Odd popups in IE

[caffeinatedsoap]

I'm working on a friends computer that has been hit with a bit of spyware. I've run the following on it:
Spybot
Adaware
AVG Spyware
AVG Virus Scan

All of these have found something but its been cleaned up. I also did the immunize feature in Spybot.

Now heres the issue. Popup windows will show up at random it seems and I'm not sure why, I've dug through as much as I can but I can't get them to stop. The main thing I've noticed is that on this site when you go to the Hijackthis Analyzer on this site it will pop up a ton of windows whenever I tried to click on the page anywhere. I figured this site wouldn't have random popup ads so I thought I would ask to see if anyone has any help for me.

[jholland1964]

I have gone through the log but don't use the HJT Analyzer on this site. It has not been updated in well over a year.

Take a look at my attachment. If what you see there are the pop ups you are talking about then those are not pop up ads. They are informational pop ups which will tell you what a specific entry in a log is when you hover over it or click on it. I will also say that since this analyzer is so out of date many of those pop ups give incorrect information.
One of the entries always noted in red (bad) by the analyzer here is ctfmon.exe and it flags it in this log also. While sometimes this can be indicative of the CoolWebSearch malware or of the SDBot Trojan, most of the time it runs because of Microsoft Office. Which is the reason it is shown running and auto-started in this log. We know this because of the file command C:\WINDOWS\system32\ctfmon.exe. CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features.
The only thing of note in the log is the fact that there does not seem to be a firewall on the machine. This is a must today.
Take a look at the steps noted here to make the computer safer. I would recommend, in addition to the programs you have all ready installed, adding a firewall if you are not using the built in Windows Firewall, which doesn't show in the HJT logs, or adding one of those noted in the link above AND also adding SpywareBlaster.
Judy

[caffeinatedsoap]

Thanks for the reply. No it is actual advertisement popups advertising things such as singles sites or you just won 5000 ring tones. I'll give spyware blaster a shot and see how it works out.

Edit: Tried spywareblaster to no avail.

[jholland1964]

SpywareBlaster is NOT a removal program, it is a protection program. Leave it on the computer and keep it updated.

Ok, have gone through the log again...I missed this entry
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13cf9c64...p/RdxIE601.cab
it is probably the culprit, though there could be others which just do not show in the log.

You need to go to this thread
I know that you have done most of these steps before posting here...but I would like you to do them again...EXACTLY as PP directs. Including the online scans, and be sure one of them is Kaspersky. Please also use ATF-Cleaner in safe mode as he instructs and also the Spybot and AVG anti-spy programs. Let them fix everything found, save the AVG log.
Reboot to normal mode, run a NEW HJT scan and be certain that you close ALL browsers when doing the HJT scan. Post back here with the HJT log, the Kaspersky log and the AVG anti-spy logs.