Spyware PLEASE HELP!

Status
Not open for further replies.
A

Alex81388

Daemon Poster
Messages
1,446
Okay, I'm not dumb when it comes to this stuff, but I have tried the following programs in removing the spyware from my computer, but I continuously get popups about once per minute, each from a bunch of different domains, but 70% end in 'yyy53.htm'. I also get flash popups that arnt in a browser window, just floating around.

The programs I've used are:
Ad Aware
Spy Sweeper S&D
Trend Micro Spy Sweeper
Microsoft AntiSpy Beta
CWShredder (continuouysly finds the same two stuff, but never removes all the way)
Kill2Me (But seems to fail since CWShreeder picks up this trace)

I've done some startups in safe mode and tried to do it that way too... but nothing.

It's corrupted BF2's punkbuster so I get the error "Inadequite OS Restrictions".

I attached the Hijack this log, but it's pretty clean, I'm at a loss, HELP WOULD BE GREATLY APPRECIATED!!!


EDIT:: Had problems attaching... I had to paste it (sorry)

Logfile of HijackThis v1.99.1
Scan saved at 3:05:10 AM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Alex\My Documents\Spyware Removal\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O17 - HKLM\System\CCS\Services\Tcpip\..\{88F8D1BE-16AC-4AED-919E-5820FDAD8209}: NameServer = 64.233.207.2,192.168.0.200
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\r4p80e7ueh.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Click to expand...
'

EDIT::
COMMON POP UP ADDRESSES:
http://www.searc-h.com/normal/yyy53.html
http://www.super-coupon.com/normal/yyy53.html
http://www.great-coupon.com/normal/yyy53.html
http://www.deal-mobile.com/normal/yyy53.html
http://e.rn11.com/adbuys/a174-admed-ron
 
I ran Trendmicros online scan a little back and i was fine, but im running one as i type this too.

It makes me use IE to do it, and I've discovered IE has the about:blank shit now...

damnit...


EDIT::: Trend Micro found 0 viruses on any of my drives.
 
This to me sounds more like malware than spyware. Try running this and see if that is of any help for you. If not i would suggest a antivirus application like AVG Free or to get the best NOD32. AVG Free is located here. NOD32 is located here. I think NOD32 has a trial period i would try that out and use th trial to get the virus off the system (if that is a virus). You have run all the antispyware apps that could remove it except maybe Spybot S&D. Unless that is what you mean by Spy Sweeper.
 
Looks like you have already tried a lot. Have you emptied out ALL temp file locations/IE temp files from your system? Check out this write up I did a while back. Also if you have multiple users on your system you should read it.

If the OS is XP this is what I usually start with for effectively removing all spyware and viri.

Boot into safe mode (after BIOS runs POST hit F8 rapidly to get to the boot menu options screen which you will see safe mode) Logon as administrator.

Go to START>RUN>MSCONFIG>STARTUP then disable ALL items under there except virus scan.

Go to START>CONTROL PANEL>FOLDER OPTIONS>VIEW and select show hidden files and folders. Then go to c:\documents and settings and go into each user folder and delete ALL of the following files c:\documents and settings\%user%\local settings\temp and C:\Documents and Settings\%user%\Local Settings\Temporary Internet Files and finally c:\documents and settings\%user%\cookies.

Delete all files under C:\WINDOWS\Temp and C:\WINDOWS\Prefetch. Empty the recycle bin and reboot the PC.

Download Spybot S&D 1.4, Adaware SE 1.6, and java cool Spyware blaster all of which can be downloaded at www.download.com. I also usually download and run the Microsoft AntiSpyware tool that can be downloaded from www.microsoft.com . I don¡¦t leave the Microsoft AntiSpyware tool installed because it is still in beta and has expiration dates that usually confuse many users when it expires, but it is a good tool to detect and remove spyware just be sure to un-install it once you¡¦re done using it. Ohh also before you run the scan with AdAware be sure you download there latest VX2 plugin found here:http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml


Run all updates for all software then run the scans with adaware, spybot, and MS AntiSpyware (spyware blaster is not a scanner but helps prevent spyware by blocking active x controls from bad websites).
Fix all spyware then update your virus scan and run a full system scan for viri. After all this I usually re-isntall IE6 to rid any mess left over.

Also on a side note I noticed with my encounters of repairing spyware issues that each windows profile houses it own set of spyware. Meaning if you run a full system scan with say spybot, adaware, and MS AntiSpyware under one user profile and logon to another profile and run the same scans you will find more spyware (this becomes a HUGE pain when many profiles are on the system).

For the most part a majority of the spyware is fixed running it under one profile, but to remove ALL you must do it under each user profile. When I work on home PC¡¦s I just usually delete all the profiles and create new ones and backup there important settings such as My Documents, Favorites, and Desktop. This will save time of logging into each profile running a scan, removing spyware, running a scan again to make sure it was all removed.

Lastly if there is something stubborn or you have some BHO¡¦s you can not get rid of download HiJackThis 1.99.1 which can be found here with some other useful tools http://www.spywareinfo.com/~merijn/downloads.html . HiJackThis if a very POWERFUL tool. When you run a scan DO NOT check all items and FIX because usually they are legit applications such as virus scan, anti-spyware, Microsoft, and Adobe products. You can browse through the list though and select items you know are BAD and remove any BHO¡¦s you do not need. This is why I leave this tool last as it can really damage a system if not used correctly ƒº
 
Trend Micro Spy Sweeper


I don't know if they have a product called that or you confused who owns it. Either way try "Webroot Spy Sweeper" it's the best product out there in my opinion despite what others say.
 
Alex81388 said:
Okay, I'm not dumb when it comes to this stuff, but I have tried the following programs in removing the spyware from my computer, but I continuously get popups about once per minute, each from a bunch of different domains, but 70% end in 'yyy53.htm'. I also get flash popups that arnt in a browser window, just floating around.

The programs I've used are:
Ad Aware
Spy Sweeper S&D
Trend Micro Spy Sweeper
Microsoft AntiSpy Beta
CWShredder (continuouysly finds the same two stuff, but never removes all the way)
Kill2Me (But seems to fail since CWShreeder picks up this trace)

I've done some startups in safe mode and tried to do it that way too... but nothing.

It's corrupted BF2's punkbuster so I get the error "Inadequite OS Restrictions".

I attached the Hijack this log, but it's pretty clean, I'm at a loss, HELP WOULD BE GREATLY APPRECIATED!!!


EDIT:: Had problems attaching... I had to paste it (sorry)

'

EDIT::
COMMON POP UP ADDRESSES:
http://www.searc-h.com/normal/yyy53.html
http://www.super-coupon.com/normal/yyy53.html
http://www.great-coupon.com/normal/yyy53.html
http://www.deal-mobile.com/normal/yyy53.html
http://e.rn11.com/adbuys/a174-admed-ron
Click to expand...

Is that the whole log?
 
Well the whole log is quoted at the top, but your quote doesnt have it in it for some reason.

And yes that's it, I keep my comp pretty clean (or so I thought...)
 
Ok so I ran those programs you guys posted, nothing was found except one thing by AVG. I deleted that and Im still getting those same popups and things.

Here is what that ad-aware plugin found, I think this is the one I'm infected with:

variant.jpg
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
Back
Top Bottom