So Many Popups!

You have a few different problems. Some of which can be pretty nasty to remove. But you need to follow cleaning procedures as per the stickies and I'm adding another step to it. See below and run all of these steps.

Please follow the steps below:

- Download, install and update Spy Sweeper Run it once while you are in normal boot mode.

- Now run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

- While still in safe mode from running the READ ME, run SpySweeper one more time.


Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

Are the below items somethings you setup? They look more like a LOP infection than the do to be valid.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qwqeakjkbay.com/CvPGjBwJdaO7K/Yd_JBN73BM3szZnO9dYckGTO9bIWGq6CyWXD_vLDjy88AtOolg.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yeyrzrhtkwtdr.com/95vJwYwQZtvEd64bSJ8mDyAaBgjpjUD0rJWEWjjVR44.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://boards.lionhead.com/forumdisplay.php?f=63

Also did you setup this proxy server?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.115.116.11:80

 

If those R0 & R1 lines I asked about in my last message were not added by you, add those lines to the list below to fix using HJT.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\userinit.exe,
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} - http://www.blizzard.com/support/includes/cabs/si.cab
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\ozpdx32.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\ir0sl5d71.dll (file missing)

After clicking Fix, exit HJT.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

I guess this one is your expected start page?

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://boards.lionhead.com/forumdisplay.php?f=63

Your clean! However, you are in need of getting better protection on your PC. You have no antivirus and you also need a real firewall. The firewall in WinXP SP2 is not adequate. You need to run thru all the steps in the below:

How to Protect yourself from malware!

Also, you can uninstall SpySweeper now if desired since it is only a 15 day trial version and you do have MS Antispyware to help block spyware.