Random popups and super slow internet

Computing.Net > Forums > Security and Virus > Random popups and super slow internet

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Random popups and super slow internet

Name: TheDesired
Date: August 13, 2009 at 16:06:00 Pacific
OS: Microsoft Windows Vista Home Premium
CPU/Ram: 1.833 GHz / 3061 MB
Product: Dell / INSPIRON 1525
Subcategory: General
Tags: Vista, Virus, Malware problem

Comment:

Alright so... I've been getting these annoying popups, when I start up mozilla firefox, anddd it's also really slow, especially when I go on youtube or try to search google or something. I'd like some help to get this fixed.
I've already read this thread: http://www.computing.net/answers/se...
So I have Hijack This, SmitfraudFix, Malwarebytes - AntiMalware, And AVG pro or whatever.
I've done scans with all of them, and have had them find infections n shiz. But after I cleared the infections they found/got rid of them, they didn't exactly fix the problem, cause I still get popups and it's slow, sooo I thought I'd come post on here. Hope you guys can help. I don't know how to look for errors or whatever in Hijack This, sooo I can't do it by myself.
Thanks in advanced.

Sponsored Link

Ads by Google

Response Number 1

Name: jdk (by neoark)
Date: August 13, 2009 at 16:51:36 Pacific

Reply:

Post your antimalarewbytes scan log.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 2

Name: TheDesired
Date: August 14, 2009 at 01:37:49 Pacific

Reply:

Malwarebytes' Anti-Malware 1.40
Database version: 2615
Windows 6.0.6001 Service Pack 1
8/13/2009 1:39:10 AM
mbam-log-2009-08-13 (01-39-03).txt
Scan type: Quick Scan
Objects scanned: 81561
Time elapsed: 22 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> No action taken.
Files Infected:
C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.

Response Number 3

Name: jdk (by neoark)
Date: August 14, 2009 at 07:07:49 Pacific

Reply:

Follow:
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.
2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 4

Name: TheDesired
Date: August 14, 2009 at 17:21:22 Pacific

Reply:

Malwarebytes' Anti-Malware 1.40
Database version: 2627
Windows 6.0.6001 Service Pack 1
8/14/2009 5:18:32 PM
mbam-log-2009-08-14 (17-18-32).txt
Scan type: Full Scan (C:\|)
Objects scanned: 214013
Time elapsed: 1 hour(s), 57 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/14/2009 at 05:11 PM
Application Version : 4.27.1002
Core Rules Database Version : 4057
Trace Rules Database Version: 1997
Scan type : Complete Scan
Total Scan Time : 01:39:38
Memory items scanned : 786
Memory threats detected : 0
Registry items scanned : 6052
Registry threats detected : 1
File items scanned : 24889
File threats detected : 18
Adware.ShopAtHomeSelect
HKU\S-1-5-21-2217023923-2189465741-800903992-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Adware.Tracking Cookie
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@msnportal.112.2o7[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@collective-media[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@oasn04.247realmedia[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@questionmarket[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@microsoftwlmessengermkt.112.2o7[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@ad.yieldmanager[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@247realmedia[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@ads.pointroll[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@serving-sys[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@insightexpressai[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@2o7[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@mediafire[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@atdmt[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@socialmedia[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@bs.serving-sys[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\Low\shane_lazyoh@media6degrees[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\Low\shane_lazyoh@lfstmedia[2].txt
Trace.Known Threat Sources
C:\Users\Shane Lazyoh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4C4VX6DH\cuhp_twista[1].jpg

Response Number 5

Name: jdk (by neoark)
Date: August 14, 2009 at 19:15:26 Pacific

Reply:

Follow these steps in order numbered:
1) Download GMER: http://gmer.net/download.php
[This version will download a randomly named file (Recommended).]
2) Disconnect from the Internet and close all running programs.
3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7) Now click the Scan button. If you see a rootkit warning window, click OK.
8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it rapidshare.com. Post the download link to the uploaded file in your post.
9) Exit GMER and re-enable all active protection when done.
Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.
If I'm helping you and I don't reply within 24 hours send me a PM.

internet saving optimizer random popups cable and router slow internet	random pop ups and slow internet random pop ups and slow internet i m getting random popups on my internet explorer
See More

Response Number 6

Name: TheDesired
Date: August 14, 2009 at 21:22:10 Pacific

Reply:

File name: wkou6klv.exe
Gmerlog: http://rapidshare.com/files/2675295...

