Ad-ware not working need replacement spyremoval

[Camlee98]

I've tried everything to get adware working and no luck. I used spyware doctor and found many things left that s and d didn't catch. So I need to know if I buy a different spyware removal tool what is the best to buy. I can't seem to find any other free ones that remove the stuff it finds. I'm into a 22 post thread with cookie and feel that this is the last step at cleaning this computer. So if I have to pay then I have to pay. You can review all my problems and what I've done so far in my other thread. So any suggestions would be great!!! THanks for your input!!

 

[joe2cool]

Hi Adaware & Spybot are the best, wouldn't use spyware doctor..........also spyware blaster & spyware guard are Good. All FREE

What version of 'Adaware' are you using? Latest ?

 

[Byteman]

Hi, It's a combination of using Hijackthis, AdAware, SpyBot and some manual safe mode deletion for leftover files> and yes, even working with Registry entries that nails this stuff...
The junk we are seeing posters affected by is getting a bit harder to remove. Right now, AdAware as you know has released a new version of the free personal edition> IF you want to buy anything, buy the Premium or whatever version you want, of AdAware! It alone, will NOT remove everything, you need help with finding all the files or BHOs to remove and that is where HJT and a helper comes into play> I think your solution is around the corner and am wishing you good luck with your present hijack's removal!

The next good thing to do of course is improve security on your side of the Net, by using browser security settings for Internet Explorer, Windows Updates, a firewall, some ActiveX blocking software perhaps, or XP's SP2, and so on, as well as following some basic good computer maintenance practices> removing temp and Temp Internet Files, on a regular basis.

 

[Camlee98]

Yes I understand what you guys are saying I use all of those products you mentioned. I know adware is the best and I love using it on my computer(I'm working with my sisters it was in bad shape). My problem is that adware just won't work with it it keeps freezing. I've tried the earliest version of adware that I had tucked away. I've tried 1.02 1.03 and 1.04 the lastest version all with the same results. I've tried it in safe mode, uninstalled and reinstalled searched the registry for all items named lavasoft or adware. I think I've covered it all but something in this computer is not allowing me to use adware(the best product). So I'm kinda be forced to use or buy something else which in turn will hopefully remove whatever is causing the issue with adware. Here are the steps I've been taking to take care of the isssue http://forums.techguy.org/t269177.html and if you read through you can see I've been following instructions but just can't shake whatever is in this thing. So if you have an other suggestions please let me know I'm out of ideas.

 

[Byteman]

Hi, It sounds like your problem would not be just the new release of AdAware that has the reported freezing up problem ((that was solved by a NEW new release, just a day or so ago, of the SE 1.4...I advise getting the download from Lavasoft, as well as the plugins, I have had trouble twice with the downloads from Majorgeeks...as far as plugins anyway...the one from Majorgeeks did not display the License agreement! Lavasoft's did...and worked fine.

have you tried an online scan? There are some malwares that can stop security or antispyware programs from running.

http://housecall.trendmicro.com/

Set the AUTOCLEAN button setting. It's a very good scanner.

There are many more as you may know. If that doesnt run, get back.

 

[Camlee98]

Yes I used trend, panda, Rav and I'm running AVG all clean now. I'll try the download from lavasoft and see if that works. Here's what spydoctor found (I know adware finds these to because it totals up to about 60 items before it freezes). Mabey there's something in here that conflicts with adware and mabey I could delete that one manually??

StoolBar (multiple) general malware *
E2Give (HKLM\software\e2g) registry key *
eAcceleration (HKCR\directory\shellex\contextmenuhandlers\eac_virusscanner) registry key *
WildTangent (HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}) registry key *
WildTangent (HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}) registry key *
WildTangent (HKCR\wt3d.wt) registry key *
WildTangent (HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\clsid\{ecfbe6e0-1ac8-11d4-8501-00a0cc5d1f63}) registry key *
WildTangent (HKCR\wt3d.wt.1) registry key *
WildTangent (HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}) registry key *
WildTangent (HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}) registry key *
WildTangent (HKCR\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\wtvis.wtvisreceiver) registry key *
WildTangent (HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}) registry key *
WildTangent (HKCR\wtvis.wtvisreceiver.1) registry key *
WildTangent (HKCR\wtvis.wtvissender) registry key *
WildTangent (HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}) registry key *
WildTangent (HKCR\wtvis.wtvissender.1) registry key *
WildTangent (HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}) registry key *
WildTangent (HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}) registry key *
WildTangent (HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}) registry key *
WildTangent (HKCR\clsid\{7f23e6e5-0e79-4aee-b723-b1463805d5a9}) registry key *
WildTangent (HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}) registry key *
WildTangent (HKCR\clsid\{8ecf83a0-1ac9-11d4-8501-00a0cc5d1f63}) registry key *
WildTangent (HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}) registry key *
WildTangent (HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}) registry key *
WildTangent (HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}) registry key *
WildTangent (HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}) registry key *
WildTangent (HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}) registry key *
WildTangent (HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}) registry key *
WildTangent (HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}) registry key *
WildTangent (HKCR\clsid\{b9ba256a-075b-49ea-b9e2-7dbc2ef021d5}) registry key *
WildTangent (HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}) registry key *
WildTangent (HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}) registry key *
WildTangent (HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}) registry key *
WildTangent (HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}) registry key *
WildTangent (HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}) registry key *
WildTangent (HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}) registry key *
C-Dilla (HKLM\SOFTWARE\C07ft5Y) registry key *
dialer (HKLM\software\diallerprogram) registry key *
SlimFTP (C:\WINDOWS\system32\msrev21.dll) file *
AdDestroyer (C:\WINDOWS\system32\popoops.dll) file *
AdDestroyer (C:\WINDOWS\system32\popoops2.dll) file *
AdDestroyer (C:\WINDOWS\system32\swlad1.dll) file *
AdDestroyer (C:\WINDOWS\system32\swlad2.dll) file *
WildTangent (C:\WINDOWS\wt\wt3d.dll) file *
WildTangent (C:\WINDOWS\wt\wtvh.dll) file *
StopSign (C:\Documents and Settings\Owner\Local Settings\Temp\EAC00000000\defscan_setup2.exe.chk) file *
StopSign (C:\Documents and Settings\Owner\Local Settings\Temp\EAC00000000\spyware.cnr) file *
StopSign (C:\Documents and Settings\Owner\Local Settings\Temp\EAC00000000\vclnr.cnr) file *
StopSign (C:\Documents and Settings\Owner\Local Settings\Temp\EAC00000000\vclnr2.cnr) file *
2nd-thought.com (C:\WINDOWS\SYSTEM32\msxml3.inf) file *
2nd-thought.com (C:\WINDOWS\SYSTEM32\SWRT01.dll) file *

 

[Byteman]

Hi, I know you have tried a lot of things (I read the other thread)

The things Spyware Doctor is "finding" can be leftover entries...or false positives...or the "backups" inside your other removal progam...there really is nothing in your HJT logs that shows any of these files...


Try the temp and Temp Internet Files cleaning up once more...you can do this from Safe Mode, also:


Can you try these directions:

then go to C:\Documents and Settings\USER NAME\Local Settings\Temp and select everything in that folder and delete it

as XP will not let you delete files less than 24 hours old as it thinks it might need them please also do this
while in the temp folder, select view and select details.
then right click a blank part and select arrange icons by, and select show in groups and modified, that will give a list of all files in date order with today at the top of the page.
select all the files/folders except the today ones and delete them all.

and select EVERYTHING in C:\windows\temp except temporary internet files, cookies and history folders and delete all that as well

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

then
Reboot normally

Take note and write down any filename that gives any error message about "in use by- blah".

LOOK FOR that file as a running process> CTRL+ALT+DEL, End Task on that one,you may have to wait a minute for the next End Process(or Task) box to come up, and end it again. IF and only if...it is one of those that Spyware this or that...says it "found" and is definitely a suspicious, not-normal System file> try deleting it.

Then, run a scan with SpyBot and see if it finds anything.
Use AdAware again...what happens?

Keep trying to get updates for AdAware.

I would try the stand alone removal tool, Stinger by McAffee

http://vil.nai.com/vil/stinger/


Be sure the Preferences button for Actions to take is set at "Repair"

Now- I would stick with Cookiegal> keep trying when you have time and I bet sooner or later you will end up fixing it!

There is one other thing you could try:

http://www.majorgeeks.com/download4113.html

I don't think that is the same Look2me removal tool Cookiegal had you try...

 

[Camlee98]

Hey thanks for the stinger info it removed this one
C:\WINDOWS\SYSTEM32\TFTP260
Found the W32/Blaster.worm.a virus!!!
C:WINDOWS\SYSTEM32\TFTP260 has been deleted.

Not sure if this affects adaware but I'm gonna try it again now!

 

[Byteman]

Wow...Blaster is one that will terminate programs, good luck with this! See my re-re-redited post above too for some tips.

If the computer is connected to any others, like a small home network> disconnect it and try running this Blaster fix:

http://www.sophos.com/support/cleaners/blastgui.com

open BLASTGUI
run it
then click GO.



""How did my computer become infected?
W32/Blaster-A scans the internet and local networks looking for computers vulnerable to Microsoft's DCOM RPC security exploit. When it finds one it causes the remote computer to use TFTP to download a copy of the worm. This is saved as msblast.exe in the Windows system folder and the registry on that computer is changed so that the worm will be run when the computer restarts.""

There may be some other things to do...

Get this patch immediately:

http://www.microsoft.com/downloads/...53-65EC-4851-886C-5A412438D6D4&displaylang=en


Definitely: Visit Windows Updates with that computer and get all the critical updates, later on.

 

[Camlee98]

Ran the above program and it found no trace of the blaster worm I hope that's a good thing thanks for the info. I've tried adaware again and still freezes up at system32/microsoft and if I run it so it doesn't scan microsoft it freezes at the very end when it says busy and the bar fills about half way. Again thanks for all your help.

 

[Camlee98]

Update........ I took some advice from cybertech and ran ad-aware until it came up with about 30 hits then hit cancel and fixed those. I was able to fix the rest of the problems although ad-aware would still hang at c:\windows\system32\microsoft I was able to bypass this file and run a scan on everything else. Thanks to all who helped!!!!!

 

[Byteman]

Good> Hopefully an update or a reinstall of AdAware takes care of this problem. After the original SE came out, pretty much the same thing happened> a NEWER new release of 1.03> and now, v.1.04, so we never know what will happen!


I would guess that your manual removal in the Registry of Lavasoft items...may have done something that caused your freezeup, even after a reinstall...that is ONLY a guess! At least you are able to workaround the hang for now. You do not need to reply here unless you have a question or something> will consider it fixed/closed but feel free to post if need be.