I have followed the instruction to run cleanup, anti-virus, ad-ware, upgrade windows security patch and HijackThis, but can't fix the popup Best Offer. Here are the log
Logfile of HijackThis v1.99.1
Scan saved at 9:08:27 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\owbuhj.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\tmp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {19B2FFB3-5408-41CA-840C-7B6965D9F10E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3245F7B4-58D0-48E1-A74A-19E5B96236B4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3AA2A646-91CB-4AF6-887D-4E0654A9187C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {41429B23-A406-4F7A-AE83-B03A2F3EF8B7} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {478AFF91-854C-4468-AC79-7EDB7680CC8E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {57068982-B366-4204-AA0A-C8BF3990C7EA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {5EB839BD-2215-4B23-895C-5E09AF911DB2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {60D3D244-320A-4325-B93C-717EA6835EB0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {632212BB-64A7-4DFD-92EC-503744383B81} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {63C7A189-9299-4DD8-9ECC-5C231915373A} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {75D79098-8F13-490E-8698-4C9E44EF970D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7742CE4B-3A73-4CE5-B40D-58D26578639F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7CCDA366-071F-4478-81EB-2164651BF130} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {812DBAB4-925A-4C5C-817B-30723DC1DD73} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {84494995-6A34-47CB-941F-76D192224AC4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {85646107-40FD-4FDE-A22A-5F51D942C7C3} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {89B51D3C-0AF6-48A0-A331-37EC150AFCD5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {8E6D80AA-ABF0-488A-ACB0-EA318AC9CB69} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {91CFFEC3-85AE-470C-9616-E09B204A33F8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {94E6138E-2787-4944-BE9C-56D515E1F8EC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9E1DE9D1-944B-4982-A867-3679DBECE525} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {ADE9E5F7-95D9-450F-AA97-F7A4A78A3163} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AE2B3CC5-81F0-4948-BF6A-8603B405C618} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {B156C4DB-F4C3-461D-BAC2-542E8D9EAA77} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {B561305C-6A19-4D74-B9AB-6DFA56A3DF80} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {BF04338A-461A-4B08-BE62-D1778CC349DE} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {CCF61321-A636-4FB5-97AA-59721A862C4D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D99FE85B-98FF-443A-81E0-735608E1C12F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DFF1A9E7-EBC6-4A97-BC4E-8D6B98550BB8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [vigicc] C:\WINDOWS\system32\owbuhj.exe r
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on
Logfile of HijackThis v1.99.1
Scan saved at 9:08:27 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\owbuhj.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\tmp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {19B2FFB3-5408-41CA-840C-7B6965D9F10E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3245F7B4-58D0-48E1-A74A-19E5B96236B4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {3AA2A646-91CB-4AF6-887D-4E0654A9187C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {41429B23-A406-4F7A-AE83-B03A2F3EF8B7} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {478AFF91-854C-4468-AC79-7EDB7680CC8E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {57068982-B366-4204-AA0A-C8BF3990C7EA} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {5EB839BD-2215-4B23-895C-5E09AF911DB2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {60D3D244-320A-4325-B93C-717EA6835EB0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {632212BB-64A7-4DFD-92EC-503744383B81} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {63C7A189-9299-4DD8-9ECC-5C231915373A} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {75D79098-8F13-490E-8698-4C9E44EF970D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7742CE4B-3A73-4CE5-B40D-58D26578639F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7CCDA366-071F-4478-81EB-2164651BF130} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {812DBAB4-925A-4C5C-817B-30723DC1DD73} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {84494995-6A34-47CB-941F-76D192224AC4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {85646107-40FD-4FDE-A22A-5F51D942C7C3} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {89B51D3C-0AF6-48A0-A331-37EC150AFCD5} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {8E6D80AA-ABF0-488A-ACB0-EA318AC9CB69} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {91CFFEC3-85AE-470C-9616-E09B204A33F8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {94E6138E-2787-4944-BE9C-56D515E1F8EC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {9E1DE9D1-944B-4982-A867-3679DBECE525} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {ADE9E5F7-95D9-450F-AA97-F7A4A78A3163} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AE2B3CC5-81F0-4948-BF6A-8603B405C618} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {B156C4DB-F4C3-461D-BAC2-542E8D9EAA77} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {B561305C-6A19-4D74-B9AB-6DFA56A3DF80} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {BF04338A-461A-4B08-BE62-D1778CC349DE} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {CCF61321-A636-4FB5-97AA-59721A862C4D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D99FE85B-98FF-443A-81E0-735608E1C12F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DFF1A9E7-EBC6-4A97-BC4E-8D6B98550BB8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [vigicc] C:\WINDOWS\system32\owbuhj.exe r
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on
