Startup Items isiksie & ntksnl and Popups

I'm helping a friend and looking at their computer. WinXP, 480MB RAM, 1.66 GHZ, 70GB HD. On a wireless dsl connection. Experienceing popups I can't seem to get rid of. Have ran AdAware, Spybot, antivirus scan (on and offline). The 2 above show up in hijack this log and I can not find info on them anywhere. Would really appreciate it if someone could help! Thank you.

 

Thank you for such a quick response. I've been working on this a couple days myself and have done everything listed in that post. Norton online scan and then a hard drive scan in safe mode detected no viruses. AdAware and Spybot checked for any updates and then rebooted into safe mode and ran both. AdAware gets to where scan is clean and Spybot only has DSO exploits (have researched them and found they are "normal" to still see in Spybot (as I understand). Reboot into normal mode and re-run these and they are finally both clean but these 2 startup entries are still in HiJackthis and just wanted to check if I should fix or leave alone since popups appear to have stopped. Thanks! BTW...sorry, forgot to mention the spyware I had that was difficult to get rid of was PeopleOnPage.

 

04 - HKLM\..\Run: [r7mf3mT] isiksie.exe

04 - HKCU\..\Run: [aw5pRgf4h] ntksnl.exe

 

Unfortunately, now that I've been connected to the internet for a bit and ran Adaware again, I now get 4 critical objects: 3 for PeopleOnPage and 1 for a tracking cookie. With one of the PeopleOnPage the object shows the file C:\Windows\System32\isiksie.exe. I had searched and found information previously for removing this spyware but evidently I did not do something properly. Could you direct me? Thank you.

 

Thanks Star17, but that is where I followed the instructions before...

 

Yes, did that one also. Matter of fact, I've done them both twice (thought I missed something the first time through when it didn't go away). Neither mention this "isiksie" which I see in HiJackThis, but want to be sure it should really go before I fix it.

 

Thanks, but unfortunately checked that too (usually Pacman is the first place I check...neither is listed). I tried some other startup sites too but no luck...thanks for trying to help find this...

 

Well, I only know from looking in this forum and using it for my research. You guys all do a great job and there is so much info to help...I've learned a lot from here. This is the first time I haven't been able to find my answer so it was obviously time for me to get registered and post.

 

Since this is a friend's computer, I came in the middle of this. I used the 2 sites you had listed before to try to remove this. Some of the items were not on the computer so I didn't know if it had been partially removed already. Did the steps I could. I had seen the link you just listed from their website, but figured they had not been registered. Maybe I shouldn't be so quick to ASSUME...could get me in trouble. Well, just talked to the Mom and she said neither girl knows of that site, so no luck there.

 

Ok. Decided to uncheck these in msconfig and that seems to have eliminated my popups and nothing is now detected in Spybot, AdAware or HiJackThis. My question is whether I should delete the 3 files in Explorer - ntksnl.exe, NTKSNL.EXE-073BE6D2.pf and ISIKSIE.EXE-04424B27.pf and also any instances of these in Registry Edit? I knew in msconfig I could always recheck them if I was in error but I would like some input before I delete the files or delete them out of the registry. Thanks.

 

ANYONE??? Please Help!

Anyone have the answer for me?