Alot of sypware & hijackers, adware

I think my pc is loaded with this stuff, I have ran all the programs, read all the info you suggest/recommend/require. Spybot is not finding along with the others what XoftSpy (fee for cleaning) is finding. I can post the log from XoftSpy & Hijackthis if I can.
Some of the problems I am having is I can not open browsers in new window when right clicking (have to save short cut and open new window)
When I am trying to uninstall programs, like Kaza, it would not let me from control panel/uninstall programs, however when I went to Kaza program file and uninstalled it worked.
When I go to adminastrative tools/services I get a script error:Library not registered
res://C:\WINDOWS\System32\mmcndmgr.dll/views.htm

I can not open links though oulook express.

I am hoping someone can help.
Thanks,
Splah

 

well, if you have been here
http://forums.majorgeeks.com/showthread.php?t=35407
and
http://forums.majorgeeks.com/showthread.php?t=38752
and you are certain that this is a spyware issue

but, do you get asked if you want to keep running scripts?
that can be related to security settings for the Local Machine zone in Internet Explorer
does your printer work?
http://forums.majorgeeks.com/archive/index.php/t-43446

but I am talking out of my butt. . .

if you think its spyware related go ahead and post a log. . .

 

Thanks for your response

"but, do you get asked if you want to keep running scripts?"
Yes it askes me a total of 2 times, and then finally will go away.
I am also getting this error when I try to open tool in IEexploror
Restrictions
This operation has been cacelled due to restrictions in effect on this computer. Please contact your system administator.
I have read the threads you referred to- I am not sure this is spyware-however I do know something is wrong. I can print, no problem there.
When I go to open a CD (Microsoft Word, to uninstall my current installation) I get this error http://us.f1f.yahoofs.com/bc/3fa91d30_b34e/bc/My+Documents/Windows+installer+error.jpg?bfcC.hBB3dsUSF20
I cannot open I hyper link in new window and cannot copy short cut to open a new window, for the "manage attachments link", do you have any suggestions on how to upload my log?

Thanks for your help!
Angela

 

If you run kazza there will be spy/adware in your pc
kazza is the devil(remember that)

how many user profiles are on the PC?
can you log in as admin?
you may have better luck with that in the software forum. . . . .

but still to post a log(as a .txt), when you run HJt make sure everything is closed, all browsers, even this one. and make sure it is in its own folder not on the desktop, or in documents and settings.
ex: C:\Program Files\HJT\
if you cant just click the manage attachments button( it should pop up in a new window) either just post it in the thread( only if you have to ) but if you can. .
put it online as a link( if you have your own webpage )
but do what you can. . . .

 

Thanks for you post.

I know now that Kaza was a mistake, it's been on my pc for a few years and I recently used it to find a program I was wanting.
We have 3 user ID's on this pc, I am the Admin, so I don't understand those messages. I still can not open new windows by clicking on links.
I ran hijack in safe mode, is that okay? I have hijack in it's own folder in my program files.
If they can change the button to a link I can copy the short cut into a new page I think..I am not sure that will work for it to appy to this post.
Here is my log from hijack

Edit by chaslang: Inline log changed to attachment. Please post as text attachments.

 

Here is the log without safe mode



Edit by chaslang: Inline HJT log changed to an attachment. Please save your logs properly to a .txt file and post them as attachments.

Quoted log deleted: Please do not quote when note necessary, especially quoting of HJT logs.

 

Another error is when I try to go into "user accounts" it gives me this error

Wrong number of arguements or invlaid property assignment

 

do a windows update
to at least sp1
sp2 is a good idea

When all else fails - Generic Solution to HSA (Only the Best) & About:Blank
hijack:
http://forums.majorgeeks.com/showthread.php?t=38772

close all windows and tray items
run hjt
and have hjt fix these
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

it would be wise to keep my butt closed, huh
forgive me chas

 

So are you guys saying that I just need to reset my browser settings? I have no spyware, virus's or hijacking issues? What about the log from XoftSpylog?
Thanks!

