JeanInMontana

Yes for now we think that is a good plan. Just to make sure it's not part of the problem.

Well it looks like the LOP is gone. That's a good thing even if Outlook is still broke. Run HJT again and put a check next to these: O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v46/share...GamesLoader.cab Run this http://www.malwarebytes.org/startuplite.php too please, it will not remove what it finds it will just stop it from starting at boot and improve your performance. It's free. Then please run a scan with this version of HJT http://www.trendsecure.com/portal/en-US/th...p?page=download Same procedure as with the other. Make a folder of it's own on your hard drive and post in this thread. It may show something we are not seeing. When you ran the sfc /scannow did it ask you for the CD? I'm just wondering if you did have files missing.

From your log it looks like your Norton is toast. The majority of the files are showing as missing. Sorry if I sounded crabby. This is bugging me too!

Hi and welcome to Malwarebytes. Please start your own topic and we will help you. You will get the full attention for your problem that way. This topic only pertains to the problems for this user, yours circumstances are probably not the same.

OK why did Norton come into the mix? Did you follow the instructions in the post with the LOP fix? It states use AVG for a final scan. You rebooted and still can't get anything from Outlook? Maybe try the install again? Have you done the sfc /scannow? Disk error check? Let's see a new HJT log please.

Mike, please take these last few steps. You need to reset your System Restore points to flush any infected ones and then create a new clean restore point. To do that open the Help and Support Center and on the left you will see System Restore settings, click it and turn off System Restore. Then in the Help and Support Center under Undo changes to my computer ( or similar wording) choose the System Restore link and click on create a system restore point. Give it a name like the date and clean restore point or something similar. You also want to run CC Cleaner to get rid of all the excess garbage files. It's free and will free up lots of wasted disk space and all the cookies from those redirects and your temp files. You should also consider adding a layer of prevention for your system with some great freeware that will help prevent future infections. SpywareBlaster from Javacool, WinPatrol from BillPStudios also be sure to immunize with Spybot Search and Destroy and enable the IE protection feature. Tomorrow go to the Windows Update site and get the latest updates for your system.

Thanks Rosty I approved your membership. I am in the process of setting up over here now MontanaMenagerie I bought the domain and will focus on it. Come on over.

Your welcome, but there are still a few things to do. Just to clean up run HJT again and put a check next to this item. R3 - URLSearchHook: (no name) - {40B666C0-8958-AD87-5D94-F74A34D9F6E6} - (no file) You need to reset your System Restore points to flush any infected ones and then create a new clean restore point. To do that open the Help and Support Center and on the left you will see System Restore settings, click it and turn off System Restore. Then in the Help and Support Center under Undo changes to my computer ( or similar wording) choose the System Restore link and click on create a system restore point. Give it a name like the date and clean restore point or something similar. You might also want to run CC Cleaner to get rid of all the excess garbage files. It's free and will free up lots of wasted disk space. Now you need to uninstall your Adobe Acrobat Reader and install the latest one. You have one with known security flaws. You also need to install the latest Java for security reasons. Uninstall your old version via Add/Remove programs and delete the program file. Then go here and get the correct download for your system. Make sure it is the offline version and install it. You should also consider adding a layer of prevention for your system with some great freeware that will help prevent future infections. SpywareBlaster from Javacool, WinPatrol from BillPStudios also be sure to immunize with Spybot Search and Destroy and enable the IE protection feature. Tomorrow go to the Windows Update site and get the latest updates for your system.

The log looks good. Are you still having symptoms?

The online Panda scan quarantined? Or did you run some other scan? Swizzer is also known as LOP. Your not a pain either, maybe in pain....LOL LOP.AH/Backdoor.Generic3.SVX Download the following two files rmbg3svx.exe and rmbg3svx.nt and run the rmbg3svx.exe file. Then restart your PC normally and run the AVG Complete Test. Note: Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmbg3svx.nt into the same folder as rmbg3svx.exe. After the healing process is finished please run the AVG Complete Test to make sure your computer is virus-free. Reboot and test things out let us know how it goes. If this works we will still need to do a few last things.

OK let's do this: Take your time and be thorough. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: Subratam Bleeping Computing Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once rebooted please post the text that will open (report.txt) and a new Hijackthis log file into this thread. If you get a file output similar to below: Go here and run the fix appropriate to your version of Windows: http://www.tech-forums.net/computer/topic/29806.html Then re-run Fixwareout please, thanks.

OK do this for me. Open HiJack This and click on the Miscellaneous tools tab. At the very top you will see the option to generate a start up list. Put a check in both boxes for that option and generate the list and then post it in this thread. Where are you being redirected to? Did you ever get a Panda scan to run? If so do you have a log? You need to use IE for that online scan and allow the active x to install.

Good news Joe, what fixed it? So did the Panda scan find stuff too? Did you run it? Because there is nothing in that AVG log that should have gave you that much trouble, unless I'm just blind. All I see is tracking cookies but I have been staring at a screen for hours now working on my new website. I did a quick look at your HJT log and only saw lots of missing Symantec files and a ton of 04's that could be pared down and improve your performance a bunch. Get Marcin's program StartUpLite and run it. We can probably add to the data base from your log. I'm too tired to do a real analysis of that log tonight. Someone else is welcome to take it, I will be gone tomorrow.

Hi Joe. Can you run any malware scans? What are you using for Antivirus and ad/spyware? Try to get a scan using AVG Anti Spyware save the log and post it. Also get a scan from Panda you will need to use IE and allow the Active X installation. Set it to Auto Clean and save the log. Post both logs from both scans and we can have a look. Please note this also we are sorry for any inconvenience this may cause.

