Pop-Up Hell

I have been living with Pop-Ups for the last 4 months or so. Around October I downloaded a bad file (no idea what it was but I did it), and ended up with Pop-Up attacks whenever I would visit a webpage. Just being connected didn't create pop-ups, not signing onto a messaging program or checking email, but only when I directly connected to an internet website.

I tried everything, I ran every program I could get my hands on, narrowed it down to a few possible sources including WildTangent, ISTBar, and OrbitExplorer. I then followed step-by-step instructions to remove these programs from my computer including the HPKey Registry's etc.

Nothing helped.

My solution?

"Work Offline" Mode in IE and use Firefox.

Sure, it works, but it's a pain in the butt to check my email or run MSN since I have to Work Online first and then immediately Work Offline once I connect.

I'm desperate. Please, can anyone help me? I have followed all of the step-by-step instructions you listed on the "Read Before Asking For Help" thread.

Thank you in advance!

--SpedAngel

 

Okay so I had done all those things 2 months ago but must have deleted all my log files, blah.

Redid everything this afternoon (took about 6 hours) and here's my info...

By the way--the pop ups are still occuring and the various Cookies found later in the disinfection process were due to having to click on links to proceed with the IE browser clients.

Windows Malicious Software Removal found no problems

Spybot Search and Destroy found: WildTangent, Hyperlinker, MiniBug, Windows Security Center.AntivVirusDisableNotify, Windows Security Center.FirewallDisableNotify, Windows Security Center.UpdateDisableNotify

AdAware found: MRU List, Adintelligence.AproposToolbar (could not remove C:\WINDOWS\system32\ntipsvcs.dll)

Defender did not detect anything.

Am attaching Bitdefender, Panda Activescan, and HijackThis log files.

Thanks in advance!

--SpedAngel

 

As far as the HijackThis installation location, oops? I read every other line, so I'm sorry I missed the all important one. Should I rerun the program from the proper location?

What exactly do I need to do to fix those two lines that you listed? I don't know this off of the top of my head.

I receive pop-ups on IE that are relevant to whatever searches I am currently doing, such as when I was running the Anti-Virus type webpages, the ads were Anti-Virus related, or else said "Search Inqwire" at the top. They often are related to vacation types if I'm looking at a hotel or something, and have searched Google for Poker just to see if I get related pop-ups, which I do. I don't know the URLs for these sites because they are in pop-up form.

Please, what else can I look for? I will run the two programs you listed but other than that, there is obviously something big on my computer which has been undetected by various programs. I really would like to fix this but I will not be able to reformat my hard drive for another 3 months so I want to find a solution if at all possible.

Thank you for your time.

--SpedAngel

 

Btw am not sure if I need to say this but since I replied before running the scans, my apologies. Have finished the first one and will start the second momentarily. Will post all files together, and will re-run HijackThis properly.

I also wanted to mention that my System Restore function has not worked since whatever this is has happened, if that helps at all.

Spy Sweeper found a lot so I am hoping the problem may be resolved soon.

Thanks for your time, I'll post again in a little bit.

--SpedAngel

 

Crap am posting again, sorry, I just went to turn the Firewall back on and it will not let me. This is a problem I noticed a long time ago but had forgotten about. What should I do about this? (I connect on a school server which has a firewall of it's own which is why I haven't been bothered about not having it on, but I understand the risks I'm taking.)

--SpedAngel

 

Okay, I ran both tests now, and redid the Hijack thing 100% properly, unchecking all of the start-up files under msconfig, so that should be more helpful this time.

With the Spy Sweeper, it labelled the "apropos" file as being Adware and that was it, until it got into the D:\ drive and decided the entire backup recovery section were bad files. After 4 hours of waiting for it to finish I just quit out. Sorry. Here's the info from that:

Your Sweep Options indicate the following will be swept:
Drives: C: D:
Also sweeping: Memory, Cookies, Registry
Adware found: apropos
System Monitor found: potentially rootkit-masked files
d:\hp\patches\43ww3own\files\up\recguard.exe (2656 files later I quit)

IF that area is a hotbed of potential problems, let me know, but my research on it revealed they are usual back-up files so... I'm not 100% sure on that. Sorry.

The other two ran fine, and am attaching those. (I fixed the two lines from HijackThis by rerunning HijackThis and selecting those two to be "fixed".)

The Pop-Ups are still there--one just came up. So there is still a problem.

--SpedAngel

 

I will run Apropos again in a little while but just to clarify, I ran all of those programs and I still have pop-ups, even after running Apropos. The problem was not solved with it, and while I will still try, I doubt my rebooting and re-running Apropos is going to fix it.

Thanks!

--SpedAngel

 

Okay, am attaching new Apropos file but it only detected/fixed one thing.

When I ran SpySweeper, it only listed "Apropos" as a potential problem, out of 130,000+ files. I kept checking the "Problems" and "Traces" box and it was only 1 file, identified as "Apropos" that was on the thing all the way up until it reached the D:\ drive. I'd prefer not to rerun it because it took about 2 hours to get that far but I can try if necessary.

Thanks. There is still no change in pop-ups.

--SpedAngel

 

I feel like I'm sitting on a ticking time bomb that will explode at any second...

...but for now, it has not.

The Pop-Ups are not occurring at this time. I am very surprised. I did all of my tests, going to Google and searching for "poker" "travel" "virus scanner" and none of them produced any pop-ups. I even clicked on multiple links for the search results, nothing.

I thank you for your assistance, but still am in disbelief the problem is fixed. I'll contact you again if there are any more pop-ups. Sorry if I don't sound grateful but after running a million tests over 5 months, it's hard to believe running two more did the trick and that every other scanner missed it for all this time. But if it's true, I will be very happy!

Thank you for all of your help! I'll update this later if I still have no pop-ups in a few days. And if they come back, you know I'll be back.

--SpedAngel