Starting Scanning (Smart Scan Mode)
Scanning running processes.
1) : -
2) : \SystemRoot\System32\smss.exe
3) : \??\C:\WINDOWS\System32\winlogon.exe
4) : C:\WINDOWS\system32\services.exe
5) : C:\WINDOWS\system32\lsass.exe
6) : C:\WINDOWS\system32\svchost.exe
7) : C:\WINDOWS\System32\svchost.exe
8) : C:\WINDOWS\System32\ctfmon.exe
9) : C:\WINDOWS\explorer.exe
10) : C:\WINDOWS\explorer.exe
11) : C:\Program Files\XoftSpy\XoftSpy.exe
1) DownloadWare
Name: software\medialoads
Type: Registry Key
2) Kontiki
Name: Zodiac.ZWebBrowserCtl
Type: Registry Key
3) Kontiki
Name: Software\Kontiki
Type: Registry Key
4) MainPean Dialer
Name: Software\Freeware
Type: Registry Key
5) SAHAgent
Name: Software\WinSock2
Type: Registry Key
6) WildTangent
Name: CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}
Type: Registry Key
7) WildTangent
Name: CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}
Type: Registry Key
8) WildTangent
Name: CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}
Type: Registry Key
9) WildTangent
Name: CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}
Type: Registry Key
10) WildTangent
Name: CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}
Type: Registry Key
11) WildTangent
Name: CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}
Type: Registry Key
12) WildTangent
Name: Interface\{05EF74A5-E109-11D2-A566-444553540000}
Type: Registry Key
13) WildTangent
Name: Interface\{0E7AE465-EE8D-11D2-A566-444553540000}
Type: Registry Key
14) WildTangent
Name: Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}
Type: Registry Key
15) WildTangent
Name: Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}
Type: Registry Key
16) WildTangent
Name: Interface\{16410859-886F-4579-BC1F-330A139D0F0F}
Type: Registry Key
17) WildTangent
Name: Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}
Type: Registry Key
18) WildTangent
Name: Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}
Type: Registry Key
19) WildTangent
Name: Interface\{399A8818-2000-436C-9A55-0016E5E3D227}
Type: Registry Key
20) WildTangent
Name: Interface\{3F44B498-8FD4-4A1E-852C-170156ED27C0}
Type: Registry Key
21) WildTangent
Name: Interface\{52889E01-CB46-11D2-96BC-00104B242E64}
Type: Registry Key
22) WildTangent
Name: Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}
Type: Registry Key
23) WildTangent
Name: Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}
Type: Registry Key
24) WildTangent
Name: Interface\{6E6CF8E5-D795-11D2-A566-444553540000}
Type: Registry Key
25) WildTangent
Name: Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}
Type: Registry Key
26) WildTangent
Name: Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}
Type: Registry Key
27) WildTangent
Name: Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}
Type: Registry Key
28) WildTangent
Name: Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}
Type: Registry Key
29) WildTangent
Name: Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}
Type: Registry Key
30) WildTangent
Name: Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}
Type: Registry Key
31) WildTangent
Name: Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}
Type: Registry Key
32) WildTangent
Name: Interface\{BDB9B022-CAFF-11D2-9780-00104B242EA3}
Type: Registry Key
33) WildTangent
Name: Interface\{C1DA7AB8-54FC-4971-9AFB-1BCB9AFC3AA2}
Type: Registry Key
34) WildTangent
Name: Interface\{C1DA7AB8-54FC-4971-9AFB-1BCB9AFC3AA2}
Type: Registry Key
35) WildTangent
Name: Interface\{D72AC8E7-F41D-11D2-A566-444553540000}
Type: Registry Key
36) WildTangent
Name: Interface\{D8E9CCF6-8E64-4E39-95CE-C5333FCFBD1F}
Type: Registry Key
37) WildTangent
Name: Interface\{DE3E540A-F0F2-4761-99BE-AFC6DC427E30}
Type: Registry Key
38) WildTangent
Name: Interface\{EA6F254D-1A8C-4518-8FE0-E9B94FD134ED}
Type: Registry Key
39) WildTangent
Name: Interface\{EC914A5C-7C4B-4AC8-8C86-C10FF5C0D23D}
Type: Registry Key
40) WildTangent
Name: Interface\{F10493C1-D0B6-11D2-A566-444553540000}
Type: Registry Key
41) WildTangent
Name: Interface\{FA13AA3A-CA9B-11D2-9780-00104B242EA3}
Type: Registry Key
42) WildTangent
Name: Interface\{FA13AA3E-CA9B-11D2-9780-00104B242EA3}
Type: Registry Key
43) WildTangent
Name: Interface\{FA13AA44-CA9B-11D2-9780-00104B242EA3}
Type: Registry Key
44) WildTangent
Name: Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}
Type: Registry Key
45) WildTangent
Name: Interface\{FA13AA50-CA9B-11D2-9780-00104B242EA3}
Type: Registry Key
46) WildTangent
Name: Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}
Type: Registry Key
47) WildTangent
Name: Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}
Type: Registry Key
48) WildTangent
Name: WT3D.WT
Type: Registry Key
49) WildTangent
Name: WT3D.WT.1
Type: Registry Key
50) WildTangent
Name: WTVis.WTVisReceiver
Type: Registry Key
51) WildTangent
Name: WTVis.WTVisReceiver.1
Type: Registry Key
52) WildTangent
Name: WTVis.WTVisSender
Type: Registry Key
53) WildTangent
Name: WTVis.WTVisSender.1
Type: Registry Key
54) Winpup32
Name: Interface\{48E59291-9880-11CF-9754-00AA00C00908}
Type: Registry Key
55) Winpup32
Name: Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Type: Registry Key
56) Troj/AnaFTP-01
Name: CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
Type: Registry Key
57) Bat/Mumu-A
Name: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiz
Type: Registry Value
58) W32.Coflop_mm
Name: Software\KaZaa\LocalContent\DownloadDir
Type: Registry Value
59) Cydoor
Name: C:\WINDOWS\System32\cd_clint.dll
Type: File
60) MarketScore
Name: C:\WINDOWS\System32\osconfig.dll
Type: File
61) MarketScore
Name: C:\WINDOWS\System32\osrouter.dll
Type: File
62) SaveNow
Name: C:\WINDOWS\System32\VBAR332.DLL
Type: File
63) WildTangent
Name: C:\WINDOWS\wt
Type: Folder
64) WildTangent
Name: C:\WINDOWS\wt\data.wts
Type: File
65) WildTangent
Name: C:\WINDOWS\wt\wt3d.dll
Type: File
66) WildTangent
Name: C:\WINDOWS\wt\wt3d.ini
Type: File
67) WildTangent
Name: C:\WINDOWS\wt\wtvh.dll
Type: File
Scan Finished

 

Another question, why do you think I am getting these messages when I am trying to uninstall things
" could not be launched, library not registered?"

How can I get my browser fixed to where I can click on hyper link and open in new windows?

THANKS AGAIN!

 

Ok I got the hyper link problem fixed by doing a search on "my hyper links wont work" and found how you re-register them, that is fixed.

This is still not fixed when I go to user accounts (Wrong number of arguements or invlaid property assignment) I get this message.


I still do not know why I have the error when I click on my microsoft word CD
http://us.f1f.yahoofs.com/bc/3fa91d30_b34e/bc/My+Documents/Windows+installer+error.jpg?bf7qUiBBDKD1SF20




and When I go to adminastrative tools/services I get a script error:Library not registered
res://C:\WINDOWS\System32\mmcndmgr.dll/views.htm

 

I have no idea what that is

I have seen script errors in the software forum

glad ya got your links workin

 

Thanks guys for your continued help:

I looked for the files and all are present if C:\WINDOWS\wt\wt3d.ini is a configuration file, when I search for it I did not see the INI but it came up with I did a search for wtd5.ini
Web settings/browser/is okay now.
I will get rid of the XoftSpy, glad I didn't pay for it, I was just about to before I fould this site. whewwwwwww.

Thanks

 

Sorry about those text's not being attached, I could not use the attachment function at that time, my "open new browser/open in current browser was disabled. Now it's all good.

Thanks for attaching for me.

Angela

 

I wanted to upload this just incase it is related to some of my error's I am having.
This comes from my admin tools/services/event viewer/application errors.

 

I guess they are the result of the virus/spyware issues, I have posted in the software forum, no one responding yet.

Thanks,