Nooooooooo!

[dark_reaper]

Damn it!!!! Not too long ago, I have reformatted my Harddrive, I have installed firefox, AVG, Spybot S & D, Hijackthis, AVG, and some other programs to help keep out the damn spyware. BAM, the other day I have scanned with my Ad aware and found over 115. Most of it is gone, but this one little bitch keeps comming back and putting a Party Poker icon on my desktop. I have deleted it once yesterday, then it has returned today. I am getting damn tired of spyware and these un wanted ads and only freeware I have is what I have listed, oh and all of the windows standard, winamp stuff too.
Grrrrrrrrrrrrr

[Jesterthegreat]

careful with that porn / kazza

actually... i think my pc is infested atm, its like NC's mem leak in windows

i'll flick through msconfig later and see whats out of place

[dark_reaper]

hmmm, my msconfig is clean. and so far so good, nothing has popped up out of nowhere.

[dark_reaper]

hmm, now it returns. damn party poker. i cant find that damn software that keeps putting the damn thing on.

[netster]

check IE installed software too, its under IE Options, the objects button of termporary internet files.

[Lightpipe]

Would help if you told us the exact name of the spyware and then we might be able to help you out. Run adaware and write down what it says..

[Xephonas]

I have had such bad FPS problems over the last 2 weeks, i'm getting about 20 fps in counter strike and an avergae of 7 on neocron, my brother is pretty sure it's a spyware problem.

I am doing ad-aware checks every day, i got Avast anti spyware, microsoft anti spyware, and kerio firewall running.

Not sure what it is, anyone got suggestions?

[Mr Friendly]

try Ad-Aware SE also

[dark_reaper]

well I have Ad-Aware, Spybot S&D and all of those goodies. My problem is I get these freaken unwanted Aurora Popups and a PartyPoker Icon. I have done scans in safemode earlier, now I am not shure wich of these is spyware.

Here is my Hijackthis log.

Logfile of HijackThis v1.97.7
Scan saved at 4:27:44 AM, on 6/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
E:\System Response Toolkit\Spyware Removal\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [lcwbdw] C:\WINDOWS\System32\lcwbdw.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/...y4LotTeleX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

thanks.

[Conduit]

There's a lot of crap in there
Read this thread and follow blender's instructions about running Ewido security suite in safe mode. He explains it better than i can.
It should get rid of nasty stuff like nail.exe etc.

[Bugs Gunny]

Download hitman pro 2.0 It's free, a dutch coder combined 6 spyware removal tools and i have yet to find a spyware it doesn't clean up.

I've also heard REALY good things about microsoft antispyware soft (free beta). So did microsoft finaly make something that works?????

[Conduit]

Hitman Pro is great, but some particularly nasty things like nail.exe (aurora pop-ups) can only be removed in windows safe mode. Ewido does this pretty well.

[Tidus_Origin]

I've also heard REALY good things about microsoft antispyware soft (free beta). So did microsoft finaly make something that works?????

Not really.



Shouldn't it be under Microsoft?

But all that business aside, it does do a good job, which is why I use it.

[dark_reaper]

yay! problem fixed. Thanks guys.

[Obsidian X]

I came accross some spyware the other day that had 5 processes and two services (plus injected processes) all working in tandem to keep the fucking thing alive (you can't kill 6 processes at once, and one of the others relaunched them as fast as you could kill them). I had to delete it using the recovery console (the crappy CLI interface you boot into from the XP CD). Where can I get the MS spyware tool?