SysChat

SysChat (http://www.syschat.com/forum.php)
-   Operating Systems (http://www.syschat.com/software-support/operating-systems/)
-   -   Can't uninstall program (http://www.syschat.com/cant-uninstall-program-551.html)

rwies 03-19-2006 11:22 PM

Help Spyware
 
I seem to have an infection of some sort of spyware. My symptoms are as follows:

I received a popup ad which surprised me since I use the Windows XP popup blocker. Popups are usually blocked. I also had some sort of search toolbar on Internet Explorer. I managed to remove the toolbar but I don’t remember exactly what I did.

I started getting alerts from Zone Alarm (my firewall) stating that a program was trying to access the internet. The program is qpdsregl.exe. I have tried to delete this file with no success. I even restarted the system in safe mode with command prompt. I deleted the file from the command prompt but when I restart in normal the file reappears.

When I first launch Internet Explorer I get a window with my homepage and another window with advertising. The advertising is different every time. Most generally the url is something like http://www3.popupsearches.com/tbsear...uery=companies.

In the window with my homepage it displays normally except some of the words such as “Security”, “Company” or “Help” may now appear as hyperlinks. If I hover over the hyperlink the path shows “Sponsored Link.” If I click on the hyperlink again I will get an advertising window.

I have run Spybot and Zone Alarm’s anti spyware programs but they don’t find any spyware. I ran Norton Antivirus and likewise, no viruses.

If anybody has any ideas as to what I have and how to remove it I would greatly appreciate a reply.

Thanks in advance for any help you are able to give.

Ron Wies

Sami 03-19-2006 11:54 PM

Hi Ron,

Can you download this utility HijackThis unzip it, and run HijackThis.exe And "Do a system scan and save a logfile" once you run this it will save all the details in the hijackthis.log file.

Please attach this file to this post so that we can have look at it and suggest what to do next.

Also please let us know if your system is up to date with all microsoft updates like sp2 etc..

rwies 03-20-2006 08:20 AM

Log File Attached
 
1 Attachment(s)
My Windows XP is up to date, SP2.

I downloaded HiJackThis and attached the log file to this message. (I hope I attached the file)

I look forward to what advice you have to give.

Ron--

Sami 03-20-2006 10:13 AM

Hi Ron,

You have EZ-Tracks Toolbar Spyware on your pc.

Please follow the instructions below to remove this spyware. And also I recommend to download Microsoft's anti-spyware

EZ-Tracks removal instructions

Goto -> Add and Remove programs and uninstall URLSearchHook: EZ-Tracks Toolbar

Delete the following directories

Code:

downloads
Toolbar
Cache
%profiledir%\APPLICATION DATA\MICROSOFT\INSTALLER\{F5CA96BC-B3D0-4C10-BCE1-FBB97750B438}

Delete the following files

Code:

%tempdir%\EZTRACKS.MSI
%tempdir%\EZT-TOOLBAR.EXE
NSL168.TMP
%tempdir%\NSW167.TMP
%tempdir%\NSY163.TMP


Delete the following registry keys

Code:

