• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
efect^

oK problem!?

7 posts in this topic

Im ussualy not a computer newbie.. i rarely have ever gotten spyware/virus.. but this is making me very mad.. i have scanned my computer with Search and destory.. Spyware Sweeper.. and i have purchased BPS spyware remover.. i can find these programs .. i find there location delete with Shreder in SD ... i dont get any pop ups or anything after i remove them.. then ill get one and then the programs are back.. neither of my programs can detect the main file which is installing all the others again... it seems to be twain.dll twain media ect .. at first it had Tv media and some crap but all gone.. only traces i can find are twain.dll..

 

i always get cfwaz.exe in my process menu.. and sometimes found in system32.. i safe shred gone .. then both of them come back.. im going insane people

 

i had freaking pop ups... how can i find this main file... i think it has to do with something tabi3 .. tabi tabi32.dll ... they are not found under last working run setup or what ever (the backup) there is a bunch of them..

 

please i need help ! :angry:

 

if more information is needed on what i find i can post

Share this post


Link to post
Share on other sites

I'm very, very sorry you got scamed into BPS spyware remover, those scumbags took the spybot search and destroy detection database and claimed it as their own, then started selling it! SpyBot: S&D is free.

 

As of today, the best solution to spyware is the free community of websites and forums of which spywareinfo.com is a part of, as well as 2 well-known programs, ad-aware and spybot: search and destroy. Its not some scam company claiming $30-$50 will get rid of your spyware problems.

 

If you'd care to download hijackthis and make a log for here (you can reply to this topic with it), we'd be glad to assist you in finding the casues and eliminating them. And we do it for free. (Though if you'd care to donate to the site, that'd be great too, but lets look at your log first)

 

Here's a link to get hijackthis:

http://www.tomcoyote.com/hjt/

 

 

Why BPS Spyware Removal is scamware:

http://www.spywareinfo.com/newsletter/arch...feb-2003/13.php

http://www.lavasoftsupport.com/index.php?act=ST&f=1&t=3912

http://www.wilderssecurity.com/showthread.php?t=7221

http://www.safer-networking.org/index.php?...tail=2003-02-12

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.97.7

Scan saved at 10:11:06 PM, on 5/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\avsynmgr.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\Program Files\Network Associates\VirusScan\Webscanx.exe

C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Scotts Box\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\system32\regsvrac32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [uhkknbqygxmqp] C:\WINDOWS\System32\cfzwaz.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - HKLM\..\RunOnce: [9xa64b0.exe] C:\WINDOWS\System32\9xa64b0.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25e0abc0695d19...ip/RdxIE601.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8039.7467592593

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

 

 

 

there

Share this post


Link to post
Share on other sites
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-

O4 - HKLM\..\Run: [uhkknbqygxmqp] C:\WINDOWS\System32\cfzwaz.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -

i can tell all of those are spyware.. so is it safe to just delete

Share this post


Link to post
Share on other sites

ok, i have found out it what ever it is installs another .exe file when i delete a new one... they come with random names under system32 folder.. i need to find whats creating them.. becuase this is what is causing the pop ups.. when i dont have one in system32 i dont get any.. but 15 minutes later it generates another

Share this post


Link to post
Share on other sites

Hi,

Important! Create a folder via Windows Explorer for HijackThis, then move the file (HijackThis.exe) to that folder. This way any backups created are saved in a legit folder.

 

1) Restart in Safe Mode (see "How To:" below)

2) Enable Hidden Files (see "How To:" below)

 

Locate and delete the following:

 

C:\WINDOWS\system32\regsvrac32.dll

C:\WINDOWS\System32\cfzwaz.exe

C:\WINDOWS\alchem.exe

C:\WINDOWS\System32\9xa64b0.exe

 

While still in Safe Mode:

Close all open windows, rescan with HijackThis and "Fix checked" the following:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\system32\regsvrac32.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [uhkknbqygxmqp] C:\WINDOWS\System32\cfzwaz.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\RunOnce: [9xa64b0.exe] C:\WINDOWS\System32\9xa64b0.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25e0abc0695d19...ip/RdxIE601.cab

 

Restart normally and then ...

 

Disabling System Restore

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

 

How To: Scan for unwanted programs

http://vil.nai.com/vil/content/v_100844.ht...valInstructions

 

After the above post a fresh log ...

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0