Spyware (Virus?) Issue

I followed both stickies, the basic spyware removal and the Hijack This guide, but I am still having the same problem. I get pop ups that are broken (Unable to Connect). The pop ups contiune for several minutes, then stop.

 

After doing ALL of the TUTORIAL if you still have a problem send is a HJT log. I won't be around this morning but maybe someone else will show up and take a look at it.

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

 

Here is the log. The pop ups I am getting are from SearchMiracle.com

Right before every pop up, Avast! Script Blocker pops up too.

 

First of all only run one Anti Virus program. Are you running Avast and Norton? If you are choose one and get rid of the other.

Please print out these instructions so that you can operate with ALL Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Go here and Download this tool. You will run it later when I put you in SAFE MODE. Elite Remover
Be sure to read the READ ME.

Now physically disconnect yourself from the internet by unplugging your cable or connection from the wall. Do not reconnect until instructed.

Please look in Add or Remove Programs for the following and Uninstall them if found:

Elitebar
Viewpoint

NOW:
Please look in Task Manager (ctrl-alt-del)and try to END the following running processes, if found:

uppnqfx.exe
sysmonnt.exe
ViewMgr.exe
elitevmj32.exe
sysmonnt.exe

Now scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitevmj32.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following file(s) and folder(s) if they should remain after running the Elite Remover I had you Download:

C:\WINDOWS\system\uppnqfx.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\Program Files\Viewpoint---->The Folder
C:\windows\system32\elitevmj32.exe
C:\WINDOWS\System32\sysmonnt

If you get an error when deleting a file, right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Now reconnect to the internet with cable or plug into the wall connection.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know how your computer is running now and if you had trouble with the above instructions.

Good luck

 

Followed to a T. So far, nothing new has popped up.

 

Hi Kenwyn,

This is new to your HJT Log:

O4 - HKLM\..\Run: [jxreglvb] C:\WINDOWS\system32\dalthwl\jxreglvb.exe

You should fix that line with HijackThis and then delete the corresponding folder C:\WINDOWS\system32\dalthwl if you do not recognize it! You will have to end the running process via Task Manager before fixing this.

Then, please submit another HJT Log for TheOldThug to review.

PP