ad/spyware that's currently kicking my ass

can’t find any info on it, ran adaware, spybot, microsoft spyware removal, spy detector something or other, and ewido…i ran ewido last (in safe mode) and it detected another 23 that the others did not find but there’s 1 more left.

all definitions are up to date and norton is also running so it’s not a virus just spyware. every so often i get an exclaimation point in the taskbar that when double clicked takes me to a legitimate spyware removal tool so it’s most likely not from them but someone pointing at them… anyways this is the popup i get:

i did a search for all the things listed and didnt’ bring anything up related to what i was looking for. i also deleted all offline content with cleanup 4.0 and gained back a gig of HD space.

i had that!. all i did was get norton2005 ran it, then updated windows to the fullest, and got the new IE and everything is fine now

thats f’d up…i was going to say run microsoft spyware but i guess u did already…

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msole32.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sweety\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O4 - HKLM…\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM…\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM…\Run: [zcv52] C:\docume~1\sweety\locals~1 emp\zcv52.exe
O4 - HKLM…\Run: [23rR36j] atkrip.exe
O4 - HKLM…\Run: [Tsl2] C:\PROGRA~1\COMMON~1 sa sl2.exe
O4 - HKLM…\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKLM…\Run: [gcasServ] “C:\Program Files\Microsoft AntiSpyware\gcasServ.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [J005RWHEe] wupd2x35.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094085435960
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip…{79D18AEB-4F19-42B8-AA9A-4687914D0BBA}: NameServer = 128.118.25.3 130.203.1.4
O17 - HKLM\System\CCS\Services\Tcpip…{EFDBBBA6-48AF-4055-A6DF-512BE374E3AA}: NameServer = 192.168.0.3
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

2 of those jump out at me:

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)

been there, did that

Did you try to run adaware or Spybot… they are free from download.com… That may help…
Also that "System Warning " Is just an advertisement… It’s not a real warning. All you need to do is get rid of the spyware and the warning thing will go away…

read my post:

can’t find any info on it, ran adaware, spybot, microsoft spyware removal, spy detector something or other, and ewido…i ran ewido last (in safe mode) and it detected another 23 that the others did not find but there’s 1 more left.

and i know it’s not a real warning

i killed those 2 and also one that was listed as running out of a temp folder. i havne’t seen it pop back up yet

someone link me to some free removal spyware DL’s cause I need em

www.readthefuckingthread.com

Kurt, why do you make it so difficult to read your post.

Whats the question again?

Technically you don’t need to d/l spyware removal tools if you can clean you shit manually…
-TURN OFF SYSTEM RESTORE
-BOOT IN SAFE MODE
-DELETE ALL TEMP FILES
-DELETE ALL COOKIES
-CHECK FAVORITES FOR SUSPICIOUS LINKS
-PERFORM DISK CLEANUP
-EDIT REGISTRY FOR SUSPICIOUS LOOKING ENTRIES UNDER LOCAL_MACHINE\SOFTWARE
-RUN MSCONFIG, CHECK FOR SUSPICIOUS STARTUP ITEMS, CHECK FOR SUSPICIOUS SERVICES AT STARTUP

Hope that helps

brad i looked in the registry for suspicious entries and couldnt’ find any, in fact when i was tracking down 2 different kinds of spyware the one everyone was telling me to delete the path and the registry entries they weren’t even there yet i had all the symptoms…so i dont’ trust that 100%

firefox > IE

Kurt, I would look at this crap closer, actully the one there is certified spy-ware, I just google the exe…and almost any exe in a temp folder is crap. F AIM toolbar, F Weatherbug

format c:

that fixes everything

Real Player Updates can kiss my ass

holy fuck

shut the fuck up

firefox sucks balls

anything to do with Real Player sucks

bufffffffffferinngggggg…

your username on the pc is “Sweety”
:kekegay: