Massive pop ups. Need Help

I am working on a buddies old computer. It is running Windows ME. I am trying to follow the "do this before asking for help" thread but have a couple problems. First of all is there isn't an option to start up in safe mod with networking. I can only start in safe mode. 2nd problem is that when I go to run Housecall on TrendMicro's site it will find 18 problems, but when it goes to the next stage the window is blank where it is supposed to list them. I click on Next and the next window is blank too. Any Ideas?

 

Windows ME does not have Safe Mode w/ Networking so just choose Safe Mode.

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there!

Sysclean Package

Pattern.zip

Once you have these downloaded into the folder you just created, double click the file sysclean.com

When the system cleaner loads, click SCAN to start the scanner. Once you have completed the scan, reboot and attach a fresh HJT log.

 

Did as requested. Ran the file you posted, rebooted, then ran a HJT. Thanks for all the help.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Virtual Bouncer

AutoUpdate

WinTools

WebSearch Toolbar


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\SYSTEM\psoft1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [qq4i36X] CMUSAM10.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [b9vsRWbnl] CLRIGN.EXE

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\AutoUpdate ←–– Delete this whole folder if it exist!

C:\Program Files\Virtual Bouncer ←–– Delete this whole folder if it exist!

C:\Program Files\Common Files\WinTools ←–– Delete this whole folder if it exist!

C:\Program Files\Toolbar ←–– Delete this whole folder if it exist!

C:\WINDOWS\System\cmusam10.exe

C:\WINDOWS\System\clrign.exe

C:\WINDOWS\System\psoft1.exe

C:\WINDOWS\System\exp.exe

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Again, thanks for all the help.

Notes from following directions
Virtual Bouncer - not found on add remove
Auto update - Not found in add remove
Win tools - Not found in add remove
Websearch tools - Deleted via add/remove

Ran Hijack this and all the appropriate boxes were checked and fixed

Virtual Bouncer - Folder found and deleted
AutoUpdate - Folder not found
WinTools - Folder not found
Toolbar - Folder not found

cmusame10.exe - File deleted
clrign/exe - File deleted
psoft1.exe - File not found
exp.exp - File not found

CCleaner - ran with no problems
Ad-Aware SE - updated and ran - 33 items found, quarantined, then deleted
Spybot S&D - Updated and ran - No threats found
cleanmgr - ran with no problems

At reboot into normal mode I get this error - "error loading c:\\windows\cfgmgrs51.dll - not found

ON the HJT log I still see a virtual bouncer item and the cfgmgrs51 item. Should I fix these too.

Again, thanks so much for your help

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\VBouncer ←–– Delete this whole folder if it exist!

CFGMGR51.DLL ←–– Search for this file and delete when found!
Most likely will be in one of the following locations:

C:\WINDOWS

C:\WINDOWS\System32

NEXT:
Run CCleaner to clean up cookies and temp files.

Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Booted into safe mode
Ran HJT and made requested fixes

Looked for VBouncer but could not find a folder. Did finder a VBouncer.zip folder and deleted that.

Looked/searched for CFGMGR51.dll but could not find one. Did find a CFGMGR32 however but left that one alone.

Ran CCleaner succesfully

Rebooted into Normal Windows and ran HJT. Log attached.

I cannot begin to say thank you enough.

ps - the error I was getting upon boot is now gone. Thanks again.

 

Your HJT log looks clean to me, are you having any further problems?

 

Not so far. His Mcafee is out of date. Is there a good, free anti-virus software you would suggest?

 

Yes, see this article on How to Protect yourself from malware!

 

Will do, Thanks again for all you have done

 

Your Welcome!

Surf Safely!