JeanInMontana

Let's do this. Create a Startup List * Please boot into safe mode by tapping the F8 key just before Windows starts to load. * Once in safe mode, open HiJackThis * Click on the "Config..." button on the bottom right * Click on the tab "Misc Tools" * Put a check to the 2 boxes next to the Box that says "Generate StartupList log" * Click on the button "Generate StartupList log" * Copy and paste the StartupList from the notepad into your next post. (it will be saved in the same folder with HijackThis) Also give this scanner a try and see if it can run. http://www.kaspersky.com/virusscanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. * The program will launch and then begin downloading the latest definition files: * Once the files have been downloaded click on NEXT * Now click on Scan Settings * In the scan settings make sure that the following are selected: o Scan using the following Anti-Virus database: Extended (if available otherwise Standard) o Scan Options: Scan Archives Scan Mail Bases * Click OK * Now under select a target to scan: Select My Computer * This program will start and scan your system. * The scan will take a while so be patient and let it run. * Once the scan is complete it will display if your system has been infected. o Now click on the Save as Text button: * Save the file to your desktop. * Copy and paste that information in your next post. I am getting a second opinion on the Gmer log too.

The file still could be bad. It is not detected is what that shows. A search for the MD5 gets very few hits also. It is a driver for a program but is not signed by Windows. That can go either way. I'm still searching.

Is there anyway we could get notices of available updates? A mass email to beta testers maybe? I just did the update to 139 and scan/ignore work fine still get runtime error 13 if I switch to quick scan from full without closing.

OK we may be a step closer. Set your system to show hidden files and folders by doing this: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Then using Windows Explorer navigate to this file: Please scan this file S3 cel90xbe - c:\documents and settings\sam\local settings\temp\cel90xbe.sys here http://www.virustotal.com/ I'm reasonably sure it's going to show it is bad, if that is what you get for results delete the file. Now download and unzip this http://www.gmer.net/gmer.zip . Right Click the Zip file top open it and Select "Extract All" Double-click gmer.exe to launch the program. Click on the Rootkit Tab and on the right side, untick the Registry [] box, then click Scan. Once the scan is done, hit the [ copy ] button, then open notepad and paste the results here for me to see. Warning ! Please, do not select the "Show all" check box during the scan. We will go from there.

Extensions are the coolest feature of FF IMO, it depends on what you want to do or how you surf that makes choosing easier and more efficient. I can't live without some of mine. ForcastFox is one I always have, it shows you the outside temp and weather forcast for as many days as you want to make it show. Colorful tabs is another gives each tab a color, adblock plus, Gmail manager, Google browser sync is very nice for having all the same settings and bookmarks on two PC's. Foxmarks saves all bookmarks so you never lose them. The Google tool bar is great. I like and use Image Zoom a lot, (old eyes) Interclue gives a preview of search pages and saves you time searching. A word of caution with this one, turn it off for forum searching, the flood controls will just give you errors. Nuke anything enhanced is good for ridding banner ads etc. Split browser lets you split the browser into several different ways. Undo closed tabs is invaluable for getting back that tab you really didn't mean to close. Smiley extra has a huge database of smileys for forum posting. View cookies shows you what cookie the current page is giving you. Those are just some of mine. What you need to watch out for is some extensions don't work with others. Add extensions one at a time then you will know which is causing trouble. Other wise it can be a real pain to find the culprit. I'm sure others have their favorites too.

I really don't know what to tell you. I don't have enough details to give an intelligent response. If I'm reading correctly BitDefender detects something and AVG does not? Can you remove it with BitDefender? I would run other scans with other programs. Try the online Panda scan.

In your first HJT log you left off the system and boot type information. It is important for me to know. We don't know if you have a root kit or not to be safe you should notify all banks and credit cards, change passwords but don't log on until we clean you up. Let's run this tool. Print the instructions for reference. ComboScan Download Deckards System Scanner to your desktop. Alternate download link Close all applications and windows. Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread back into this thread for me to view. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt. Please attach Supplementary.txt to your post. Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. At this point reboot the system, and post back another HJT log file along with the other two logs requested.

Good idea Bruce. Some things are much more dangerous.

Do to lack of response this thread is closed.

Do to lack of response I'm closing this thread.

Do to lack of response this is closed.

Hi there, and welcome to Malwarebytes. You omitted part of the HJT log. Please follow the instructions below in the order given carefully and thoroughly. If you haven't already, please get these programs, update and run a complete scan removing all items found. http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exeHiJack This!://http://www.trendsecure.com/portal/e...k This!://http://www.trendsecure.com/portal/e...k This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here I'm happy to have helped you and should you ever need it again we are here. I will close this thread since the issue is resolved. The instructions in this topic are for this system only. Applying them to your system can cause major damage.

Hi there LOBSTER and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Use the link in my signature to get RogueRemoverPro trial and scan with it. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

That's good to know and I'm glad to have helped. If she is a safe surfer it makes a big difference too. But regardless of surf habits a decent firewall is essential. Since this issue is resolved I will close the thread. The advice and instructions in this topic are specific to this system. Applying it to your system can cause major damage. Start your own topic for assistance.

Your in the wrong place! This forum does not engage in cracks, hacks, warez or any other illegal activities.

Hello again. You can put a check next to this in HJT and click fix. It is just cleanup not malware. O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Sybot S&D TeaTimer is a great tool but if you are not familiar with your system and registry savvy it can be very confusing and annoying. I don't know what your level of experience is but if your having trouble with it you can turn it off and use the rest of the features of this great program. I hope you got the 1.5 version, it just occurred to , me I haven't updated my canned speech. The new version just came out last week. Be sure you have it. Your running wireless you really need a good firewall, one that tracks outgoing traffic and monitors programs etc. This is something that is worth paying for to get a good one. There are good free ones it just depends on the features your looking for. Keep your Windows updates current and Java Runtime you should be good to go. Don't trust anything telling you to install. lol

Several files were deleted all with malware type names. I'm guessing you got a new variant of Zlob from the media player and that is why SmitFraud didn't get it. Or it could have been doing the fix wrong. If this works great. I'm not seeing a firewall. If your just using the one with SP2 it's not enough. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy, actually in your case get it, and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here. You should post a final HJT log for any clean up left.

Did you install the media player? If so you need to uninstall it via add/remove programs. Deleting the file isn't the same. The instructions for SmitFraud are to boot into safe mode then run it. The instructions for these fixes need to be done just how they say. No variations. Download ComboFix from one of the links below: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox. We will see what this shows us. You can scan any of those files you attached here also http://www.virustotal.com/.

Whoa, your wife wouldn't know if she was having problems with that firewall. It doesn't alert to any out bound traffic. Someone could have complete control of the machine. Your suite is not enough, and does nothing to ward off malicious sites. These days you need a layered protection approach and caution to boot. All reccommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Hi and welcome to Malwarebytes. Did you uninstall the program? Please do so if you haven't. Panda flags it as undesireable. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm You need to get this program please http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe and post a log from it. Make sure you install it to a folder of it's own on C:\ post the SmitFraud fix log and a log from this HJT in your next post please.

Hi there, and welcome to Malwarebytes. Try using RogueRemover first then do the instructions in the rest of the post. You can get RogueRemover free trial from the link in my signature or at the top of this page. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy AVG AntiSpyware Then go here and run a scan PandaActive Scan There is a tutorial at the top of this page on how to do a scan and save the log. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Welcome to Malwarebytes Phil. Your welcome to post a HJT log in that forum. MysteryFCM has given good advice. The removal procedures for you system may not be the same as for what you have read. It isn't as hard as they may sound either. System Restore should work, unless the restore point was also infected. You should flush all the restore points around the date you got infected or all of them and set a new one. @MysteryFCM I'm fairly sure errornuker is already in RR data base. I know it's been discussed here.

Remove the virus.

These things can take time, be patient and follow their instructions. Getting help from two forums can cause you big trouble and damage to your system. It also takes the time of two volunteers, and one could be helping other people.