• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
rgosse

Can't remove Spyware from Add/Remove

2 posts in this topic

I wrote the following a few days ago in a windows newsgroup. I still need help with the last few problems (found in the "UPDATE" section), and I was referred here. BTW, I have already read the FAQ you have provided, and I have already run up to date versions of Spybot S&D and Ad-aware.

 

>

> A few days ago I picked up some adware/spyware/malware while surfing the

net. Whenever I go into IE, my start-up page has the address "about:blank",

and a variable (and sometimes lewd) pop-up appears saying that my computer

is infected with spyware. I have both Ad-aware and Spybot Search & Destroy

software. Ad-aware picks up infected registry values in the following

places:(HKEY_LOCAL_MACHINE:software\microsoft\internet explorer\main\ and

HKEY_CURRENT_USER:software\microsoft\internet explorer\main\ ). Spyware

picks up numerous "DSO Exploits". Though both programs pick up malware,

neither one fixes the problem (though both give the option of erasing the

files post scan, subsequent scans after visiting the internet again or

restarting the computer show the same problems). I've also attempted to go

into the registry editor and delete suspicious values (regarding my home

page, start page, search page, etc.) under the aforementioned keys, but to

no avail. I've tried resetting my homepage - no luck. I've also tried to

go under Start-Control Panel-Add and Remove Programs. Here I found a

program called Spyware/Adware. When I try to remove/uninstall this program,

it doesn't give me the option, instead I am automatically put onto the

internet and a web page appears for "Adware Remover Gold". Nothing I've

tried is working. Norton Antivirus doesn't pick up anything at all. Please

help! Just wanted to add that all my Norton/Ad-aware/SpyBot Seek&Destroy is

up to date. I also wanted to mention that the firewall suggested by

microsoft's "Three steps to protecting your PC" is up and has been up for

many moons. And all of my attempts to fix my adware/spyware/malware

problems have been with the system restore off.

>

> UPDATE: I used the CWSShredder. At this point, I no longer have a hijacked search page - the CWSShredder helped. I was able to download the google toolbar, and I don't have the annoying pop-ups. I still have a program under Control Panel- Add or Remove Programs called "AdWare and SpyWare" that seems to be permanently affixed - I can't delete it from my "Add and Remove Programs" (it just refers me to a website for "Adware Remover Gold"). What do I do about this? ALSO, I tried using "Hijack This", the following is a logfile.

What, if anything on the logfile should I get rid of? >

>

> Logfile of HijackThis v1.97.7

Scan saved at 5:29:59 PM, on 6/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\toshiba\ivp\ism\pinger.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cinnamonrainbows.com/cinnwallcam/wallcam.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/prot...b?1065404055000

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15258581baeda2...ip/RdxIE601.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7874.6496180556

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

Share this post


Link to post
Share on other sites

Update - I have created a new post "Headway....." with a new log, please disregard this one, and reply to the newest one. Thanks.

 

-Ryan

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0