OINADSERVE POPUPS!!! arghhh

Please follow forum guidelines about how and when to post HJT logs.

To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENTto your next message. (Do NOT copy/paste the log into your post).

 

You have Limewire installed and running. According to http://www.spywareinfo.com/articles/p2p/ it contains malware.
C:\Program Files\LimeWire\LimeWire.exe

No one seems to know what these Friendly fts.exe lines are for. Do you know? It seems very suspicious to me.
C:\Program Files\Voyager100Test\fts.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Voyager100Test\fts.exe"

If you do not know what it is you should look for it in Add/Remove programs to see if there is an uninstall and uninstall it.
I really believe it is part of your problems. If there is no uninstall we will fix it using HJT and procedures like below.

Is www.262.com your expected default page:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.262.com/

If not, add it to the list of items to fix below

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).


Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\l?ass.exe

After killing all the above processes, click "Back".

Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {DC90C9E6-9944-6C9E-9BB7-1AB7C170AB14} - (no file)
O3 - Toolbar: (no name) - {C5AA80BE-D8DB-DAD9-FB9E-52512E74BD82} - (no file)
O4 - HKCU\..\Run: [Ovj] C:\WINDOWS\system32\l?ass.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/hipv0.cab


DO you know what this VoiceTech (Firewall) Voice Control plugin is for? If not, fix the below line too.
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (VoiceTech (Firewall) Voice Control) - http://www.asiafun.net/hmvcfe.cab


After clicking Fix, exit HJT.

Now run Ccleaner that you installed while running the READ ME FIRST.

Now reboot in normal mode and post a new HJT log. And answer my questions from above and tell us how things are working.

 

Okay your log is clean other than:
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

What did you decide to do with Limewire?

Let me know about pop issues either way (if you do not have them or you do).

 

OK! You should follow the steps in the below thread to help you avoid future problems:

How to Protect yourself from malware!

 

You're welcome! If you completed those steps and popups are gone, we are done!