort.php?refby=81&tag=gpus. would it help to run hijack this when the i get the pop up w/o closing?

 

Re: Help w/Hijack log I followed all directions including Read & Run Me First verbatu

The pop-ups you are seeing are being dispalyed by the site you are visiting, not by malware. The site owner has chosen to use an adserver that displays pop-up/pop-under ads when you visit their site..

Running HijackThis when the ads are displayed will not show anything of interest. HijackThis is not an Anti-Virus/Spyware/Malware remover. It is just a tool that looks at specific areas of the Windows Registry known to be altered by Hijackers. A side affect of this is that it will also reveal some forms of malware in the process.

 

Ok, I'm a computer forensics geek so I'm well versed with the terminology, etc. I am receiving unsolicited pop ups that are intermittent. I am not on any website. I can be working on a document, playing solitaire, or even a forensics application and my explorer will launch automatically to a website such as the last one that I posted. There is no explorer window open nor am I on any website when this happens. I was thinking that HiJack this would take the snapshot at the time that malware/trojan/etc. was running to see if something gets altered in the reg and somehow hidden upon executing the cleaners and/or through terminating the window. I'm definetely not versed in this side of puters...

 

Re: Help w/Hijack log I followed all directions including Read & Run Me First verbatu

Ok, let's take a look at the installed programs list and look for a rootkit.

Follow the directions for Getting Uninstall Programs List From The Registry

Download Blacklight Beta from here:
http://www.majorgeeks.com/F-Secure_BlackLight_d5156.html

• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of Blaklight log and teh GetUnKeys log.

 

thanks for helping

 

Negative on the windows messenger removal making a difference. If this helps.... I am recieving a very small explorer window that is blank and up in the left corner of the screen. The address doesn't show but I was able to right click and copy the hidden address. The address was http://media-motor.net. googled that as well as followed removal from symantec's site. none of the files were resident in any of the areas indicated by symantec.