JeanInMontana

Hi Don, Please accept my apologies on behalf of Malwarebytes. This post was somehow overlooked by everyone. If you still need help please post a new log for us. Again we are extremely sorry for this.

Hi and welcome to Malwarebytes. You could have ruined your system using HJT and not knowing what you are doing. You can't apply what fixes one person's machine to yours. All fixes are specific to the system in question. No one can tell what you might have done without seeing another log.

The log looks good. You might want to run one of our free programs to clean up your start menu. StartUpLite will help speed boot times by eliminating un-needed programs that start automatically. You can get it here http://www.malwarebytes.org/ Make sure you keep your Windows updates current and add a layer of prevention using programs like WinPatrol and SpywareBlaster, and hosts files like hpHosts and IE-SpyAds, all of these are free. You should now eliminate all your old System Restore points and create a new clean one. This is so if you need to use System Restore you don't reinfect yourself with a bad one. Feel free to post any other problems in the proper section. There is no need to post a HJT log unless you think you are infected again.

Thats right folks, courtesy of Bill Pytlovany, BillP Studios, I've got an absolutely unbelievable competition for you this month. We've been racking our brains trying to think of a suitable competition, and coming up with ideas for new competitions turns out to be ALOT harder than I originally thought, so like last month, this one's graphic related too. So what do you need to do? ..... simple, design a new logo for Ur I.T. Mate Group to replace the current one; The new logo shall be used to replace both the current logo, favicon ( http://www.it-mate.co.uk/favicon.ico ), and of course, for new banners. You can submit as many or as few entries as you like. Once the closing date is reached, the winner will be chosen not by myself or the other admin's/moderators here, but by BILL PYTLOVANY HIMSELF!!!. The person that submitted the winning entry shall be notified of this via PM, and provided the prize directly from BillP Studios. Only once the winner has been notified, shall their nickname (or name if you wish) be published (unless you request otherwise). The Prize We've got an absolutely unbelievable prize for you this month. Not only will the winner receive a WinPatrol Plus licence, but he or she shall also receive a sports shirt SIGNED* by Bill Pytlovany himself! * Bill has mentioned that the winner can have an unsigned sports shirt if requested, simply let me know when I send you your PM Smile The Rules To keep things simple, there's only two ....... 1. Entrants MUST be registered on hpHosts Support Forums (entries submitted elsewhere or via e-mail, shall be invalidated). You don't even have to be an hpHosts user! 2. The logo background should be transparent (so it can be placed over any background, for use with banners etc) There's no size, height, width or image format restrictions. Submitting Your Entry To submit your entry simply reply to this thread, attaching your entries. Closing Date: Tuesday July 31st _________________ Regards Steven Burn Ur I.T. Mate Group www.it-mate.co.uk Keeping it FREE!

Post the log!!

Hi and welcome to Malwarebytes. Please follow these instructions: Removal: 1) Download Malwarebytes' RogueRemover Free or Malwarebytes' RogueRemover PRO from one of these links. Malwarebytes' RogueRemover Free - http://www.malwarebytes.org/rogueremover.php Malwarebytes' RogueRemover PRO - http://www.malwarebytes.org/rogueremoverpro.php 2) Install it and start it up. 3) Press Check for Updates 4) It will tell you that there is a newer version of the database. Press Download 5) Go back to the main screen and press Scan 6) If an infection is found, remove all objects found. Then post a log as a reply to this post, using this program http://www.trendsecure.com/portal/en-US/th...p?page=download from that log we can be sure you are infection free.

Sorry for the confusion. I put the tool bar item in red to show you which was the worst. All of the lines should be removed. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL ZoneAlarm http://www.zonealarm.com/store/content/com...reeDownload.jsp is a good free firewall, Kerio is good http://www.sunbelt-software.com/Home-Home-...sonal-Firewall/ and Comodo is good http://www.personalfirewall.comodo.com/. Be sure you turn off the Windows SP2 firewall in the Security Center.

You still actually have an item that is considered spyware on your system. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL It installs the Alexa Toolbar, which is spyware. You can read about it here: http://www.f-secure.com/sw-desc/alexa.shtml http://www.trendmicro.com/vinfo/grayware/v...ME=SPYW_ALEXA.A http://www.symantec.com/security_response/...-062410-3624-99 http://www.auditmypc.com/process/alxres.asp You should uninstall it and run HiJack This again then put a check in the lines above and click fix. Then you should clear all system restore points and create a new clean one. I don't see any evidence of a firewall, this is an absolute must have item. There are several good free ones.

