i have run adware 6, spybot, and cwshredder and can't seem to get rid of these. i have the xadso.offeroptimizer and itrackit.ileadit or something like that. I have run every spy audit i can think of and have downloaded every tool i can find. Nothing is working. I have done everything that has been posted and nothing has helped.

[Reply or follow-up to this message]

Did you disable system restore before running Adaware 6, Spybot SD or CWshredder? Did you empty out the TIF (Temporary Internet Files) folder?

Disabling or Enabling Windows Me System Restore

Have you tried hijackthis? You can post the hijackthis log at their forum. They have plenty of experts to assist you with the log.

HijackThis Post the hijackthis log here:

Spyware Info Forum Or post the log here:

Tom Coyote Forum

**********************
Pappy
If it ain't broke, tweak it! :)
**********************

[Reply or follow-up to this message]

upgrade to Ad-Aware SE and update upon installing, then configure Ad-Aware for a full scan, re-scan in safe mode, but first open up internet options, delete cookies, click "delete files" including all offline content, clear out temp folders (some temp files may still be in use until next reboot) type in search box *.tmp and delete whatever it finds, and empty recycle bin. try also some online scans (all 3 to find what each other does not)...

[Reply or follow-up to this message]

" have run every spy audit i can think of and have downloaded every tool i can find. Nothing is working. I have done everything that has been posted and nothing has helped. " like what? can you be a little more informative on that? other then the adware 6, spybot, and cwshredder, what others have you tried and how have you gone about trying them, what other programs? that is somethings that we need to know if further help is needed. :)

[Reply or follow-up to this message]

Make sure you have both Spybot S&D and AW updated. Close all open windows, before 
running the scans. If you haven't been helped on another forum, paste your HJT log 
here in a post. Also, please post the exact names of the other tools you used. If 
they're on this list, remove them:

Rogue/Suspect Anti-Spyware Products & Web Sites

Ad-Aware SE Personal Also, download the "Ad-Aware VX2 Cleaner Plug-In". 
Follow these instructions and run a full system scan: 
Reconfigure Ad-Aware for Full Scan

_SpyBot 
Search_&_Destroy v1.3 

Before rebooting into Normal mode, clear out all your temp folders to get rid of 
any junk hiding in there. Go into Internet Options - delete TIF and choose 'delete 
all Offline content'. Settings - set the size of your TIF folder between 5 - 10 MB. 
Choose - View Objects - choose View Details on the toolbar. If any ActiveX Controls 
are marked "unknown" or "damaged", remove them. Remove any you don't recognize or 
no longer need. Empty C:\Windows\temp folder and C:\temp folder, if you have one. 
Note: Some temp files may currently be in use, until the next reboot. Empty Recycle 
bin. 

If you still have problems, run HJT and paste the log here in a post: 
Hijack This 1.98.2 Unzip 'HJT' into it's own folder (ex: C:\HJT), because 
it creates backups. Log off and close all open windows. Run the Scan. Most of the 
entries listed are legitimate or required entries. Don't fix anything, until 
you know which items to fix. For a description of the entries: 
Merjin - HJT Tutorial

After the scan is finished, the Scan button will turn into Save Log. Press that and 
paste the contents here. Note: Before posting the log, check this box: Check this 
box to preserve your spacing, etc....

Recommended to install SpywareBlaster (freeware), to help prevent future malware 
infections. It's for prevention/protection only; it's not a cleaner: Check for and 
download updates after installing it. Enable protection. SpywareGuard can be used, 
in addition, for real time protection. Check for updates frequently: 
JavaCool Software 

Consider using an alternative browser as your main browser. FireFox or Opera are 
a couple good choices. IE has too many security issues and is very vulnerable to 
malware infections and hijackings. For other tips and suggestions: 
How you got infected in the first place



Dealing with Unwanted Spyware and Parasites

Hi, thanks for the advice.  I have already done everything you had listed and it 
still didn't work.  Here is a copy of my HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 2:11:14 PM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
c:\jetsuite\jsdaemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\BELSTA.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE
C:\Program Files\Real\RealOne Player\realplay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=tylerin&key=8191b541669a7f9ae6f7c6baa9704b95&ts=405922e8&A=0&B=1079251200000&C=1079251200000&D=1077782400000&I=7.NH1&L=g%2322&M=984038400000&N=PLHS&O=A
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink 
TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program 
Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {D3919E1A-D6A5-11D6-AC3E-00B0D094B576} - 
C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 
Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [LidPolicy] c:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" 
 -osboot
O4 - HKLM\..\Run: [BELSTA.EXE] BELSTA.EXE START
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe 
/AUTOSTART
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\RunServices: [Symantec Security Routine Addon for Microsoft Windows] 
navpxaw32.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" 
boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe 
Gamma Loader.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton 
GoBack\GBTray.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation 
Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.wob.ag/iNotes6.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) 
- http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38063.9009837963
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab









On Wednesday, October 13, 2004 at 1:40 pm, Carol J wrote:

>

>Make sure you have both Spybot S&D and AW updated. Close all open windows, before 

>running the scans. If you haven't been helped on another forum, paste your HJT log 

>here in a post. Also, please post the exact names of the other tools you used. If 

>they're on this list, remove them:

>
>color="CC00FF">

>Rogue/Suspect Anti-Spyware Products & Web Sites

>

>Ad-Aware SE Personal Also, download the "Ad-Aware VX2 Cleaner Plug-In". 

>Follow these instructions and run a full system scan: 
>color="CC00FF">

>Reconfigure Ad-Aware for Full Scan

>
>color="#CC00FF" font face='Trebuchet MS'>

>_SpyBot 

>Search_&_Destroy v1.3 

>

>Before rebooting into Normal mode, clear out all your temp folders to get rid of 

>any junk hiding in there. Go into Internet Options - delete TIF and choose 'delete 

>all Offline content'. Settings - set the size of your TIF folder between 5 - 10 
MB. 