Response Number 7

Name: jdk (by neoark)
Date: August 14, 2009 at 22:21:44 Pacific

Reply:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #1
1) Ensure all Firefox windows are closed.
2) To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
3) When prompted to run the scan, click Yes.
4) GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 8

Name: TheDesired
Date: August 15, 2009 at 00:05:16 Pacific

Reply:

GooredFix by jpshortstuff (12.07.09)
Log created at 23:58 on 14/08/2009
========== GooredScan ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:08 29/03/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [09:47 10/08/2009]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:53 28/03/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [19:24 29/03/2009]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox" [04:05 09/04/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [12:57 12/08/2009]
"avg@igeared"="C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared" [16:04 12/08/2009]
-=E.O.F=-

Response Number 9

Name: jdk (by neoark)
Date: August 15, 2009 at 05:27:30 Pacific

Reply:

Problem fixed?
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 10

Name: TheDesired
Date: August 15, 2009 at 05:36:37 Pacific

Reply:

Mmm, nope.
I restarted mozilla after doing all that, then restarted my computer, anddd I still get 2 tabs whenever I open it. It's always some random pop up, anddd google (my homepage). Also, it's still slow. Whenever I go and watch a youtube video or something, I can't have it playing in the background while doing things such as mess with facebook or something else. I can only watch the video otherwise my browser effs up and I can't do anything.
But, good thing is, whenever I click a link or something or open a new tab, etc, I don't get random pop ups. :D It's only when I start up firefox, and it never did that before this problem. D;
Think you can still help?

Response Number 11

Name: jdk (by neoark)
Date: August 15, 2009 at 05:56:12 Pacific

Reply:

Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:
1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connected to internet. If avz.exe doesn't start, then try to rename the file avz.exe to game.pif and try to run it again. Pause/Stop your antivirus, firewall software (if any), close games, text editors and all other programs; leave Internet Explorer/Firefox running, before following the steps below.
i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.
ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.
iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.
You should now see the main window of the AVZ utility.
--> Please navigate to "File" => "Custom Scripts". Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.
begin
ExecuteAVUpdate;
end.
Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script.
--> Choose from the menu "File" => "Standard scripts" and mark the "Healing/Quarantine and Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. Upload virusinfo_syscure.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.
Image Tutorial
2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs
   1. DDS.txt
   2. Attach.txt
Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.
In your next reply, please include download links to the following:
[*] virusinfo_syscure.zip
[*] DDS Logs

If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 12

Name: TheDesired
Date: August 15, 2009 at 14:48:38 Pacific

Reply:

AVZ logs: http://rapidshare.com/files/2677910...
DDS logs: http://rapidshare.com/files/2677957...
(Contains both DDS log and Attack.txt)
Hope I did that right.

Response Number 13

Name: jdk (by neoark)
Date: August 15, 2009 at 15:51:39 Pacific

Reply:

Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:
1) Run this script in AVZ like before, your computer will reboot:
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 StopService('GarenaPEngine');
 DeleteService('GarenaPEngine');
 QuarantineFile('C:\Program Files\Winferno\PC Confidential\PCConfidential.exe','');
 QuarantineFile('C:\Users\SHANEL~1\AppData\Local\Temp\EKZ1BA8.tmp','');
 DeleteFile('C:\Users\SHANEL~1\AppData\Local\Temp\EKZ1BA8.tmp');
 DeleteFile('C:\Program Files\Winferno\PC Confidential\PCConfidential.exe');
 DeleteFile('c:\windows\tasks\PCConfidential.job');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(true);
RebootWindows(true);
end.
2) After reboot execute following script in AVZ:
begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.
A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.
3) Only keep one 1 Antivirus and 1 Anti-Spyware on your system because they conflict with each other. Uninstall rest of them.
4) Start AVZ*. Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip. Upload virusinfo_syscheck.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.
In your next reply, please include download links to the following:
[*] virusinfo_syscheck.zip
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 14

Name: TheDesired
Date: August 15, 2009 at 17:42:02 Pacific

Reply:

File: http://rapidshare.com/files/2678413...

