I have scanned with spybot, used combofix, vundofix, and even hijackthis. nothing related to targetsaver comes up, however i still get the popups. running windows media center xp and internet explorer 7. what should i do now?

Hello,

What does the pop up say? also have you tried another browser such as firefox or opera?

Hello and welcome have you run the Vundo fix from safe mode.
Use of advanced tools such as ComboFix and HiJackThis without guidance can be a veryy risky practice.

This is a link to our Tutorial
How To Remove Vundo/Winfixer Infection

Now Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode: How to start Windows in Safe Mode
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post logs and Let us know how the PC is running.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/02/2008 at 03:33 PM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 01:34:45

Memory items scanned : 167
Memory threats detected : 0
Registry items scanned : 5812
Registry threats detected : 106
File items scanned : 34214
File threats detected : 30

Trojan.Unknown Origin
[qifq] C:\PROGRA~1\COMMON~1\QIFQ\QIFQM.EXE
C:\PROGRA~1\COMMON~1\QIFQ\QIFQM.EXE
C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQA.EXE
C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQL.EXE
C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQM.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSCPTR.EXE.VIR
C:\WINDOWS\TWLJAGVSBGU\NQ53U3PPV3O.VBS

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}#AppID
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32#ThreadingModel
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\ProgID
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\TypeLib
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE3.DLL
HKLM\Software\Classes\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}#AppID
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\Implemented Categories
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\InprocServer32
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\InprocServer32#ThreadingModel
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\ProgID
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\TypeLib
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE6.DLL
HKLM\Software\Classes\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}#AppID
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\Implemented Categories
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\InprocServer32
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\InprocServer32#ThreadingModel
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\ProgID
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\TypeLib
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE.DLL
HKLM\Software\Classes\CLSID\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}#AppID
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\InprocServer32
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\InprocServer32#ThreadingModel
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\ProgID
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\TypeLib
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{8C6D5A56-791E-4fe8-9D64-81781FA15D68}
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}#AppID
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\InprocServer32
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\InprocServer32#ThreadingModel
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\ProgID
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\TypeLib
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{9815DA81-2E0C-478c-90E4-06E474E704D0}
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}#AppID
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\InprocServer32
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\InprocServer32#ThreadingModel
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\ProgID
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\TypeLib
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C6D5A56-791E-4fe8-9D64-81781FA15D68}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}
HKU\S-1-5-21-1413838321-225335308-3390577993-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\BndDrive.Band
HKCR\BndDrive.Band\CLSID
HKCR\BndDrive.Band\CurVer
HKCR\BndDrive.Band.1
HKCR\BndDrive.Band.1\CLSID
HKCR\BndDrive.BHO
HKCR\BndDrive.BHO\CLSID
HKCR\BndDrive.BHO\CurVer
HKCR\BndDrive.BHO.1
HKCR\BndDrive.BHO.1\CLSID
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\0
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\0\win32
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\FLAGS
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\HELPDIR
HKCR\AppId\{1F5E0EA2-ABEA-44c3-95EC-2D1E721FE95E}
HKU\S-1-5-21-1413838321-225335308-3390577993-1005\Software\antica
HKU\.DEFAULT\Software\BndDrive
HKU\S-1-5-21-1413838321-225335308-3390577993-1005\Software\BndDrive
HKU\S-1-5-18\Software\BndDrive
HKU\S-1-5-21-1413838321-225335308-3390577993-1005\Software\Microsoft\Windows\CurrentVersion\Run#ISMPack6 [ "C:\Program Files\ISM2\ISMPack6.exe" ]
C:\Documents and Settings\Michelle\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Michelle\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Michelle\Start Menu\Programs\Internet Speed Monitor
C:\PROGRAM FILES\ISM\ISM.EXE
C:\PROGRAM FILES\ISM\BNDDRIVE2.DLL

Adware.ClickSpring
HKLM\Software\Classes\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}
HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}
HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}\InprocServer32
HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}\InprocServer32#ThreadingModel
HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}\Programmable
HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}\TypeLib
C:\WINDOWS\SYSTEM32\TBGCEMKR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}
C:\QOOBOX\QUARANTINE\C\DOCUME~1\MICHELLE\APPLIC~1\APPATC~1\WINSPOOL.EXE.VIR
C:\QOOBOX\QUARANTINE\C\DOCUME~1\MICHELLE\APPLIC~1\CROSOF~1\NOTEPAD.EXE.VIR
C:\QooBox\Quarantine\C\WINDOWS\ASKS~1\MCONFI~1.VIR

Trojan.Net-MSV/VPS-H
HKCR\BndDrive2.Band
HKCR\BndDrive2.Band\CLSID
HKCR\BndDrive2.Band\CurVer
HKCR\BndDrive2.Band.1
HKCR\BndDrive2.Band.1\CLSID
HKCR\BndDrive2.BHO
HKCR\BndDrive2.BHO\CLSID
HKCR\BndDrive2.BHO\CurVer
HKCR\BndDrive2.BHO.1
HKCR\BndDrive2.BHO.1\CLSID

Trojan.SpySheriff
C:\DOCUMENTS AND SETTINGS\MICHELLE\US14INFO.EXE

Unclassified.Unknown Origin/System
C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQD\QIFQC.DLL

Trojan.Downloader-Gen
C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQP.EXE

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

Adware.IPWins
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\IPWINDOWS\IPWINS.EXE.VIR

TargetSaver, Inc. Process
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSUNINST.EXE.VIR

Trojan.Downloader-Gen/Installer
C:\WINDOWS\B104.EXE

Adware.Adservs
C:\WINDOWS\TWLJAGVSBGU\ASAPPSRV.DLL

Unclassified.Unknown Origin
C:\WINDOWS\TWLJAGVSBGU\COMMAND.EXE


i think it should be gone. that was the first time it was ever specifically detected. thanks guys.

To prevent restoing your computer to the infected state,create a New Restore Point.
Create a new Restore Point:
Go to Start > All Programs > Accessories > System Tools > System Restore
Then when Restore opens, select Create a new restore point and click Next
Give the the restore point a name like New and clean >Click Create

Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "OK".
Click the "More Options" Tab.
Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one