Help!

I originally thought this was the about:blank hijack that I experienced before because my homepage was opening there but when I used Registrar Lite to find the name of the hidden driver I couldn't find AppInit_DLLs!

I tried running a CWShredder but it tells me that I don't have CWS.

This is driving me nuts, I don't know what is responsible for this spyware but I've been inundated by 5 popups in writing just this much so far!

To make it worse, my browser will just suddenly close from time to time.
Anyone have anything that will make this go away other than a reformat?

 

adaware
spybot

those are a few programs that comes to mind.

 

I've tried this and I think the problem is called CWS.Feads
Apparently a new strain of CWS that just happens to be among the worst. Microsoft has a beta spyware killer and it's been spotting it but it keeps recreating itself

I hate spyware and the people responsible for it ARGH!

 

Do you have system restore turned off? If not the virus will reside in the system restore!

 

Like "good times" said make sure your "system restore" is turned off if running ME/XP. Delete all of your temp files and temp internet files. Go to start > run> type: %temp% (with the percent sign) press enter. Go up to Tools and then Folder Options, then View, then select show hidden files. Now delete all files that it shows in your Temp folder. Now using the "Up" folder icon go up one screen. Now go into your temp internet files. You should see "Content.ie5", all others can be deleted. nect in that "Content.IE5" folder delete all files (you wont be able to delete "index.dat"). Now update and rerun your adaware and spybot, each seperately. Dont restart after the scans. Next go into "Msconfig" and remove anything suspicous. You may also want to check your registry in the following areas:

hkey local machine\software\microsoft\windows\current version\run
hkey local machine\software\microsoft\windows\current version\runonce
hkey local machine\software\microsoft\windows\current version\runonceex

and also in

hkey current user\software\microsoft\windows\current version\run
hkey current user\software\microsoft\windows\current version\runonce

In here delete anything that was found in your scans previously or that you "know" shouldn't be there. Any questions PM me and I'll help.

-=Morphine=-

 

I tried some of that Morphine and it helped but some of that is beyond what I know right now OR is too much for my computer to handle with all the crap that's running. The CPU is constantly running at 100% so I've had everything freeze or run so slowly it might as well be frozen.

Is there anyone here who can decipher a HijackThis log if I post it?
This is getting infuriating as I'm now getting to the point where the browser is completely hijacked and I'll have to delete the temp files and run a spyware program just to get things in somewhat working fashion.

I'm REALLY starting to hate this crap for real.

 

OK, PM me the hijackthis log and I'll take a look at it. Secondly, boot up and press ctrl+alt+del and kill some of the processes that are running...Primarily look for things that look funny ie. explore.exe is bad but explorer.exe is good (Notice the last "r") anything that is "gobble-lee-gook" letters and numbers can be killed...ie. hdgtrf687.exe. Killed I mean to right click and end process. This should hopefully be able to get your pc back to a useable state to properly do the scans

I'm assuming your running XP here so if I'm wrong please let me know and I'll cater the info to your OS.

Third lets look at your scanning setup:
Adaware - make sure it's updated and the newest version. Go to majorgeeks.com and d/l the newest one if needed. Clcik on the update button of adaware and make sure it's updated. Now when you scan you'll want to use the second scanning option, "perform thorough scan" or something similar (program not in front of me). For Spybot Search & Destroy, also make sure it's updated. and then scan with it also.

Fourth, from the Majorgeeks website, left hand column click on "Registry" and the scroll through the list and find/download "RegSeeker" to make sure it's the correct one before d/l'ing it's by a company called HoverDesk. Install it and then run it. Delete all of the crap it find in your registry..invalid keys and what not (general house cleaning here). Now before rebooting go back into msconfig and delete those pesky items that shouldn't be their, like anything that appeared in the scans.

Reboot the pc after this and go into SafeMode by pressing F8 during the startup process and selecting the top most menu option for "Safe Mode". Rerun adaware and spybot, although it wont finf as much it will still pull up some items. delete these as well and report back.

