Spyware at Startup

I have a problem. Everytime I turn on my computer, I'm bombarded by ads and stuff I don't want to see. It's like this for about 5 minutes then it just stops and almost nothing comes through. Everytime I use something like Ad-Aware, Spybot S&D, or Microsoft, it get worse. Much worse. I don't know why this is happening. I read the READ THIS BEFORE... and it helped for a few hours then it happened again. I have DSL service. Thank You.

 

Hi SaleenS7,

If you have exhausted the options in the ReadMe Tutorial (including the Online Scans), please send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis! Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99.1

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Somebody will take a look as time permits.

Best luck
PP

 

Here you go. I think I did it right. I hope...

 

Hi SaleenS7,

How many active User Accounts are on your machine?


Please look in Add or Remove Programs for the following and Uninstall it if found:

WeatherBug

ALSO: Please look for Elite ToolBar, Elite SideBar, Elitum or any other Elite entries and note them for me!


Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitefbh32.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14ff9db68a96730ac519/netzip/RdxIE601.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/wildgames/blackhawkstriker/install.cab

Again, make sure All Browser Windows are Closed when you Click FIX.


NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\windows\system32\elitefbh32.exe --> Again, look for other Elite entries and note them!!
C:\Program Files\AWS --> The Folder

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

It didn't work. The only one's now are ad1.revenue and searchmiracle. Spybot finds Elite everytime but everytime I run it it's still there. We have 2 accounts on our computer but only use one because we can't delete the other one for some reason.

 

Your running your HJT from the zip now and you didn't close your browser.

C:\DOCUME~1\MAXTAN~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

PP won't want you to do that.

 

Hi SaleenS7,

As Old Thug notes, please run HijackThis from the location you ran it from before - C:\hijackthis\HijackThis.exe

Try running this tool in Safe Mode for both user accounts: Elite ToolBar remover

Were you able to find and delete C:\windows\system32\elitefbh32.exe??


Try fixing these lines with HJT in Safe Mode:
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitefbh32.exe
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

Then make sure Delete C:\windows\system32\elitefbh32.exe in Safe Mode.

Then, please submit HJT logs from Both User Accounts so we can see where you stand. Let me know how the deleting process went.

PP

 

Is this site usually slower than most? Or is it just me?

 

Some days its like that for me to and I'm on a 3mb cable connection. Probably all the users online.

 

Ok. I turned the connection off so it should be right. I can't access the other account in safe mode. Only Administator and Max showed up. I ran elitebar remover and deleted the file C:\windows\system32\elitefbh32.exe. Attached is my HJT log.

 

oOo! Ok

 

Got it. I'm pretty sure that I'm good now though. No popups or ads.

BTW: Is AdServer spyware? It comes up when I use www.howstuffworks.com

 

Which do you think is better? McAcfee or Norton.

 

Personally, I use Norton AntiVirus 2005 and have not had any problems. Never used McAfee but from what I have heard I wouldnt give it a chance.

This article will help you with some choices.

How to Protect yourself from malware!

 

Ok Chas - Which is your favorite. What do you use for AV, firewall, protection, etc.

 

Our McAcfee hasn't done anything in like a year. Its just sitting there

 

Oh well. I deleted it. I didn't like it anyway.

 

Ok. I got AVG and a Kerio Firewall and I have the Spybot S&D. I should be good right? I also got rid of the Norton because it hasn't been updates since 03

 

BTW. If you use AVG, how long does it take to scan the computer? It seems to take a long time.