Pop ups, pop unders, and system slowdowns

My computer is quite seriously unwell.

I started getting pop ups (really pop unders) a few days ago. Running AdAware, I discovered evidence of the p2pnetworking trojan (AdAware was searching weird directories filled with weird zip files). I believe I've managed to remove it, but it apppears to have been part of a suite of malware I have installed on my PC.

I've turned off system restore, run all of the suggested online virus checks, rebooted in safe mode, and run all of the suggested off-line checks. I even tried to go through a hijack this log, checking on processes and dll files. I had a little success with the log, but I'm still getting pop-unders (no p2p tiny zip files, though.)

I'm going so crazy that I might invade Russia.

I've attached the latest hijack this log. Any help is appreciated.

Cheers,

Chris

 

Scan with HijackThis and fix the following:

Follow the instructions for Running Spy Sweeper

Post the Spy Sweeper log when finished with the above.

 

Whew!

SpySweeper took a while to run.

I've attached the SpySweeper log file. I read ahead and downloaded aproposfix.exe, rebooted in safe mode and ran it. I seem to be Pop-up free, but this is the umpteenth time I've said that.

I've attached two logs: the SpySweeper log and the aproposfix log.

I'll try to upload the HijackThis log in a moment, since this system only allows me two attachments.

Thanks,

Chris

 

Here is the verboten HijackThis log.

Thanks again, and sorry for the (necessary, if I'm posting all these logs) double post,

Chris

 

Your HijackThis log is fine, Spy Sweeper found several items and removed them.

Let's take a deeper look at your system.

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:
1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!
2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.
Now come back here and post all three logs as attachments

 

Sorry to jump in but I would also recommend running Apropos Fix and possibly Rootkit Revealer to confirm all of the rootkits are gone.

 

I'm still pop up free, which is a good sign.

I've run Panda Online Scan again. It found nothing and so it produced no report.

I've run Qoologic and attached a log - file.txt.

I've run RKFilesTool and attached a log - log.txt. (These are the undescriptive default names.)

These seemed to notice a handful of things, but I'm not sure if that's routine.

Thanks,

Chris

 

I've also run RootkitRevealer and attached a log.

Thanks,

Chris

 

Download FixAprop to your Desktop.

Reboot to Safe Mode.

Run FixAprop.

Reboot to Safe Mode.

Run Microsoft AntiSpyware and let it fix what it finds.

Reboot to Normal Mode.

This should remove Apropos; if it is present.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.