Hey Everyone

4 or 5 times now when I have been surfing the web I have had a popup (for various sites, progresivescan.info is one that I remember) come up and try to get me to install something. I hit ctrl+alt+delete and close down firefox entirely. When I try to restart firefox it automatically tries to bring up the pages I was on rather than ask me if I want to restore my old session or start a new one. I ctrl+alt+delete again and the next time I restart firefox I am able to choose which windows I want to restore if any. It does this on different webpages that I have been to a million times before so I think the issue is my computer and not the pages.

There is nothing I have done in recent memory to cause this. I try to never download anything and I have a few anti spyware/adware programs on my comp. I did download some photos that my mom sent me the other day but I had been seeing the popup before that.

operating system: windows vista x64
internet browser: firefox, always newest version

I used Spybot SD to try to fix the problem after the 2nd time it happened but I have seen the popup again after that.

Thanks for the help,

Flint

callmeflint,



Download OTL to your desktop.http://oldtimer.geekstogo.com/OTL.exe
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan copy and paste the red text from the code box.
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\System32\antiwpa.dll
%systemroot%\SYSTEM32\wpa.dll
%systemroot%\setup\scripts\biestart.exe
%systemroot%\system32\drivers\royal.sys
%systemroot%\system32\oobe\AntiWPA_Crypt.dll
%TEMP%\antiwpa_crypt.dll
%TEMP%\antiwpa.dll /s
%PROGRAMFILES%\antiwpa.dll /s
%systemroot%\system32\crypt.dll
%TEMP%\crypt.dll
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy the contents of these files and post them with your next reply.If the text is to big,zip it up or post it in two or three parts.

I didn't see an OTListIt, just Extras and OTL. I had to split the OTL into two parts.

Thanks, Crunch

callmeflint,

Download OTM by Old Timer and save it to your Desktop.

Double-click OTM.exe to run it.

• Paste the following code under the area. Do not include the word Code.

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
============================================

Next,

• Open HiJackThis
• Click on the "Config..." button on the bottom right
• Click on the tab "Misc Tools"
• Click on "Open ADS Spy.."
• Click on "Scan"
• Click on "Save Log..."
• Copy and past the List from the notepad into your next post

Here is the OTM log:

All processes killed
========== FILES ==========
Folder move failed. C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP scheduled to be moved on reboot.
File/Folder [emptytemp] not found.
File/Folder [Reboot] not found.

OTM by OldTimer - Version 3.0.0.6 log created on 08302009_205831

Regarding the HiJack this, after the scan is complete I hit "Save Log..." but nothing happens and I can't find a new file being created. I have checked My Documents, Desktop, and the Trend Micro folder.

Apologies callmeflint. There was an error in my script.

Download OTM by Old Timer and save it to your Desktop.

Double-click OTM.exe to run it.

• Paste the following code under the area. Do not include the word Code.

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
=========================================

Regarding your other issue, try just copying and pasting the log here instead of saving it.

Hey, two thing:

1) I ran OTM then realized I should probably be running it as an administrator. I have posted the logs from both times that I ran it.

2) When I do the scan with HijackThis ADS Spy nothing turns up in the box, where I assume there should be text. Perhaps this is why I cannot save a log, because there is nothing to save. I have also run this as an administrator.

Thanks again

OTM run the first time

All processes killed
========== FILES ==========
Folder move failed. C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: flint
->Temp folder emptied: 5702864 bytes
File delete failed. C:\Users\flint\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 127646200 bytes
->Java cache emptied: 26632590 bytes
->FireFox cache emptied: 96961587 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
File delete failed. C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP\Wi seCustomCalla.dll scheduled to be deleted on reboot.
Folder delete failed. C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP scheduled to be deleted on reboot.
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1031797122 bytes

Total Files Cleaned = 1229.19 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08312009_091637

Files moved on Reboot...
Folder move failed. C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP\Wi seCustomCalla.dll
C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP\Wi seCustomCalla.dll NOT unregistered.
File move failed. C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP\Wi seCustomCalla.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


OTM after running it as administrator

All processes killed
========== FILES ==========
C:\Windows\AC54E5443E42443CA91DA00A6974C592.TMP moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: flint
->Temp folder emptied: 31832 bytes
File delete failed. C:\Users\flint\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1900678 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3872449 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 51724 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.59 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08312009_092140

Files moved on Reboot...

Registry entries deleted on Reboot...