Help w/ Revomal of adware
 

I am aware that there are a million other topic asking this question but It'd be easier to make a whole new thread

Recently, my computer has been recieving a gripload of popups; mainly the popups with the "yyy[#]" extension. I started getting this I installed the IE6 SP1 package in order to fix my Javascript. Java is now working, but with the cost of a gripload of popups coming up. I have ran Spysweeper, Adaware, Norton Antivirus, CWShredder, etc. and all have been unsuccessful. Also, I read that the system resources should be around 80%. My computer is usually at 50-70%. I'm constantly checking it in see what the % is and I see that it graduallty goes down, causing the computer to end up losing it's system resources, forcing me to reset. I have also done the vx2finder[9x] whole deal and tried to make log but it doesn't seem to work. But this is what came up

"User Agent String---
{5B0F0DC0-1DBC-11D8-9958-002078043057} "

I also ran Hijackthis and this is what I got.

Logfile of HijackThis v1.97.7
Scan saved at 3:07:53 AM, on 7/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\NETPUMPER\NETPUMPERIEPROXY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETPUMPER\NETPUMPER.EXE
C:\WINDOWS\SYSTEM\FLCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MYIE2\MYIE.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
R3 - URLSearchHook: (no name) - _{D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Peak hole five - {278EDF35-EB5D-9D1F-BFB9-21971622DACF} - C:\PROGRAM FILES\HOLD ITCH\TONS THAT.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [DATCHECK] C:\WINDOWS\SYSTEM\DATCHECK.EXE
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [DBHSPTD] C:\WINDOWS\DBHSPTD.exe
O4 - HKLM\..\Run: [vesrion] C:\WINDOWS\SYSTEM\HELLO-BUNDLEWARE.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\Run: [ynirad] C:\WINDOWS\ynirad.exe
O4 - HKLM\..\Run: [Option glue] C:\PROGRA~1\blah bike\Joytest.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\OFFICE51\SOINTGR.EXE
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "F:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: 3721CMail (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.teen-me.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Help would be greatly appreciated. Thank you :)

Get rid of:
R3 - URLSearchHook: (no name) - _{D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Peak hole five - {278EDF35-EB5D-9D1F-BFB9-21971622DACF} - C:\PROGRAM FILES\HOLD ITCH\TONS THAT.DLL (file missing)

The rest should be fine, but, which ever of the following you are not familiar with, I'd also get rid of:
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [DBHSPTD] C:\WINDOWS\DBHSPTD.exe
O4 - HKLM\..\Run: [vesrion] C:\WINDOWS\SYSTEM\HELLO-BUNDLEWARE.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\Run: [ynirad] C:\WINDOWS\ynirad.exe

I'd suggest trying another browser such as Firefox because they are usually more immune to these problems. Firefox is also extremely fast.

Hmmmm.....I'm not sure how effective deleting those files will be, but thank you for helping out. I'll try to post back if anything happens.

How good is this FireFox? I'm currently using MYIE2, which acts like IE but w/ tabs and a popup blocker. Oh and along and MYIE2 doesn't block IE windows, I use CheckIt-86 and the popup's have gotten around those......sucks doesn't it HAHA/ But I will have to wait to see if something popups or not.

stupid solution (because i'm tired of dealing with noobs that have too much junk on their comps (not just here..) Put the HD in the microwave for 30 seconds and then throw it in the garbage.. buy a new one.. all done.. then stop going to bad sites and maintain your comp...

HAHAHAH, I'm not really the one to blame for the mess-ups. It's all my sisters doing. I always tell her not to go to these certain sites but she too stupid enough to understand that she goes anyway, thus messing up the computer. I have two computers and I'm forced to try to maintain both of them. The computer I'm using right now is the popup computer; used to be great cause it bests the other computer. My sister used it and now it sucks. I started using the other computer and got that one working good and hoping that it stay good but I'm worried my sister will mess that one up as well.

And unfortunately, the popup's still keep coming.

i know how that is.. my brother is a total noob and I just let him run that other comp until it's ununsable and then I make him pay me to fix it ;)

Firefox is pretty good. It's easily the fastest browser I've used (out of IE, Netscape, Mozilla [I know its the same company, Firefox is still faster though], and Opera). It seems to be immune to the spyware/adware that's currently on my system til tomorrow's or day's after format. It's got the tabs which, as you know, are very handy.

About deleting those files, it's usually randomly named files like ynirad or DBHSPTD that put back files that ad-aware and spybot and the like destroy. They load dll's that you can't shutdown in the same session which ensure that the spyware/adware stays.

Hahah, thanks for all the help, but I actually found one of the other threads on this forum explaining how to remove the "yyy" stuff. Unfortunately, I don't have to run those virus detectors anymore :) YAY!