First off I don't know anything about computers. I recently got some type of spyware adware thing on my computer. I didnt think i could get anything because i payed a bunch of money for norton antivirus and all the other stuff that goes with it. Anyways in the bottom right hand corner of my screen messages popup saying Windows has detected spyware and if i click on it it takes me to a website where i can choose which Spyware remover i want to buy. There were some other things on their where it would try to change my homepage and gives me new toolbars. I can get rid of the toolbars and it trying to change my homepage but it comes back as soon as the computer is restarted. I CANT GET RID OF THE SPYWARE POP UP ADVERTISEMENT THINGS AT ALL. The advertisements look like legitamit Window warnings. Norton doesnt detect any problems and I have also used Spybot, Spy Subtract Pro, and AD-Aware. They detect and delete stuff but it comes back as soon as my computer restarts. The one thing that Spy Subtract detects but says it cant delete is a MakeMeSearch thing but if i click to let it restart my computer its right back. Here are the details it gives me on that file.

Name: Birdasfihuy32.dll
Database id: 118294
Detected in: Files and directories
Threat: Browser Help
Product name: MakeMeSearch

A friend of mine told me that i could somehow restart my computer to a point before it downloaded the virus and it would get rid of everything downloaded after that date. I dont know how to do this but was wondering if it would work and how to do it.
I have no idea whats going on so any and all help would be greatly appreciated.
Thanks.

Edited, user does not have authority to post advice on Spyware issues.

LGW

Hya SGCG89 , welcome to PCHF.

Skip the advice above and please Download Smitrem to your desktop:

http://noahdfear.geekstogo.com/click...click.php?id=1

Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)

Now run SmitRem:

Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:smitfiles.txt" , or the partition where your operating system is installed on.
Please attach this log to your next reply.


You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply.

After that please follow the "Prework" instructions (see link below) and when done post the resulting Smitrem log , the Ewido log and the hijackthis log.

@Dave , you have not been authorized by me to post on Spyware issues, this topic is off limits to anyone except authorized staff.
You are welcome to help out around the rest of the forum if you like , but unless you really know what you are doing then the malware forums are the only forums where we dont want/allow members to post advice. Thanks for trying to help.

How do i create and post all those logs after I do that stuff? Thanks.

The log files wil be created during the process automaticly , and in the instructions is described where and how you get them.

To attach them , start creating a new reply , then scroll down to the "manage attachements" button and press it , then navigate to the logs with the browse buttons and when the logs are selected , press "upload". (give it a few seconds to upload the files)

Then close that window and finish making youre reply as normal.

Heres the smitrem log it wouldnt let me attach the file everytime i clicked on manage attachments it said error on page. Thanks!




smitRem ? log file
version 2.8
by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 04/04/2006
The current time is: 19:40:50.53
Running from
C:\Documents and Settings\Owner\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{786C369D-409A-456f-A13C-971EADA850C6}"="DertertDE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{786C369D-409A-456f-A13C-971EADA850C6}\InProcServer32]
@="C:\WINDOWS\System32\birdasfihuy32.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 680 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{786C369D-409A-456f-A13C-971EADA850C6}"="DertertDE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{786C369D-409A-456f-A13C-971EADA850C6}\InProcServer32]
@="C:\WINDOWS\System32\birdasfihuy32.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~
CLEAN!