• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Sylvan_Sorrow

Massive Pop-ups

4 posts in this topic

Before we begin a little backbackstory on this computer.. I work for a small tech support and service commpany in massachussetts and never had a computer ever with this many spyware/malware problems. My goal though is to clean it without haven't to resort to a reinstallation of windows. Ive ran ad-ware (removed about 5,000 obhects total with it), spybot (another 2,000), and the full version of pest patrol (about 1,800). Also ran CWShredder, and Hijack this. Here is my Hijack this log and keep in mind, I have deleted in the past EVERYTHING save the startup programs, so that all has returned at one point or another.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 9:50:56 AM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\PestPatrol\ppcontrol.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Owner\Desktop\HijackThis-1.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...B_PVER}&ar=home

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: Tray32 - {32FB7BAD-9D1C-EF88-F621-0E6C924DC6CA} - C:\PROGRA~1\LINKRO~1\Site Bias.dll

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [VGA WAY] C:\PROGRA~1\LIVEAU~1\Movedoes.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: AIM (HKLM)

 

 

 

 

 

 

 

Please help, Im near ready to give up on this one. Doing this in safe mode with netwokring support cuz at least thats cutting the number of popups Im getting in half.

Share this post


Link to post
Share on other sites

Hi,

Doing this in safe mode with netwokring support

Start with the below, but you really need to post a HijackThis log from normal mode so I can see any other items loading from Startup that do not show up in Safe Mode. Also if you have any disabled via Msconfig, go back and check those items as HijackThis can not "see" disabled items.

 

First thing to do is ...

 

Reconfigure Windows Explorer to show Hidden Files:

Open the Windows Explorer Folder Options - View [tab]:

 

Scroll down to the "Files and Folders" section.

Select: "Display the contents of system folders".

 

Scroll down to the "Hidden Files and Folders" section.

Select: "Show hidden files and folders", Ok the prompt

Uncheck: "Hide file extensions for known file types"

Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

 

Click the "Apply to all Folders" button. Close Windows Explorer.

 

Next:

 

Close all open windows, except for HijackThis place a check in each of the following:

Then click "Fix checked".

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...B_PVER}&ar=home

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: Tray32 - {32FB7BAD-9D1C-EF88-F621-0E6C924DC6CA} - C:\PROGRA~1\LINKRO~1\Site Bias.dll

 

Then reboot, on restart, restart in Safe Mode (see "How To" below)

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\PROGRAM FILE\LINKRO~1 <--this folder

Note: locate the folder via Start Search > "Site Bias.dll"

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Edited by WinHelp2002

Share this post


Link to post
Share on other sites

Thanks, but I more or less already tried all that. Didn't work. But I am now all set, after researching through these forums while waiting for a reply I found information on something called vx2.betterinternet and instructions on removing that. Tried that and I no longer have any problems. Thankyou though.

Share this post


Link to post
Share on other sites

Hi,

"allaboutsearching.com" (C2Media\LOP) and "vx2.betterinternet" are not related, you still need to remove the above.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0