Cannot get Spyware cleaned..pls help

I have tried just about everything. I have done the Hijack This tutorial as well as every conventional method (lavasoft, spybot, googling windows processes etc)....

I need someone to take a look at my log if they have a minute or two, it would be greatly appreciated.

 

Hi cadeucsb,

I suggest you take a spin through the Cleanup Tutorial HERE (I realize you may have done much of this already, but at least do the Online Scans):

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’m not around this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

Ok, I completely ran through that tutorial using every tool and suggestion... all in safe mode. Still getting pop ups though...

I will attach my hijack this log...

 

anyone?

 

Please be patient - Only have so much free time!

Are these the expected settings?

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://vastera.webex.com/client/v_mywebex/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VASTERA.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VASTERA.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VASTERA.COM




Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and try to END it if possible:

m?iexec.exe

Now scan with HijackThis and Check the Boxes for the following:

O2 - BHO: (no name) - {16FF1653-B042-2FB7-8276-61557F827A4B} - C:\WINNT\system32\mngcg.dll
O2 - BHO: (no name) - {1CAD4752-E14D-27B0-8225-61557F84281A} - C:\WINNT\system32\zvp.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if it should remain:

C:\WINNT\system32\mngcg.dll

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

Those Vastera settings are fine. Couldnt find that exe to end it (m?iexec.exe). I cleared up the suggested fixes in Hijack this. Could not locate mngcg.dll (and hidden files are enabled). Spybot did not find anything in safe mode and I cleared all the temp files.

Initially it would seem that the pop ups are gone.. I never mentioned it before, but the pop ups i was getting were for Emoticons and I was also getting the windows access allow msg popping up for Gain...

As of now everything seems good, but I will post my log and update my status as i use IE more throughout the day...

Thanks,

 

You're welcome

Your HJT Log looks OK to me. Let us know if you run into further issues.
Also, have a peek at Chaslang's Malware Demands!

PP