baaaad spyware problem

Question

ok, let me say that I have fought this thing for months.  I think I got this stupid problem from an attempt to download Kazaa ( big mistake, I unistalled it immediately).  Anyways, It has taken over my comp.  I researched how to fix it and I run adaware, spybot, CWShredder, and hijack this daily, but I can't get rid of it.  A few days ago my IE would close instantly whenever I clicked on a link.  I ran all the above programs and that stopped but now my super fast cable modem internet is reduced to snail-like speed, much like dial-up.  This stinks.  I have considered two options:  1- erase my C: drive and re-install Windows XP. and 2- Try and do a system restore back to before I installed kazaa.  The only problem is that I can't restore back that far (January 2004). I need expert advice, what should I do? I will post a HT log if necessary.  Someone please help

pskelley · Answer

Yes, post a copy of your HijackThis log in this same thread, and one of the experts will advise you.  Warning: do not try to remove items with HijackThis yourself.  HijackThis displays good as well as bad, and training is required to use it.   Once the log is posted, someone will be along to help as soon as possible.  Thanks

Navin kurian · Answer

also Its time to start using a different browser which is more difficult

to hijack
http://www.mozilla.org/products/firefox/ (less functional if your going

to play games online and need flash and java) but the best of the best
http://www.opera.com/download/ (Good and extremely user friendly)

browsers which use the internet explorer engine
http://www.crazybrowser.com/download.htm
http://www.myie2.com/html_en/home.htm
http://download.com.com/3000-2356-10101563.html?part=80918%20&subj=dlpage&tag=button
http://www.avantbrowser.com/

Unknown Give a man a fish and you feed him for a day; teach a man how to fish and you feed him for a lifetime.

rockfly · Answer

Thanks!  for the advice.  Also, I tried to post a log but my browser would not stay open long enough for me to post.  I am typing this from work now.  I experimented a little and it seems that if I am connected to morpheus, then my net connection is suuuuper slow, but the browser will not close when I click on links.  However, if I disconnect and exit from morpheus, then the net seems to be at normal, or near normal speed, but the browser will not stay open for more than a couple of clicks on links.  This is very frustrating to say the least.  As of now, adaware no longer finds CWS but spybot finds TSCASH.  The number of spyware seems smaller, but the problems are bigger.  Could this be something more serious?  Any help is appreciated.

Texruss · Answer

rockfly:

Run a Hijackthis log to a floppy and post it here using another machine.

Texruss
www.russelltexas.com
Spyware Fighter Wilders Forum
Slyware Warrior Tom Coyote Forum
Expert Malware Responder Dell Forum

Please be aware only the following DellForum members were trained at
TomCoyote.com and SpywareInfo.com to help with Hijackthis logs: Texruss,
Baskar1234, Grinler, ChrisRLG, SpotCheckBilly, and pskelley.

rockfly · Answer

Here is my log, finally.  Someone please take a look, but I imagine I will have to reinstall windows xp or something.     Logfile of HijackThis v1.97.7Scan saved at 11:29:20 PM, on 6/14/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OBealsched.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exeC:\Documents and Settings\Kyle\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kyle\LOCALS~1\Temp\sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kyle\LOCALS~1\Temp\sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kyle\LOCALS~1\Temp\sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kyle\LOCALS~1\Temp\sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kyle\LOCALS~1\Temp\sp.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kyle\LOCALS~1\Temp\sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.adelphiapowerpage.com/O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {5746C232-D788-4D61-BE82-973C3EDF4E11} - C:\WINDOWS\System32\bbjaia.dllO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe' -osbootO4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /qO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)O9 - Extra button: MicrosoftÂ® JavaScriptÂ® Console (HKLM)O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)O9 - Extra button: Real.com (HKLM)O9 - Extra button: MicrosoftÂ® JavaScriptÂ® Console (HKCU)O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin3.dllO12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin3.dllO16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABO16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Texruss · Answer

>but I imagine I will have to reinstall windows xp or something.

Let's try something. *;-)

http://russelltexas.com/malware/homeoldsp.htm

All the best,

Texruss
www.russelltexas.com
Spyware Fighter Wilders Forum
Slyware Warrior Tom Coyote Forum
Expert Malware Responder Dell Forum

Please be aware only the following DellForum members were trained at
TomCoyote.com and SpywareInfo.com to help with Hijackthis logs: Texruss,
Baskar1234, Grinler, ChrisRLG, SpotCheckBilly, and pskelley.

Virus & Spyware

Was this post helpful?