EZTRACKS_IEPLUG.CEZTRACKSPLUGIN
EZTRACKS_IEPLUG.CEZTRACKSPLUGIN.1
TOOLBAND.XBTP06814
TOOLBAND.XBTP06814.1
XBTB06814.IETOOLBAR
XBTB06814.IETOOLBAR.1
XBTB06814.XBTB06814
XBTB06814.XBTB06814.1
{3023AF97-870E-476A-B30E-3923DF2B84BD}
{6822CC14-1DA2-4D69-AA9F-F2D268EEFEC0}
{6B035665-6C0D-4388-AD11-B28314DCA59B}
{AC54709E-14E4-4D65-9B7A-604A69BEB8D9}
{1982E06D-582F-4FC2-89D0-B59319E938C8}
{62509FB1-F6A8-4AB6-B31F-5736E473C4FB}
{3023AF97-870E-476A-B30E-3923DF2B84BD}
{AC54709E-14E4-4D65-9B7A-604A69BEB8D9}
EZTRACKS_IEPLUG.CEZTRACKSPLUGIN
EZTRACKS_IEPLUG.CEZTRACKSPLUGIN.1
EZTRACKS
XBTB06814
EZTRACKS
TOOLBAR
{6A36DFA4-83F5-FC67-DDB2-0AD22AB03E71}
{BDBEE7A0-23E5-2E7D-BD1B-E58C5CFA0E64}
{3023AF97-870E-476A-B30E-3923DF2B84BD}
{6822CC14-1DA2-4D69-AA9F-F2D268EEFEC0}
{6B035665-6C0D-4388-AD11-B28314DCA59B}
{4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D}
CONTAINS
CLIENT
QUEUE
PLUGIN
EZTRACKS
TOOLBAND.XBTP06814
TOOLBAND.XBTP06814.1
XBTB06814.IETOOLBAR
XBTB06814.IETOOLBAR.1
XBTB06814.XBTB06814
XBTB06814.XBTB06814.1
{6822CC14-1DA2-4D69-AA9F-F2D268EEFEC0}
{6B035665-6C0D-4388-AD11-B28314DCA59B}
{AC54709E-14E4-4D65-9B7A-604A69BEB8D9}
{1982E06D-582F-4FC2-89D0-B59319E938C8}
{62509FB1-F6A8-4AB6-B31F-5736E473C4FB}
{3023AF97-870E-476A-B30E-3923DF2B84BD}
{6822CC14-1DA2-4D69-AA9F-F2D268EEFEC0}
{F5CA96BC-B3D0-4C10-BCE1-FBB97750B438}
XBTB06814.XBTB06814TOOLBAR
{4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D}

Delete the following registry values

Code:

{6B035665-6C0D-4388-AD11-B28314DCA59B}

And Delete the all cookies

rwies 03-21-2006 08:44 AM

Can't uninstall program
 
I am struggling to solve a spyware problem. It appears I was infected with EZ-Tracks Toolbar Spyware.

When I launch Control Panel, Add Remove Programs I see a program titled eztracks in the Currently Installed Programs list. However when I click on it there is not a Change/Remove button.

Does anybody know how I can uninstall this program?

Ron Wies

Sami 03-21-2006 02:08 PM

Ron,

Before uninstalling through Add Remove Programs,

Boot your pc in safe mode and try deleting directories, files, and registry keys mentioned in above post.

rwies 03-25-2006 12:02 PM

Sami,

OK, I searched for each item in the "Delete registry keys and items" from your previous message. I still have remnants of the spyware.

When I launch my browser I get two windows, one is my homepage, the other is advertising. I still get unwanted hyperlinks on web pages I load that launch advertising pages if clicked on.

Any ideas other than reinstalling the operating system?

Ron--

Sami 03-25-2006 03:55 PM

Boot into Safe Mode

Find and delete these folders

C:\Program Files\EZTRACKS
C:\Program Files\LoveFreeGames

Also in safe mode navigate to the C:\Windows\Temp folder
and delete all files in that folder

Go to Control Panel -> Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

After that

Start > Run and type sysedit ok

In system.ini check for any instances of eztracks under the name of shell

And Reboot

rwies 03-26-2006 08:08 PM

Sami,

I followed your instructions. The folders listed did not exist under c:\Program Files.

I deleted the contents of C:\Windows\Temp\

I deleted the Temporary Internet Files with Delete Offline Content checked under Control Panel, Internet Options.

System.ini did not have any reference to eztracks.

After a reboot I still have the same symptoms. I still get an advertising window most of the times Internet Explorer is launched. I also sill get hyperlinks on key words on pages I load.

Thanks for your efforts, I appreciate any help you can provide. Any more ideas?

Ron--

Sami 03-26-2006 10:47 PM

Hi Ron,

Can you please run the HijackThis again and post the log file.

And also reset your Internet Explorer web settings

IE -> Tools -> Reset Web Settings..

rwies 03-26-2006 11:23 PM

HiJack file attached
 
1 Attachment(s)
Sami,

Attached is the file you requesed.

Ron--

Sami 03-26-2006 11:47 PM

Hi Ron,

I see UltimateBet and PartyPoker did you install these programs or was it automatically installed. I recommend you to uninstall it.

Reboot into Safe Mode: with out networking support.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

Click on Fix Checked when finished and exit HijackThis

Reboot.

Also I recommed you install Yahoo Toolbar without Anti-Spy


All times are GMT -4. The time now is 08:23 PM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54