Get google/yahoo toolbar
they stop all popups

i dont want a pop-up stopper or no toolbar, i had no popups on any site a few weeks back, only pop-ups that are meant to be on the sites...

Well...delete your cookies every day then

Post your Hijack This log if there's nothing dodgy on it.


EDIT: What spyware removal programs have you used?

And it says at the bottom something like "This may not be affiliated with the website you are viewing, find out why by clicking here" ?

I got them ages ago, Updating Ad-Aware and scanning fully successfully removed it.

I've used all sorts of spyware removers, including SpySweeper, Ad-ware and Spy-ware remover, i've done a full system scan with Norton Anti Virus...

Mr.Peanuts: I havent check yet, all i've done is just closed every pop-up i get..

Heres my HiJack this log,

Logfile of HijackThis v1.98.0
Scan saved at 19:03:28, on 17/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SIS630_V1.05\UTILITY\3D\KHOOKER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NTL\BROADBAND MEDIC\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NTL\BROADBAND MEDIC\BIN\MPBTN.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/indexBroadband.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\LBBHO.DLL
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS KHooker] C:\Program Files\SiS630_V1.05\utility\3d\khooker.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NTL\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O8 - Extra context menu item: Use as &Display Picture - \IEDP2\IEDP.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://www.xzoomy.com/media/hoover/fullgames2.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potd_x.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/game...ts/y/wt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/game...s/y/grt5_x.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt2_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/game.../y/t21t0_x.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/...ol/h2hpool.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: HushEncryptionEngine - https://mailserver1.hushmail.com/sha...tionEngine.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab

I don't know if this is causing your popup problem but it looks like you may have a trojan called ptsnoop - http://www.f-secure.com/v-descs/ptsnoop.shtml

"C:\WINDOWS\PTSNOOP.EXE"
"F1 - win.ini: load=ptsnoop.exe"

(there is a legitimate program called ptsnoop.exe as well so don't just delete it)

Norton doesn't seen very good at spoting these things. Try a dedicated trojan removal program - TDS3 is very good - http://tds.diamondcs.com.au/index.php?page=download or Ewido Security System is ok- http://www.ewido.net/en/. TDS3 is limited to 30 days but Ewido is free so I'd keep it and use it together with Norton.

I think ZeUs!! warned that messengerplus3 comes bundled with spyware so you could also try uninstalling this to see if it stops the popups.

Btw. if you want to protect your registry a bit try Regprot - http://www.diamondcs.com.au/index.php?page=regprot a small program which asks you to confirm or deny any changes to your registry.

If you still have probs, you can post your Hjt log on - http://www.wilderssecurity.com/forumdisplay.php?f=26, very good forums for this sort of thing.

GP

From a google search:
PancakeJune 29th, 2004, 08:16 AM
Hi
C:\WINDOWS\ptsnoop.exe can be a backdoor trojan or it can come as a program with a modem. If you do not use the PCTel modem, you can delete this file. Use the Search function in Windows Explorer to track it down.Apart from that the log is ok.

i deleted the file anyway but im still getting pop-ups..
Example of some of them from this site;




and i get a fuck load from matchmate.net or summit like that

When exactly do these pop ups occur first?

When the computer starts up, when you connect to the internet, as soon as you open IE .... ?

Mobey, have you been watching porn again?

that's what you get when you try to view free porn samples.

Have you run an anti-trojan?

No thats what you get when you apparently try to download a porn video but it comes in a <200kb .exe format.

WTF, No!

My mum went on the PC about 2 1/2 weeks ago and when i went back on it my home page was set to mysearchnow.com or .net and i had loadsa fucking pop-ups asking me to download stuff..

Guru: it sometimes happens when i open IE and sometimes it doesn't, i just opened IE and i got this popup:
http://www.dsldealer.com/
wtf?? i dont know where these are comming from..