Response Number 15

Name: jdk (by neoark)
Date: August 15, 2009 at 21:32:39 Pacific

Reply:

Problem fixed or still there? complete step 2.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 16

Name: TheDesired
Date: August 15, 2009 at 22:05:27 Pacific

Reply:

No problem not fixed I still get the pop up and doesn't wanna work with any other windows open.
Lol oops forgot about that step.
http://rapidshare.com/files/2678917...

Response Number 17

Name: jdk (by neoark)
Date: August 15, 2009 at 22:55:37 Pacific

Reply:

Anything else besides firefox pop ups?
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 18

Name: TheDesired
Date: August 16, 2009 at 01:17:33 Pacific

Reply:

Uhhhh, yeahhh.
Facebook is really slow and laggy, and I can't use it with multiple windows open.
Like, I try to use the chat, and it takes forever to load, anddd sometimes never does. I try to go to other people's profiles or something, and it takes forever, n sometimes never even works.
Even google searches go slow. Like it shows one result at a time.

Response Number 19

Name: jdk (by neoark)
Date: August 16, 2009 at 06:29:54 Pacific

Reply:

Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:
1) Attach a Combofix log, please review and follow these instructions carefully.
Download it here -> http://download.bleepingcomputer.co...
Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.
2) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as http://rapidshare.com/ Then, Private Message me the Download links to the uploaded files.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 20

Name: jdk (by neoark)
Date: August 16, 2009 at 18:15:32 Pacific

Reply:

Uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok.
Follow:
Run a full scan with http://www.eset.com/onlinescan/
# Check the box next to YES, I accept the Terms of Use.
# Click Start
# When asked, allow the activex control to be installed.
# Click Start
# Check below options:

    * Remove found threats
    * Scan archives
    * Scan for potentially unwanted applications (Advance Settings).
    * Enable Anti-Stealth technology (Advance Settings).

# Click Scan
# Wait for the scan to finish
# When it finishes it will create a log file here: C:\Program Files\ESET\ESET Online Scanner\log.txt
# Attach this logfile to your next message.
Illustrated tutorial: http://img155.imageshack.us/img155/...
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 21

Name: TheDesired
Date: August 17, 2009 at 01:42:10 Pacific

Reply:

Log: http://rapidshare.com/files/2682950...
It doesn't look right to me, but whatever...

Response Number 22

Name: jdk (by neoark)
Date: August 17, 2009 at 05:24:13 Pacific

Reply:

Still experiencing problems?
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 23

Name: TheDesired
Date: August 17, 2009 at 14:52:30 Pacific

Reply:

Yessir. D;
Hey man, sorry for all this i'm havin' you do, I just really want this fixed. I apapreciate everything you're doing, by the way. :)
Okay so I still have the one popup when I start it up, and sites are still slow. This doesn't happen with IE, but I hate IE, sooo I don't wanna use it. I want mozilla fixed. I thought about reinstalling mozilla... But I don't wanna look all my toolbars n shiz.
Can you still help?

Response Number 24

Name: jdk (by neoark)
Date: August 17, 2009 at 15:30:10 Pacific

Reply:

Seems your better off doing clean install. Scan aren't picking up anything.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 25

Name: TheDesired
Date: August 17, 2009 at 17:33:11 Pacific

Reply:

Alright, i'll do that then.
Is there anyway to save/keep my bookmarks/installed toolbars on the program?
Thanks.

Sponsored Link

Ads by Google

google redirect virus

Security setting issues

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Random popups and super slow internet

random popups and slow internet

Summary

www.computing.net/answers/security/random-popups-and-slow-internet/21841.html

Slow Internet Connection and Popups

Summary

www.computing.net/answers/security/slow-internet-connection-and-popups/7292.html

popups and weird things

Summary

www.computing.net/answers/security/popups-and-weird-things/12408.html

From the Geek Dictionary
steve jobs - One of the co-founders of the famous Apple company. Although for some reaso...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
Mwave errors?

Toshiba Satellite A200 - Black Screen

Logical: I can dir but cannot set def to it

Sony SXRD TV & My Computer

google links redirecting

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

iPhone Consumes 50% World's Mobile Data Traffic

TV Market to Launch Cross-Platform App Store

Microsoft Working on XBL Help, FAQ System?

Used ATM Machines for Sale on Craigslist

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE