JeanInMontana

Hi you already have a thread going here http://www.malwarebytes.org/forums/index.php?showtopic=1574 . You need to keep your replies in the same thread. Please follow the directions that have been posted for you there.

It's working today. Must have been a glitch in the matrix.

WinPatrol was chosen as one of 100 top Best Products of 2007. Digg it Congratulations Bill & Scotty!!

Nope, I also have "include text of the message checked." I really do know how to set the email settings. I belong to some other sites with the exact setup as this one.

Well, me either.

Just did a double check and yes to both.

Something is wrong with the HJT forum subscription option. I am subscribed to that forum and I see just now there have been two posts I didn't get a notification for.

Are you still having symptoms? I see no evidence of Spylocked in your log. You are still running HJT from a temp folder and you need to move it to your hard drive. Create a folder in your program files for it. This is needed for backups to remain on the PC should they be needed during a fix. O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized I would remove this and the associated program for your own good. P2P is a dangerous practice. You also need to update your Java to the most recent version for security reasons. JRE 6.1 is the current one Make sure your Windows updates are current also. There have been recent updates for IE that are critical. The following programs are free and will add a layer of security to your PC. You can get hpHosts from the link in my signature also. SpywareBlaster -- http://www.javacoolsoftware.com/spywareblaster.html is an excellent prevention tool that uses no resources and is free. WinPatrol-- http://www.winpatrol.com/ Is also an excellent prevention tool I also suggest you run StartUpLite from this site to remove unneeded startups and speed performance. You have many items just wasting resources. You can easily start them manually when you actually need them Let me know if your still having Spylock symptoms.

As a follow up, in a new HJT log all items currently in SUL were indeed removed. This user is extremely, umm, naive let's say.

Hi Jason and welcome to Malwarebytes. First get RogueRemoverPro using the link at the top left of this page, update it with the most recent database, run a scan and remove everything it finds. Then get the most recent version of HijackThis here, unzip it to a permanent location on your hard drive into a folder you create. Run a scan and save the log. Copy and paste the entire log into this thread and I will then tell you what else needs to be removed.

Be sure you follow the instructions for AVG here http://www.malwarebytes.org/forums/index.p...post&p=4453 it should give you an option to take action. Also check for updates again just in case.

You need to re run the AVG scan and this time "Take Action" You need to remove the infections. The log clearly shows the Zlob Trojan and Hotbar, but no action was taken. Sorry but you really need to get rid of this. Then post both the AVG log and HJT again.

Closing as resolved. PM a mod or admin if further help is needed.

This appears to be resolved. If further assistance is needed PM me and I will reopen the thread.

I'm closing this due to lack of response. Should you decide to continue with the fix, PM me and I will reopen the thread.

How's it going? We need to continue with this fix.

This appears to be resolved. I am going to close the topic. Should you need further assistance PM me and I will reopen the thread.

When you use this type of crapware you are always in danger of being infected with something. They tend to clean up their act long enough that everyone backs off and then go back to their shady practices. In my opinion yes, you could very well have something else or a new undetected version of SmitFraud. Your way better off to stick with the tried and true apps.

I agree, but in this case it won't happen.

It's not a good program. Your best move is to get if off your machine. Then run some good scans to be sure your not infected from it. Look at the Google hits for the program name http://www.google.com/search?q=psguard&amp...2006-17,GGGL:en

So I am finally getting around to it. I'm working with a person that needs this program desperately because she lacks the knowledge to do most things on a PC. She has the program but it didn't recognize the following: O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c Email client can be started manually O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime QuickTime media player Startup entry variation I guess?? O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe Hewlett Packard Printer/Scanner/Copier share to web device. Big resource hog ...I turn mine off. Printer works fine without it. O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE MS Office. Does not need to run at start up, huge resource hog can easily be started manually. O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Related to Office. Not needed at start. O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup This seems to be a dubious thing from what I found. But it is the updater for HandyBits programs of some sort. All of these from one log and she ran StartUpLite and it didn't recognize any? I thought QuickTime and ctfmon were in there.

OK continue with the rest of the instructions please and post those other two logs. Would you please also give us any ideas about how you might have gotten MBS Bill Notice. I'm not asking to pass judgment this is strictly for research purposes as they claim they are only installed by user consent. We know they are associated with several porn sites, did you by chance visit one? Any information is much appreciated.

Hi and welcome to Malwarebytes. You have quite a bit of stuff going on. Please be patient and follow all directions carefully. We will win! You might want to print these instructions because you should have all browsers closed during the fix and be off line. I also recommend you change all passwords as soon as I give you the all clear as one of your infections is a keylogger. Click here to download haxfix.exe and save it to your desktop. * Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix) * Checkmark "Create a desktop icon" * Click "Next" * When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed * Click "Finish" * A red "dos window" (dos box) will open with options: o 1. Make logfile o 2. Run auto fix o 3. Run manual fix o E. Exit Haxfix * Select option 1. Make logfile by typing 1 and then pressing Enter * Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt) * Copy the contents of that logfile and paste it into this thread. Next Get a copy of AVG AntiSpyware update it and run a full system scan, let it remove anything it finds, follow the steps below. Then get RogueRemoverPro and run a scan with it. I highly recommend you uninstall Spywarebot also it is listed as Rogue on Eric Howes site here. Post back in this thread with a new log and we will see what's left. 1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. 2. Once the setup is complete you will need run ewido and update the definition files. 3. On the main screen select the icon "Update" then select the "Update now" link. * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. 4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. 5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". 6. Under "Reports" * Select "Automatically generate report after every scan" * Un-Select "Only if threats were found" Scan instructions 1. Launch AVG-anti-spyware by double-clicking the icon on your desktop. 2.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG will now begin the scanning process, be patient this may take a little time. 3.Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" 4. Next select the "Reports" icon at the top. 5. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). 6. Post that log and the HJT log here with the Haxfix log. You can make these log posts separate replies but keep them in this thread please.

Wow, you gonna own the web??

Hola George and welcome to Malwarebytes.