Questions and suggestions:
Have you ran an Anti virus also to check for Viral infections besides spyware? Delete the "Temp files" and "Temp Internet files" and "recycle bin" before the scans and the scans will go quicker. Double check the system restore is turned off...right click "my computer" > "properties > "System restore" > check "turn off system restore". Download the demo of Webroots Spysweeper from Majorgeeks, it only always you to update it once but it's the best commercial product out there right now. Go through your Add/Remove programs and uninstall crap like "search assistant", "1800searchbar", "websearch tools", and anything else you don't remeber installing or that appears in your scans.

Good luck, I deal with this everyday for a living and actually work with a "Former" developer of spyware from back in it's infancy. It's a PITA, even more so than removing the 3vze 3.0l's PCV valve.

-=Morphine=-

 

I agree with all this except SAFE MODE FIRST. I'll bet you have a bug running as a service and it will keep restarting unless you boot to Safe. Do all the work from SAFE MODE if you can. Start your Virus Scanner manually as it will not start in SAFE MODE automatically.

 

MVCrash makes a good point, however, correct me if I'm wrong. in safe mode it will only load a limited number of services for the base os of Windows to run and therefore will not catch a running process that is not running. That is why I recommended running first then safe mode. Kill the process and then from safe mode find and remove residual files that could re-enable the process in question. That is only my theory. I would appreciate input from MVCrash and others however. You might be 100% correct though.

-=Morphine=-

 

Greetings,
Generally you are correct about the killing the service then booting into safe mode. My thought was why bother? You need to boot into safe mode anyway, why reboot a second time?
Start in safe mode and get it over with. Just another way of getting to the same place.!!!

 

If I run spybot in safe mode first I get FEW items, then run it normal I get a bunch more stuff....If I run it in normal mode I get a bunch of stuff, then if I run it in safe mode I get nothing.....

 

Morphine I sent you an email...

I've been in safe mode and deleted a whole bunch of things and I'm still not in any shape better. If anything it's worse... I now have a large wallpaper over mine that serves as a huge link to an online spyware ad. Everytime I try to get rid of it (screen properties) I freeze up.

I ran Stompsoft's Spyware Exterminator and it keeps registering 2 items that cannot be deleted because they're in the registry.

I'm SOOOOO close to just breaking down and buying a whole bunch of discs to copy all my information and just reformat

 

Peter, a format may be your best option right now.
I had to format in Sept. after a glitch took my system down, but it was not a virus or spyware related issue.

I would back up your data, then format, then go here and buy their app.
http://www.webroot.com/

Spysweeper is one of the best spyware apps out, and it runs in the background protecting you from spyware installing and running at startup.

Contrary to what some say about not running IE, and only running Firefox, I get no viruses with IE or spyware running Spysweeper and AVG antivirus software.

Firefox by the way is now under attack from virus and spyware writters.

Your PC will run much better after everything is wiped clean.

 

Aw man... I didn't want to hear that...

*sigh*
knew it was on the way though

 

Sorry about not getting to the email right away but work called. After looking at your log file I defenitely agree with what Corey said. Back up, format, reinstall, protect with AVG antivirus from grisoft.com, Webroot spysweeper, adaware and spybot ( I don't trust anyone program for spyware) thyen scan your back ups before transfering the data back to your pc.

-=Morphine=-

 

My Spyware Protection just found and identified a program as a keylogger. Program is called AdminMagic. I never downloaded it and am not sure how it got here. The only things I've downloaded or streamed wheeling footage from YT. My Spyware Protection seems to have isolated it and no longer identifies it as a threat, but I'm stilled a bit baffled. BTW, my Spyware Protection actually found two keyloggers, I don't remeber the name of the 2nd one. Any one else find this or have problems?

 

Looks like remote control software.
http://www.google.com/search?hl=en&q...=Google+Search

http://forums.techguy.org/t327002.html

Someone install it from your home?

 

I am the only one who uses my laptop and have never knowingly installed this program. I've had the laptop for 2 months now and my spyware never detected it before, although after reading the TechSupportGuy.com thread will concede that perhaps it was part of the bundled software.

Thanks for the links Corey.

 

Well, I just reformatted last night...
Going to be a major pain getting everything back to how it was.

I'm currently having issues with Windows Media Player not playing Red Vs. Blue Divx files (audio only). I've downloaded the codec and it's not working. I vaguely remember going to the ASUS homepage and downloading a missing driver but I don't remember what for.