Glad to help. Go to Control Panel>System then click on the System Restore tab. Uncheck the box to turn it off and clear old infected restore points. Also see how much disk space you have allowed to use for System Resotre. I have mine at the max, and still have plenty of disk space. Then click all the OK's. Go to Help and Support, under Pick a Task, click on Undo Changes Your Computer With System Restore. Click on Create a System Restore Point. Label it New Clean Restore Point or something you will know is a good point to restore to and create the restore point. You can also access your Restore Settings here on the left side of the box. So how are things running now? Do you seem to be OK?

I would try running the disk error check utility. Have you checked for any driver updates?

Well it looks like AVG took out a trojan. How is it running now? Your log looks good. You need to flush your system restore to make sure it's clean. Then manually set a new clean restore point. Your Adobe Reader is an old version with known security flaws also. I strongly reccommend you add a layer of prevention protection. JavaCool's SpywareBlasterhpHosts file WinPatrol All of these are free. Also make sure you go to Windows Updates and get the latest updates. There will be new ones come out on Tuesday.

Mike what is "the browser popup problem"? You have never mentioned popups before. What do they say? What happens if you use IE? I'm only finding bad press for NT browser and that it has a primary use of P2P. This is most likely the root of your problem. P2P file sharing is notorious for spreading infection and allowing unauthorized access to your system. There is no Zlop there is Zlob and there is Lop, what makes you think you have either? I'm not following with the search thing either, how do you click an item in the search box? You need to type in something right and click search. Is that what you mean? What are you searching for? Run a scan with AVG Anti Spyware free Please be through in following instructions. When given the option to take action make sure you do. Remove all items found, and post the AVG log please. Reboot and post a new HJT log.

OK post the Panda log please. Why do you want to get to Safe? What other redirects?

What others?? Help me help you. Please answer all questions.

Again, details are crucial. Where are you being redirected? Is this still happening? Did you follow all instructions? Do you get error messages as to why you can't reboot to safe mode? Why do you want to boot to safe mode?

Hi and welcome to Malwarebytes. Your using a version of HJT that doesn't support Vista. Please get this version http://www.trendsecure.com/portal/en-US/th...p?page=download and post a new log. Also please take note of this information here: We are sorry for the inconvenience but it is for the good in the end.

Hi again please take note of this information here: We are sorry for the inconvenience but it is for the good in the end. What is the page you are being redirected to? Details are a great help in assisting you. The following explains how to remove items from your computer that are malware. These items must be fixed!Please set your system to show all files; please see here if you're unsure how to do this.Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: F2 - REG:system.ini: Shell=explorer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212 O17 - HKLM\System\CCS\Services\Tcpip\..\{BC576AC5-18D6-4BBF-B226-8A105E8823F3}: NameServer = 85.255.114.72,85.255.112.212 O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EFCBC9-797B-4209-B179-6BC871B97E04}: NameServer = 85.255.114.72,85.255.112.212 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212 O17 - HKLM\System\CS1\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212 O17 - HKLM\System\CS2\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212 Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: reboot your computer in SafeMode by doing the following: 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8 not #8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the first option, to run Windows in Safe Mode. Using Windows Explorer, locate the following files/folders, and delete them: F2 - REG:system.ini: Shell=explorer.exe Exit Explorer, and reboot as normal afterwards. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot. http://www.pandasoftware.com/products/activescan.htm Post back a fresh HijackThis log and we will take another look. You are running an old outdated and unsafe version of the Java Runtime Environment. For safety you must update to the newest version. First go to Start>Control Panel>Add/Remove Programs and uninstall any and all existing Java programs. Then go to your program files and delete all Java folders. Now go here and get the off line version and download it. Save the URL and after install go back and verify that the install was successful.

O4 - Startup: PowerReg Scheduler.exe http://www.bleepingcomputer.com/startups/P...r.exe-4135.html

OK I can't stress enough that you follow instructions and only take actions when and if instructed. Do not install new programs during the fix. You do have serflog and it is evident by several lines in your log. There were infections found by the AVG Spyware scanner but no actions were taken. Please follow these instructions exactly. Take your time and be accurate. The following explains how to remove items from your computer that are malware. These items must be fixed.Please set your system to show all files; Windows 2000 * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. Please be sure to do this for this fix. * Click Yes to confirm. * Click OK.Close all programs leaving only Hijack This! running. Place a check against each of the following, making sure you get them all and not any others by mistake: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winnt\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winnt\blank.htm O2 - BHO: (no name) - {40B666C0-8958-AD87-5D94-F74A34D9F6E6} - (no file) O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINNT\system32\formatsys.exe O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINNT\system32\serbw.exe O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINNT\msmbw.exe O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINNT\system32\formatsys.exe O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINNT\system32\serbw.exe O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINNT\msmbw.exe O4 - Startup: PowerReg Scheduler.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab O20 - AppInit_DLLs: C:\WINNT\system32\wuauboot.dll Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: please see here if you are not sure how to do this. Using Windows Explorer, locate the following files/folders, and delete them: c:\winnt\blank.htm C:\WINNT\system32\formatsys.exe C:\WINNT\system32\serbw.exe C:\WINNT\msmbw.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab C:\WINNT\system32\wuauboot.dll Exit Explorer, and reboot as normal afterwards. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot. Post back a fresh HijackThis log and we will take another look. Note this also: http://www.malwarebytes.org/