win32/ pop ups

Hewlett-packard Hp pavilion dv6700 noteb...
June 3, 2009 at 08:34:47
Specs: Microsoft Windows Vista Home Premium, 2 GHz / 3061 MB

I am also getting same pop ups from windows defender for win32/ i have avast pro installed, i scheduled its boot time scan, and avast detected the file at location windows/system32/drivers/gxcgjfhflfljg.................sys.. i asked avast to delete this file.. but still i am getting same pop ups..
then i tried to scanning my computer with AVZ.exe with custom scripts as mentioned in response number 3.. here is the link of virus scan info for my comp

but the file names and files are different from the files that are mentioned in script for quarantine the files in response no. 5

so can you please help me what to do next.

Thank you for all help..

See More: win32/ pop ups

Report •

June 3, 2009 at 08:39:11
1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called inside. Upload that file to and paste the link here.

Image Tutorial

2) Can you also make a new HijackThis log and upload it to HijackThis: Here


Report •

June 3, 2009 at 08:42:53

this is the link to avz scan info.

Report •

June 3, 2009 at 08:44:22
Wrong File please read and redo Response Number 1 Carefully.


Report •

Related Solutions

June 3, 2009 at 08:56:54
avz virus scan zip file link:

hijack this log file link:

i hope i am correct this time.. i am sorry for my wrong files and delays...

Report •

June 3, 2009 at 09:11:02
Those are correct files but did start AVZ.exe with "Run as administrator"?


Report •

June 3, 2009 at 09:30:45
updated avz virus scan info.. ran as administrator this time

Report •

June 3, 2009 at 10:11:03
Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

2) After Reboot. Attach a Combofix log, please review and follow these instructions carefully.

Download it here ->

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs ( Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to and paste the link here.


Report •

Ask Question