Still Getting Pop-ups after Following FAQ

Still getting pop-ups after completely following your FAQ. Using windos XP.

Help

 

Here's an ADA print-out of my computer:

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here it is:

Thanks

 

First, procede with the below online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After you complete these onlines scans reboot and post a fresh HJT log.

 

Here's the latest:

 

Forgot to reboot. Here's it is after re-boot. I'm also going to post my wife's report from her sign-in. It seems to still have more spyware problems than mine.

 

Download Pocket KillBox
(Don't run it yet)


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [ggipxc] C:\WINDOWS\system32\ggipxc.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rrrnnz.exe reg_run
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
(This restriction is added from Spybot S&D or Ad-Aware. This should be removed.)

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {040833E3-9103-467E-9885-D25FCD82E9EF} - https://mce.galleryplayer.net/cart/install.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.com/82/html/gtdownlr.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://demona2915.dynalias.org/kxhcm10.ocx
O16 - DPF: {8FEED82A-42A6-4117-A803-7EC3EB9339E0} (ClientControl Class) - http://demona2915.dynalias.org:81/plugin/client.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://demona2915.dynalias.org:81/plugin/h263ctrl.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0024.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner


Locate PocketKillbox
(Complete this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\rrrnnz.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\ggipxc.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\Program Files\Common Files\mc-58-12-0000079-d.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

Now allow Killbox to reboot your system. After you have rebooted and windows has loaded scan with HJT and attach the new log.

 

Here's the latest !!

 

Your HJT log is clean!

Are you having any further problems?

 

Not that I've noticed. You guy's are awesome and Thank you !!!

 

Your Welcome!

You should see this article on How to Protect yourself from malware!