Hi and welcome to Malwarebytes. Please follow these instructions: Removal: 1) Download Malwarebytes' RogueRemover Free or Malwarebytes' RogueRemover PRO from one of these links. Malwarebytes' RogueRemover Free - http://www.malwarebytes.org/rogueremover.php Malwarebytes' RogueRemover PRO - http://www.malwarebytes.org/rogueremoverpro.php 2) Install it and start it up. 3) Press Check for Updates 4) It will tell you that there is a newer version of the database. Press Download 5) Go back to the main screen and press Scan 6) If an infection is found, remove all objects found. Then post a log using this program http://www.trendsecure.com/portal/en-US/th...p?page=download from that log we can be sure you are infection free.

Hi and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=1295 . Post back a new log using the HiJack This mentioned in that post. Thanks.

Hi Dennis and welcome to Malwarebytes. Members are not allowed to upload files. Any logs you will be asked to post should be copied and pasted into your post. AboutBuster is outdated. Please get HiJack This unzip it to a folder you create C:\HiJack This and run a scan, then post the results here in this thread.

Greasy, we need to finish this. Post a fresh log please.

Son are you giving up on this?

No problem. You just need to have HJT set up right. Follow the directions here http://siri.urz.free.fr/Fix/SmitfraudFix_En.php taking care to be exact and then do the following: Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program Files\Image ActiveX Access\iesplg.dll (file missing) O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Image ActiveX Access\iesbpl.dll (file missing) Click on Fix Checked when finished and exit HijackThis. Post back a fresh HijackThis log and we will take another look.

No you did not follow all my instructions. You are still running HJT from a temp folder and you still have Vundo. Try again. Are you running a scan when AVG gives this warning? Have you ran a scan with it? You should run a full system scan with it and then choose heal.

Hi Greasy looks like you got some "stuff" going on. You need to extract HJT from the zipped file and put it in a permanent folder C:\HJT. Then run a new scan and post it in this thread please.

Hi and welcome to Malwarebytes. First you must move HiJack This! to a folder you create C:\HJT. Right now you have it in your temp files and should we need any backups they could be lost. Next follow these instructions carefully: Removal Steps: 1. Please print these instructions as they will be needed later when Internet access is not available. 2. Save these instructions in word or notepad to the desktop where they can be easily found, like your desktop. 3. Download Vundo Fix and save it to your desktop. 4. When it has completed downloading, double-click VundoFix.exe to run it. 5. Click the Scan for Vundo button. 6. Once it's done scanning, click the Remove Vundo button. 7. You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo. 8. When completed, it will prompt that it will shutdown your computer, click the OK button. 9. When the computer has shutdown, turn your computer back on. The WinFixer and Vundo infection should now be removed from your computer. If you are still having a problem then please perform the following steps. This step should only be used if the instructions in the previous steps did not remove the infection: 1. Download VirtumundoBegone and save it to your desktop. 2. Now reboot into Safe Mode. 1. This can be done tapping the F8 key as soon as you start your computer 2. You will be brought to a menu where you can choose to boot into safe mode. 3. Select safe mode with networking using your arrow keys on the keyboard and then press enter. 4. When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps, 3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions. 4. Exit when it has finished, and reboot back to normal mode. Run another HJT scan and post the results back into this thread. We will see if you have any other issues. It is very important that you follow through with this final step. Just because everything seems to be working doesn't mean you are rid all problems.

Hi David and welcome to Malwarebytes. Would you please post us a HiJack This! log using this program http://www.trendsecure.com/portal/en-US/th...p?page=download . Please post it as a reply in this thread and we will see what is going on. Thanks.

Is that connection added to your "Network Places" Did the router come with a disk to install drivers? I am not familiar with Verizon but my provider had to help me with the initial connection for my laptop wireless. The added the network from their end. You might have to do the same thing.

Ditto that RD. Especially if they won't deal with statements like KK's. Should add them to the data base for blocking.

We all commented on this one. I thought Marcin got Softonic to remove all those comments though.

Not sure what you mean Joe. You should be concerned with flushing your System Restore points and creating a new clean one and making sure you have a firewall, antivirus and a good layer of prevention. Stay away from what ever it was that gave you LOP. I am delighted if this fixes it all for you!! This was a challenge.

http://support.microsoft.com/kb/196492

http://www.pchell.com/support/backupoe.shtml

Running sfc /scannow should replace the missing dll also. If it's working now it would save the re-install.