JeanInMontana

OK, if AVG removed it that is why you can't find it. Can you get a copy from the vault and submit it? Limewire and Utorrent are a dangerous programs to be using and might be why you got infected. P2P programs are not safe and often the files are illegal. I recommend you get rid of them now. Run HJT again in scan only, put a check next to these items and then click fix. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {36D9BC0E-A273-469B-B16C-12715F3B969C} - C:\Program Files\Online Services\wodefagerC:\DOCUME~1\GS\LOCALS~1\Temp\CEMG555077.exe.dll (file missing) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll LaunchU3.exe <======= Have you purposely installed this? From what I find it can be malware if you didn't install it. Please upload the file C:\WINDOWS\system32\nvsvc32.exe to and post the results in your next reply. We will make sure it is malware this way. Update MBAM and do a quick scan post that log and a new HJT please.

You need to have it looked at. I would bet it's not clean.

Please upload this file C:\Program Files\RcvSystem\httpdchk.dll to here . This will ensure it gets added to the data base for future removals. Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow"> SDFix.exe and save it to your desktop. Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, the Advanced Options Menu should appear; * Select the first option, to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. * Finally copy and paste the contents of the results file Report.txt with a new HijackThis log Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

OK, sorry for the delay in reply, I took a day off and then had work. Be sure you have enabled the view hidden files option. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Now please find these files and Please upload the files to and post the results in your next reply. We will make sure it is malware this way. C:\Documents and Settings\All Users\Application Data\onefopun\wtqzgfkh.exe <==== Any idea what this is? It gets 0 hits on Google, that is very rare. C:\Program Files\yqwhhpc\uicomen.dll <========== And this. C:\WINDOWS\system32\khynidaj.exe C:\WINDOWS\system32\palorila.exe C:\WINDOWS\system32\tkzcjoro.exe C:\WINDOWS\system32\kfutsxgr.exe C:\WINDOWS\system32\ididolar.exe C:\WINDOWS\system32\formvspo.exe C:\WINDOWS\system32\pazwzoxa.exe C:\WINDOWS\system32\oluxkdcv.exe C:\WINDOWS\system32\ihytgjqv.exe C:\WINDOWS\system32\rabyxufs.exe Please upload these files to here . This will ensure they get tested and if malware get added to the data base for future removals. Uninstall the DAP download accelerator it's adware and there are others that are not. Now run HJT again in scan only and put a check next to the following and then click fix. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm <======= You have two instances in your log mark both. O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) Reboot Update your Adobe reader it's a known unsafe version. It's crucial you get those files listed scanned and uploaded to determine for sure they are malware. I'm fairly certain they are. Update MBAM and run a quick scan. Post that log and a new HJT log.

Your logs look clean. How are you running?

Hello vmobley and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 .

Please post in English what is being said.

Avira and MBAM play well together. Can you give more details? Has malware been found? Are you on a site that MBAM might be blocking stuff when this happens?

Dump AOHell. Why pay for two ISP's? AOL is a monster at control of all users, you have a bunch of crap on your PC that they put there and I knew if I had you remove it they would put it back or not let you connect until it was put back.

If you stopped getting help at the other forum then why are you telling me they think some file I have yet to see is a rootkit? If you don't like what your hearing, then maybe you should just move on. Because I won't work on a machine that is getting help at another forum. Period end of story. You disagree with everything I have told you so far, so I doubt your going to find anything here to your satisfaction. AVG is a horrid program that nearly stops IE from functioning now. It made the boot up so slow on a machine I am very familiar with and once I removed it, we have no problems. You might want to take a read through this forum and see just how many people find my attitude has saved them. Your attitude is one of someone who feels they are owed something. