I keep having popup problems. It just started the other day. I have tried running ad-aware, spybot and avg anit-spy. But still have popups! Please help? One popup that comes up repeatedly is WinAntiVirus Pro 2007.

hello bw2145, and welcome to PCHF....there's a few things wrong with your machine, but nothing that seems too drastic. Let's start here:

Please download SUPERAntiSpyware Home Edition (free version)

• Install it and double-click the icon on your desktop to run it.
• It will ask if you want to update the program definitions, click Yes.
• Under Configuration and Preferences, click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
• On the main screen, under Scan for Harmful Software click Scan your computer.
• On the left check C:\Fixed Drive.
• On the right, under Complete Scan, choose Perform Complete Scan.
• Click Next to start the scan. Please be patient while it scans your computer.
• After the scan is complete a summary box will appear. Click OK.
• Make sure everything in the white box has a check next to it, then click Next.
• It will quarantine what it found and if it asks if you want to reboot, click Yes.
• To retrieve the removal information for me please do the following:
  • After reboot, double-click the SUPERAntispyware icon on your desktop.
  • Click Preferences. Click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • It will open in your default text editor (such as Notepad/Wordpad).
  • Please highlight everything in the notepad, then right-click and choose copy.
• Click close and close again to exit the program.
• Please paste that information here for me with a new HijackThis log.

SUPERAntiSpyware Scan Log
Generated 04/17/2007 at 04:20 PM
Application Version : 3.6.1000
Core Rules Database Version : 3220
Trace Rules Database Version: 1230
Scan type : Complete Scan
Total Scan Time : 00:50:15
Memory items scanned : 601
Memory threats detected : 1
Registry items scanned : 7008
Registry threats detected : 17
File items scanned : 28638
File threats detected : 107
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKKLM.DLL
C:\WINDOWS\SYSTEM32\JKKLM.DLL
HKLM\Software\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}
HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}
HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32
HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BTDLIKFB.DLL
HKLM\Software\Classes\CLSID\{CCD0DD60-30F4-4090-B6AC-F33576BEBE24}
HKCR\CLSID\{CCD0DD60-30F4-4090-B6AC-F33576BEBE24}
HKCR\CLSID\{CCD0DD60-30F4-4090-B6AC-F33576BEBE24}\InprocServer32
HKCR\CLSID\{CCD0DD60-30F4-4090-B6AC-F33576BEBE24}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{F0614BD5-4ECC-4682-A4A9-8471BA040BDE}
HKCR\CLSID\{F0614BD5-4ECC-4682-A4A9-8471BA040BDE}
HKCR\CLSID\{F0614BD5-4ECC-4682-A4A9-8471BA040BDE}\InprocServer32
HKCR\CLSID\{F0614BD5-4ECC-4682-A4A9-8471BA040BDE}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEBYX.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{CCD0DD60-30F4-4090-B6AC-F33576BEBE24}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{F0614BD5-4ECC-4682-A4A9-8471BA040BDE}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkklm
HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@mb[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.glispa[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@winantivirus[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@LPBofA1[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sec1.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-maniatv.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\owner@coxhsi.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@azoogleads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mb[2].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@a.websponsors[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@ad.zanox[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@adinterax[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@adrevolver[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@ads.glispa[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@ads.realtechnetwork[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@adv.webmd[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@atwola[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@azjmp[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@azoogleads[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@clicksor[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@interclick[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@lynxtrack[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@partner2profit[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@stats[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@track.searchignite[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@winantivirus[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@www.winantiviruspro[2].txt
Trace.Known Threat Sources
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\YH0JKL4N\img_01[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\QRSTUVWF\img_13[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\YH0JKL4N\bt_bgT[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\6789STUD\img_14[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\092ZGV8V\img_12[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\YH0JKL4N\checksoft[1].js
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\YH0JKL4N\win1[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\092ZGV8V\no[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\6789STUD\box2[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\QRSTUVWF\img_03[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\QRSTUVWF\tb_03[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\QRSTUVWF\tb_01[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\QRSTUVWF\img_11[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\QRSTUVWF\win2[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\QRSTUVWF\img_37[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\YH0JKL4N\check[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\6789STUD\boton1[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\092ZGV8V\bg[1].gif
C:\Documents and Settings\Morgan\Local Settings\Temporary Internet Files\Content.IE5\092ZGV8V\img_02[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JC9G7AH\new-edition-label[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2161U34V\ico4[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GRKVGLUB\checksoft[1].js
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2161U34V\box5[1].png
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GB616LEP\bkg3[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GB616LEP\2007[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GRKVGLUB\lo[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2161U34V\2007[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JC9G7AH\styles[1].css
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GB616LEP\arrow[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JC9G7AH\t_p1[1].png
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JC9G7AH\box3[1].png
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GB616LEP\med[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2161U34V\bt2[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GB616LEP\ico3[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GRKVGLUB\box6[1].png
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GB616LEP\logo[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GRKVGLUB\bkg7[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JC9G7AH\no[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GRKVGLUB\hi[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JC9G7AH\ico1[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2161U34V\bottom_threats[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GRKVGLUB\box4[1].png
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JC9G7AH\bg_menu[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GRKVGLUB\yes[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JC9G7AH\box1c[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GRKVGLUB\WinAntiVirusPro2007Free Install[1].exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GB616LEP\top_threats[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2161U34V\getnow[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2161U34V\button_download[1].gif

looking better. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'.

O2 - BHO: (no name) - {CCD0DD60-30F4-4090-B6AC-F33576BEBE24} - (no file)
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\vwxoqval.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post a new Hijack This log, and let me know how the machine is running.

Thanks,

v

Thank you so much!! I have had no popups at all since running the first things you told me to do. Things seem to be little sluggish sometimes, but thats probably just my machine!

better yet......please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'

O2 - BHO: (no name) - {3DD137EB-6FBB-4C5D-B120-A011E9665EEf} - C:\WINDOWS\system32\vwxoqval.dll (file missing)
O2 - BHO: (no name) - {8950B6E8-D3F0-4AE7-BF04-7D4EA7D3137b} - C:\WINDOWS\system32\vwxoqval.dll (file missing)

How's the machine running now? If it's still sluggish we can dump some temp files and check the defrag status, which could help a bit.

thanks,

v

its running great now!! seems to have sped up alot. Is there anything you recomend to keep this problem from happening in the future?