Stupid spyware/popups wont go away!

Barrie

Ok firstly I'v done a forum search and downloaded Avg,But still not working so...Ill have to ask.I not a expert here so bear with me!

About two weeks ago I started to get stupid pop-ups on my browser etc,like bargain discounts etc(www.bigdiscountbuy.com is a regular one)(And one about downloading WinantiVirus)(www.uniqueoffers.com),Then flash movies or something came up on my screen and there very annoying.So as usual I ran Ad-aware but still no success,So then I tried Search and destroy but still no luck.So then I browsed through here I downloaded Avg but after that the problem still occured.So I unistalled that and went on to the microsoft site and got Ez Antivirus.I ran that and deleted virus's,but problem of popups still appear,Now theres a rundll error or somthing of the like poping up every minute or so saying"the module could not be found".
Nothing like this happened before so I really dont know what to do,I read previously on another post that pressing F5 or somthing when starting up to restore P.c or somthing like that but Im not too sure.

Any suggestions?
(P.s in writing this thread about 15 popups and errors are after coming up so it tends to get a bit annoying!

Cheers

8T8

Run Hiack This and post the log file so we can take a look at what is loading at startup on your computer some anti-spyware programs fail to terminate well dug in malware, the run.dll errors could be related to a partially removed spyware application.

It is also worth installing Windows Defender and do a full system can with that application as well.

Also do you have WinXP service pack 2 installed ?

Check the security & privacy in internet properties under IE as well, some spyware programs adjust these make so sure they are at default settings and that pop-up's have not been whitelisted.

Barrie

Automatic updates installed Windows Defender yesterday,I didnt know what it was but its installed.Yep have Sp2 installed.

Ill look at the link you gave me now,

Barrie

Automatic updates installed Windows Defender yesterday,I didnt know what it was but its installed.Yep have Sp2 installed.

Ill look at the link you gave me now

Anyway did what you said and this is what it gave me.

Tom Dunne

I'm very surprised to hear the combination of AVG, Spybot and Ad-aware found nothing. Are you sure of that?

One thing you mention - pressing F5 - it's actually F8. Wait until after the BIOS screen (the very first black screen after you power on the PC). Press F8 a few times (just to make sure).

You should be presented with a menu in white writing on a black screen. One of these options should be Safe Mode. Select this with the arrow keys and press enter. The PC will boot into Windows, if you have to pick an account, pick the Administrator account.

Re-run AVG, Spybot and Ad-aware and let us know how you get on.

netwhizkid

Get yourself Ad-Aware SE Personal & Spybot - Search & Destroy download them now, Update their definitions online and then run them to scan your computer. I took over 178 different pieces of spyware out of an old Win98 Computer yesterday, Well actually about 20 different spy ware but 178 entries, all with those two alone. And freed up over 100MB of disk space that they had hijacked. I remember when I was using it that Gain Gator Corporation were the worst. Whenever you'd be surfing for instance Aerlingus or any European site The American equivalent would pop-up.

Tom Dunne

netwhizkid wrote:

Get yourself Ad-Aware SE Personal & Spybot - Search & Destroy download them now

Barrie wrote:

Ok firstly I'v done a forum search and downloaded Avg,But still not working so...So as usual I ran Ad-aware but still no success,So then I tried Search and destroy but still no luck.

tbh

Xterminator

Trend Micro have a good online scan too.

X

slave1

dare I say it but if you are using IE, tryout Firefox as a browser

irlrobins

Try running Panda's online scan

It won't remove the spyware but it should at least show what is installed so you can google to find out how to remove.

8T8

The following entries are what I would consider as suspect;


O4 - HKLM\..\Run: [gimmysmileys] C:\\gimmysmileys.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\k608lgdu1608.dll [this one is definately spyware from Google searches on it]

Try ticking the box in Hijack This next to those, restart the machine and now do another system scan with MS Defender or Spybot and see if they find anything or if the pop-up's stop.

Not sure about these entries they could actually be legit but a keyboard.exe loading from the C:\ root doesnt sound right to me.
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe

irlrobins

wonder if hosts file is corrupt as well.

Look in C:\WINDOWS\system32\drivers\etc and open the hosts file in notepad

It should only have "127.0.0.1 localhost" as the last line in it.

netwhizkid

tom dunne wrote:

tbh

Ok I only half read it and then proceeded to give my usual advice. Which is usually very good. :rolleyes:

irlrobins

netwhizkid wrote:

Which is usually very good. :rolleyes:

If you didn't put the sarcastic smile in I would've had to virtually bitch slap you.

TommyGun

Barrie,
Microsoft have a free one at the moment, i think it is quite usefull.


See link
http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en



Tommy

Barrie

Cheers for that,I Have windows defender already downloaded but how do you use it?I can find it?

I have ticked the boxs so im going restart now and scan so fingers crossed!

Alvis

8T8 wrote:

O4 - Global Startup: BTTray.lnk = ?

I'm pretty sure that's not causing the trouble. It comes with my bluetooth.

8T8

Alvis wrote:

I'm pretty sure that's not causing the trouble. It comes with my bluetooth.

Could be he does have some bluetooth stuff loading on startup it's tricky to tell (thought it could be fake bitorrent related) its not critical so it can always be put back if need be.

irlrobins

Paste your Hijack This log into here for an analysis

**Timbuk2**

No BTTray is safe

If you want to find out about startup things and whether they are safe or not check out:
http://www.sysinfo.org/startuplist.php

Type in whatever you might be unsure about and it will come back with a descripition of it and whether to delete it or not

Here is what it said about BTTray (note that U means User's Choice whether to delete)