annoying popups

Have you run the tutorial? Its our first line of defense before moving on?

http://forums.majorgeeks.com/showthread.php?t=35407

Often that fixes the majority of problems, beyond that we can assist you if it does not work.

 

Okay if ALL the steps of the READ ME FIRST have been run, follow the steps below.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Personally I would remove Stopzilla! If you follow steps I will give you later (i.e., using Firefox) you will not need it.
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart

Goto Control Panel-->Add/Remove programs and uninstall the below if found:
Internet Optimizer
Power Scan
Web_Rebates


If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [GajKwmGFG] C:\WINNT\tkkoopud.exe
O4 - HKCU\..\Run: [iqkr] C:\PROGRA~1\COMMON~1\iqkr\iqkrm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm


After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete (if they still exist):
C:\Program Files\Internet Optimizer <-- the whole folder
C:\Program Files\Power Scan <-- the whole folder
C:\Program Files\Web_Rebates <-- the whole folder
C:\Program Files\Common Files\iqkr <-- the whole folder
C:\WINNT\tkkoopud.exe

Now run Ccleaner (installed while running the READ ME FIRST).
Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Questions:
Do you know who sccsweb is and who 10.120.2.91 belongs to? And why all these entries exist? Normally there is no reason for anything to be in the Trusted Zone.
O15 - Trusted Zone: http://sccsweb.corphealth.com
O15 - Trusted Zone: http://*.sccsweb
O15 - Trusted IP range: http://10.120.2.91
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) - http://10.120.2.91/common/controls/ssTree.cab
O16 - DPF: {44BD92DB-D8A8-43A8-8900-DD73310A59EB} (True OLE DBGrid 8 Control) - http://10.120.2.91/common/controls/todg8.cab
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://10.120.2.91/Common/controls/iemenu.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://10.120.2.91/Scripting/msrdp.cab
O16 - DPF: {92D71E93-25A8-11CF-A640-9986B64D9618} (Olectra Chart 2D Control) - http://10.120.2.91/Common/Controls/olec-2D.cab
O16 - DPF: {977DBE03-F527-11D3-8F03-00C04FA3EB91} (RtdControl Class) - http://10.120.2.91/Common/Controls/RtdCtrl.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://sccsweb/viewer/activeXViewer/activexviewer.cab

 

Your log looks clean.

But why do the below need to be in the Trusted Zone:

O15 - Trusted Zone: http://sccsweb.corphealth.com
O15 - Trusted Zone: http://*.sccsweb
O15 - Trusted IP range: http://10.120.2.91

Are you sure it is necessary? Usually it is not required and it is better if you can run properly without anything in the TZ.

Now you should complete the steps in the below link:

How to Protect yourself from malware!

After installing FireFox you will see it has its own built-in popup blocker.