Guides: Spyware Removal Help

Spyware is not simple to combat, and has to be handled using several different programs, as well as editing out registry entries. Removing it from your computer will be quite a bit more time consuming than putting it there was. I am glad to help, if you’ll take the time and effort to go through all the following steps first.

Please make sure that unless you are technically savvy that you get with me, or find a technician to help you out — one mistake can mess up your entire system. Please read, understand, and follow this list … it is the starting point for malware removal, and in most cases will do the trick all by itself!!!

Note: the bold, italicized, underlined items are links that will take you to the appropriate pages for necessary downloads and/or instructions. Just click on them to get to where you have to go. Save all downloads to separate, appropriately named folders on your desktop.

To create a folder on your dektop, just right-click on any area of the desktop not occupied by icons, select “New>Folder”, then type a distinctive, decriptive name in the highlighted box beneath the icon for the folder that will appear as “New Folder”on your desktop.


Do ALL of this, don’t skip over anything.

Every step is necessary, and the order in which they are performed is important to the success of the plan. This process will call for you to find and delete some things and to download and install a variety of updates and/or applications, in a particular order, and to execute certain of the applications in a particular order.

If done as detailed, none of this will harm your system. If any step is skipped, or performed out of order, the desired fix likely will not be achieved.

Please read, understand, and be prepared to exactly follow these instructions before beginning.

If you have any questions, feel free to ask here before taking any chances. Know what you’re going to have to do before you start to do it.

  1. First, if you are using WinME or XP, DISABLE SYSTEM RESTORE!When ALL the following have been done, re-enable it by following the same instructions, and replacing the check-mark you removed. Doing any of the rest of this with Restore enabled likely will be useless.
    Note: You will lose your saved restore points when you do this.


  2. Now, look for “TwainTech” , one of the most common hijackers, and if its on your system, get rid of it. Go to Start>SETTINGS>CONTROL PANEL>ADD/REMOVE PROGRAMS, and look for a program named “twain-tec”, “TwainTech”, or some close variant. If its there, click ADD/REMOVE and confirm you want to uninstall it.If there is no entry entry in ADD/REMOVE PROGRAMS, it still may be there. Assume it is, and do the following:

    For Win95, Win98 and WinXP users:

    a) To permanently disable the software click “Start” and then “Run” and type the following command which unregisters the software: regsvr32 c:\windows\twaintec.dll “
    b) To completely remove the software: reboot and then go to Start>Run>Search>For Files and Folders, enter “xtarget.dll” (without the quotes), and click “Find (or Search) Now”. It will take a while, but wait until either it finds the file, or says “There are no files to display”. If found, right-click on the file, then select-and-confirm delete. Find-and-delete any other files or folders with “twaintec” or “xtarget” in the name.

    Don’t delete “Twain” files or folders … just “TwainTech”, “twain-tec”, or very similar variations. The “Twain” files and folders are needed by your camera or scanner.

    For Win2K, WinME and WinNT users:

    a) To permanently disable the software click “Start” and then “Run” and type the following command which unregisters the software: “regsvr32 c:\winnt\twaintec.dll “

    b) To completely remove the software: reboot and then Find and Delete the file twaintec.dll, and find-and-delete any other file or folder with “twaintec*” (without the quotes, but include the *) in its name. Reboot.

  3. Next, in your browser’s toolbar, select Tools>Internet Options>Delete Files>Apply>OK. Then, empty your recycle bin. Next, go to Windows Update and fully update your Windows and your browser. If you primarily use a browser other than Internet Explorer, be sure it too is fully updated.Then, download and run the latest version of Network Associate’s free STINGER before doing anything else.
  4. Next, update your own antivirus program to the latest files, and run a full system scan.
  5. When ALL those steps have been accomplished, download CoolWWWSearch.SmartKiller removal tool and
    CWSHREDDER.Note: these links will bring up the download option. These files are perfectly safe, and will not harm your system. Save each to your desktop, into separate, distinctively named folders you will be able to locate easily.

    If you are running Win 95 or 98, you’ll need a zip utility to extract the files. If you’re running Win ME, 2K, or XP, a zip utility is unneeded. Install the apps and run them, CoolWWWSearch.SmartKiller removal tool FIRST. then CWSHREDDER, letting them fix whatever, if anything, they find

  6. Next, download and install both
    Spybot S&D and AdAware , but DO NOT RUN THEIR SEARCHES until you have opened each one and updated it using its web update function, as explained in the help file for each.When both products have been updated, disconnect from the internet and reboot your machine into safemode. If you are running Win95, Win98, or some versions of WinME, and customarily use a USB keyboard and/or mouse, you will need to substitute a standard PS2 Keyboard and/or mouse for the rest of this procedure, as the USB devices will not be recognized. If you are running any version of XP, thiat will not be a consideration.

    On most systems, you can enter safemode from a reboot by tapping F8 as soon as the machine begins to boot up, before any other screen appears. You may hear a beeping noise, and/or see a “Keyboard Error” message. Ignore them and keep tapping. You should soon be presented with a black-and-white boot choice screen. Select the #3 option, “Safe Mode”, either by typing the numeral 3 or by using the up/down arrows of your keyboard, and hit enter.

    Your machine will boot up with only the barest necessities, and no background applications, running. Your display will probably look very different. Ignore that. If the F8 method does not work, another possibility is to tap, or sometimes to hold down, the “Esc” key as soon as the system begins to boot.

    If methods don’t work for you, consult the User Support documentation that came with your machine or as available on the website of its manufacturer.

  7. Once in Safemode, run AdAware – instructions for using this program can be found here.
  8. Run Spybot Search and Destroy – instructions for using this program can be found here.
  9. Once again, empty your recycle bin, then, while still in safemode, defragment your drive. That too will likely take quite a while.
  10. Now, open a browser (If necessary, choose “Work off line” and pay no attention to the “Cannot Display Page” message, and, from the browser’s toolbar, select Tools>Internet options, and on the General, Security, and Privacy tabs, select the defaults and apply, then click “OK” and close the browser.
  11. Finally, reboot normally. Before doing any other browsing, messaging, chat, email checking or downloading, run HijackThis with no other browsers open or apps running, and save the log. Contact me here if you need help on what to delete.
  12. Now go out on the web as you normally would, being careful what you click on. DO NOT reactivate System Restore unless and until your machine is behaving properly.

If you insist on things like opening attachments from unknown senders, hooking yourself up with “Exciting Free Browser Add-Ons”, “Incredible Search Enhancers”, or any other “Amazing Helpers”, P2P file sharing, Porn, and surfing without up-to-date security and privacy software, you’re on your own. If not, and you’re still having problems, please email me, detailing exactly what you did, what the results were, and paste your Hijack This log into your post.

Remember, do everything listed, in the order listed, and please email me if you need further help.