Just-in-time-debugging

[Geoff S]

I think I have a Virus. I keep getting the pop-up "Just-in-time-debugging"
I try to X out of it and something else pops up. I have gone into IE6 and disabled debugging in IE and Other. Please help me get rid of this annoying POPUP. Everything else on my PC works fine except when I open IE it does not open my home page it opens another site.I have run McAfee and Malwarebytes with the latest updates but still have the problem
Thanks in advance.

[Train]

Follow the instructions here
http://discussions.virtualdr.com/sho...d.php?t=197917
and post the logs here.
I move this thread to the correct forum.

[Geoff S]

Tried running GMER.EXE but the application stops responding in a short time.
Here are the other logs.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/23/2010 at 08:40 PM

Application Version : 4.33.1000

Core Rules Database Version : 4510
Trace Rules Database Version: 2322

Scan type : Complete Scan
Total Scan Time : 01:39:14

Memory items scanned : 618
Memory threats detected : 0
Registry items scanned : 8599
Registry threats detected : 2
File items scanned : 41620
File threats detected : 35

Trojan.Agent/Gen-Ertfor
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5BF49A2-94F1-42BD-F434-3604812C807D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5BF49A2-94F1-42BD-F434-3604812C807D}

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@chitika[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@smartadserver[2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@kontera[2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@dmtracker[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@collective-media[2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@ak[2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@invitemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@247realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey sriwardena@tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\geoffrey [email protected][1].txt

Trojan.RootKit/Gen
C:\WINNT\SYSTEM32\DRIVERS\HXEZV.SYS

Malwarebytes' Anti-Malware 1.44
Database version: 3644
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/27/2010 6:17:06 PM
mbam-log-2010-01-27 (18-17-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 231863
Time elapsed: 1 hour(s), 29 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2af9c022-c582-4e35-931c-408e568aba92} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2af9c022-c582-4e35-931c-408e568aba92} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2af9c022-c582-4e35-931c-408e568aba92} (Password.Stealer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\mkig.dll (Password.Stealer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRE.tmp (Rootkit.Agent) -> Delete on reboot.
C:\WINNT\system32\drivers\hxezv.sys (Rootkit.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:55 PM, on 1/27/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\system32\lxdncoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINNT\system32\STacSV.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\StkASv2K.exe
C:\WINNT\System32\StkSrv2K_.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\system32\WFXSVC.EXE
C:\Program Files\winfax\WFXMOD32.EXE
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {349c02ec-c646-4b59-a98b-576bb5d7e10a} - figadiba.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: MoneyBooster - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F} - C:\Program Files\IEToolbar\MoneyBooster\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mlwr.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} (VBIRDPlayer.Player) - http://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by115fd.bay115.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1198339647165
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195398269000
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - https://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} - http://www.jaxtr.com/user/activex/Ja...okImporter.CAB
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - http://photos.msn.com/resources/neut...cab?10,0,910,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDC66C52-7170-432C-8854-759C5676887B}: NameServer = 135.38.244.3,135.37.9.18
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINNT\,paziburu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdn_device - - C:\WINNT\system32\lxdncoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINNT\system32\STacSV.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINNT\System32\StkASv2K.exe
O23 - Service: USB2.0 TVBOX Service (StkSSrv) - Syntek America Inc. - C:\WINNT\System32\StkSrv2K_.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINNT\system32\WFXSVC.EXE

--
End of file - 11897 bytes

Thanks for your help

[Broni]

Please download ComboFix from Here or Here to your Desktop.


**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[Geoff S]

Thank You All,
First ran--- Ran Super AntiSpyWare
then ran--- Malwarebytes Anti-Malware
These two applications cleaned up a number of problems, but I still got some "Pop-ups"
then I ran ComboFix and it cleaned up everything.
Thanks Again.
One of the PopUps said that the my PC had a virus and to clean it up I had to purchase their application and required me to give my credit card to purchase it. Why can' t Law Enforcement authorities locate these "crooks"(don't want to use obsenities on this forum) and take them out of business.

[Broni]

I still need to see Combofix log.