>Choose - View Objects - choose View Details on the toolbar. If any ActiveX Controls 

>are marked "unknown" or "damaged", remove them. Remove any you don't recognize or 

>no longer need. Empty C:\Windows\temp folder and C:\temp folder, if you have one. 

>Note: Some temp files may currently be in use, until the next reboot. Empty Recycle 

>bin. 

>

>If you still have problems, run HJT and paste the log here in a post: 
>color="CC00FF">

>Hijack This 1.98.2 Unzip 'HJT' into it's own folder (ex: C:\HJT), 
because 

>it creates backups. Log off and close all open windows. Run the Scan. Most of the 

>entries listed are legitimate or required entries. Don't fix anything, until 

>you know which items to fix. For a description of the entries: 
>href="http://216.180.233.162/~merijn/htlogtutorial.html">

>Merjin - HJT Tutorial

>

>After the scan is finished, the Scan button will turn into Save Log. Press that 
and 

>paste the contents here. Note: Before posting the log, check this box: Check 
this 

>box to preserve your spacing, etc....

>

>Recommended to install SpywareBlaster (freeware), to help prevent future malware 

>infections. It's for prevention/protection only; it's not a cleaner: Check for and 

>download updates after installing it. Enable protection. SpywareGuard can be used, 

>in addition, for real time protection. Check for updates frequently: 
>color="CC00FF">

>JavaCool Software 

>

>Consider using an alternative browser as your main browser. FireFox or Opera are 

>a couple good choices. IE has too many security issues and is very vulnerable to 

>malware infections and hijackings. For other tips and suggestions: 
>color="CC00FF">

>How you got infected in the first place

>

>

>

>color="CC00FF">

>Dealing with Unwanted Spyware and Parasites 

You haven't done everything I listed, including updating AW, and you don't have the 
latest HJT. You've also posted on the wrong forum. 

Btw, who's Brandon? Which P2P program do you have installed? 



Dealing with Unwanted Spyware and Parasites

"I have already done everything you had listed and it still didn't work" no you have not done everthing

"Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)" second, you are using XP, this is the ME forum, you need to post on the XP forum, only after you have done what it was we suggested, if you want help then you are going to have to do as we suggest first.

[Reply or follow-up to this message]

I covered that already, Joe. This step is between the poster and I, I think.

Dealing with Unwanted Spyware and Parasites

[Reply or follow-up to this message]

;-)

[Reply or follow-up to this message]

i have aw 6.0 and i have checked for updates and there were none. i am using 1.97.7 and got that directly from a link on a web forum to solve this problem before i posted mine. I have no idea if there is a newer version but in this one there is no way to ask for an update. I have Kazaa on my computer which is the P2P and Brandon is myself. If this isn't the place where I should post it where should I post it. I have already posted my log at HJT and didn't get anywhere. I only posted it here because I was asked to.


On Thursday, October 14, 2004 at 12:46 pm, Carol J wrote:
>
>You haven't done everything I listed, including updating AW, and you don't have the
>latest HJT. You've also posted on the wrong forum.
>
>Btw, who's Brandon? Which P2P program do you have installed?
>
>
>

>color="CC00FF">
>Dealing with Unwanted Spyware and Parasites

[Reply or follow-up to this message]

They do still put out updates for AW 6, so that may be alright. Although, I posted 
a link to the new AW SE Personal. I also posted a download link for HJT 1.98.2 in 
my post! This tells me, you didn't really follow my instructions or read my entire 
response. This is the ME forum, and you're running XP. Mistakes happen, so that's 
not a major problem.

What do you mean you "posted a log at HJT", where is that, and who asked you to post 
a log here? There's no sign of a hijacking in the log. I didn't research all the 
entries, but worms aren't hijackers. Your best bet, would be to run an online virus 
scan. They have removal tools for worms. Three choices:

Panda Active Scan

BitDefender Online Virus Scan

Trend Micro Housecall

Since you're using Kazaa, you should get rid of it first. IT is your main problem. 

KazaaBegone

Kazaa is like a virus. It's one of the worst garbage programs there is. That goes 
for the spyware free versions, which are cracked versions of Kazaa. 
What's in your P2P "bundle"?
 
The Dangers of P2P File Sharing

MyDoom Virus, Kazaa and the Dangers of Peer-to-Peer

KaZaa Scumware.com

Dealing with Unwanted Spyware and Parasites

I forgot to say, you should clear out all your temp folders to get rid of any junk 
hiding in there, before running a virus scan. Go into Internet Options - delete TIF 
and choose 'delete all Offline content'. Also, to get rid of unnecessary ActiveX 
Controls: Choose - View Objects - choose View Details on the toolbar. If any are 
marked "unknown" or "damaged", remove them. Remove any you don't recognize or no 
longer need. Empty C:\Windows\temp folder and C:\temp folder, if you have one. Note: 
Some temp files may currently be in use, until the next reboot. XP-> C:\Documents 
and Settings\username\Local Settings\Temp (for all users). Empty Recycle bin. 

Disable system restore to clear out previous restore points. Then RE-enable it, if 
you choose, "after" your system's cleaned up. 
Disabling System Restore

Dealing with Unwanted Spyware and Parasites

You make a good backup, so I'll keep you in mind. ha ha......
As for the bat, eek! 




Dealing with Unwanted Spyware and Parasites

that one's cute! :)

[Reply or follow-up to this message]

• Search this forum
• Start a new thread on a different subject

• Report abuse of the forum