Webpage popups- cant stop the pop

Example of 2 of many different websites that pop up

http://adv.eblocs.com/spyblocs/adv/admed_006.html
http://69.20.62.53/cgi-bin/7upV2?query=travel

Please Help.

I have my HJT file if you need it.

 

Have you run through the guide at http://forums.majorgeeks.com/showthread.php?t=35407 ? If not then do this first as it will probably clear your problems. Post back with the results.

 

After doing ALL of the steps in the READ ME previously posted and you still have a problem:

• Download HijackThis 1.99.1

• Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

• Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

• Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

• Run HijackThis and save your log file.

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

• Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

I have ran through http://forums.majorgeeks.com/showthread.php?t=35407

and I still have issues. I did notice that a new user was created on my XP OS and was password protected. I didnt get the name of the user account but it had admin rights.. A soon as I saw it I deleted it and changed my password for my admin account.

 

Pay attention to my post! Please read Post #3

Now, attach a current HJT log.

 

I also have a file called ISRVS it contains some files called edmond,desktop,ffisearch and a folder called icons which has virushunter and spywareadvenger.

I cant get rid of those either.

 

Do this before doing anything else with Hijack This!

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.


First:
Download and install Microsoft® Windows AntiSpyware during the install make sure you get any updates BUT BEFORE YOU START THE SCAN: Print or save these instructions locally now because you will have to be disconnected with no browsers open in the following steps.

Please make sure ALL Browser Windows are Closed and also you should physically disconnect from the Internet by unplugging your cable. Do not reconnect or open a browser again until requested.

Now allow the Microsoft Antispyware program to run a full scan. After it completes, reboot again in normal boot mode and continue the below steps.

Second:
Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Third:
Download the following items:

L2MeFix Tool

Generic Detection Tool - NT/2000/XP

VX2.BetterInternet Finder XP/2k - Version Msg126

Pocket KillBox

NOW:
Run the L2MeFix Tool

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log. Attach this log!

NOTE: Please do not run any other options or files in the l2mfix Folder!

After doing the above, attach the L2MFix Log with a fresh HJT log.