Few Problems

I have a couple of problems:
1. pop-ups
2. Trouble running certain applications (work stuff)
3. When running certain applications including Mcafee virus scan my computer crashes.
I have as I said Mcafee virus scan and firewall both updated. Have used several spyware tools including Ad-aware, spy sweeper,Noadware,spysubtract, still having problems though.

Any help?

 

Hi Aaabbb,

Generally, it is a good idea to start with the Cleanup Tutorial HERE:
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

This will remove a lot of stuff that would otherwise clog a HJT log.

Please note the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it - you didn't give OS) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Make sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Somebody will take a look when they get a chance.

*** Also, you may be better off dumping Noadware - Its effectiveness is questionable and it is listed as a "Rogue."
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Best luck
PP

 

Thank you for your help, I think I got through all of your recomendations, except the cwschreder I got a pop up saying a varient of coolwebsearch trojan (ews.smartsearch.2) attempted to close cwshredder and then it would not run past one check mark. Also when I re-booted from safe mode I got an error message saying mcafee virus scan had some files missing or not working. That is all I could read, since it crashed my computer. By the way I use xp pro. I hope I attached my hijack this file correctly

 

Hi Aaabbb,

BEFORE you do anything else, you MUST Extract HijackThis from the ZIP File to its own safe folder ---> C:\Program Files\HijackThis


Once HJT is relocated:

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O1 - Hosts: com

O1 - Hosts: arch

O1 - Hosts: com

O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)

O4 - HKLM\..\Run: [tyxmdmp] C:\WINDOWS\tyxmdmp.exe

O4 - HKLM\..\Run: [otkz] C:\WINDOWS\otkz.exe

O9 - Extra button: Corel Network monitor worker - {A5AF0844-DAC1-4083-A5CC-6141D088E94A} - (no file)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A5AF0844-DAC1-4083-A5CC-6141D088E94A} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)

O9 - Extra button: Advisor - {38F7FEE8-DBF0-4F0C-81E9-5C44589B7A1C} - (no file) (HKCU)

O9 - Extra button: Corel Network monitor worker - {A5AF0844-DAC1-4083-A5CC-6141D088E94A} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A5AF0844-DAC1-4083-A5CC-6141D088E94A} - (no file) (HKCU)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT....com/static_html/singles/2004/map/index.shtml

O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} - http://www.installshield.com/client/iftwclix.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/180feafe11ddc50a5f21/netzip/RdxIE601.cab

O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

Now boot into Safe Mode and navigate to and DELETE the following if they remain:

C:\WINDOWS\tyxmdmp.exe
C:\WINDOWS\otkz.exe

Reboot to Normal Windows and Scan with HijackThis and attach that log. Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Best luck
PP

 

Ok really dumb question...When I try to extract the hijack this file to the C:\Program Files\Hijack location it asks for a password that I do not know.

 

That's odd. Were you able to create the folder for it OK?
How are you trying to extract HJT from the ZIP - Are you RightClicking it and then following the extraction instructions?

The reason we need HJT in a safe folder is so that we may preserve backups in case you or I make a mistake.

I've got to get back to work in a few minutes, but I'll try to get somebody to keep an eye on this thread until I can check back.

PP

 

Ok I followed your steps and hopefully did it all right...

 

not quite.

Go to the location where the HIJACKTHIS.EXE file is located (C:\Documents and Settings\Matt Jung\Desktop\hijackthis\HijackThis.exe). RIGHT click on it using your mouses RIGHT mouse button and choose COPY from the menu. Now go to C:\ and make a new folder called HJT .. open that folder up and RIGHT click on the white background and choose PASTE from the menu. Now run the HIJACKTHIS.EXE and post a new log.

 

Done...

 

this log looks clean.

 

Great...thank you to everyone for their help...I really appreciate it!
Anything else I should do? ie turn system restore back on?

 

You can do that..
How to Protect yourself from malware!

 

Hey Kodo, thanks for covering for me - I do appreciate it!

Aaabbb - Log looks Ok to me, too.

PP