HJT Log Please Help

[thurman]

Hello - First of all, let me thank whomever can help me in advance for taking the time to look this over.

For the last two weeks I have been battling to remove spyware and adware from my computer. I have run Adaware, Spybot S&D, CounterSpy, SpyCatcher, Ewido, SpyWare Blaster, and AVG. All of these programs have detected Spyware of some sort and seem to get rid of it. But the problems always seems to reappear within a few minutes. I moved on to FireFox, but if I open up IE, I get barraged with popups. Even if IE is not open, occasional popups appear. I have attached my HJT log, and I was hoping someone might be able to make suggestions or guide me to cleanliness.

On a side note, when I run AVG, it comes back saying that I have a "Trojan horse Clicker.CPX" . and a Trojan horse Downloader.Generic.ZKO When I attempt to "heal" , put it in the virus vault, or delete, is says that the "requested action is not available for this object, access is denied." When I follow the file paths, the infected files are nowhere to be found. If I am not mistaken, HJT is not going to help me with this problem, but I was wondering if anyone might have suggestions as to rid myself of Trojans.

I cannot begin to thank you for any help that you might be able to give. I am at my wits end.

with heartfelt thanks,
Bryon

 

[Mictlantecuhtli]

Welcome to TechSpot

Boot to safe mode before fixing anything.

Do you need this?

C:\Program Files\Advanced System Optimizer\adblock.exe


What is this?

C:\Documents and Settings\thurman\My Documents\?racle\j?vaw.exe


Advanced System Optimizer changes the proxy server.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local


This should be fixed:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)


You could fix this if you want to (or uninstall the application):

O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"



You also have some unnecessary applications starting and running, but that's just my opinion.

 

[howard_hopkinso]

Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Advanced System Optimizer

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

j?vaw.exe The ? mark can be any random letter or number.
adblock.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Advanced System Optimizer
C:\Documents and Settings\thurman\My Documents\?racle\j?vaw.exe

Reboot into normal mode and turn system restore back on.


Regards Howard :wave: :wave:

This thread is for the use of thurman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[thurman]

Thankyou guys so much!!!! I followed your instructions, and everything seems good now. I have posted a new HJT log, just to make sure we are looking good. If you could just make sure, that would be greatly appreciated.

I really can't thankyou enough for lending me your time and expertise. I wish you nothing but the best.

Sincere Thanks,
Bryon

 

[howard_hopkinso]

Well done, your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of thurman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.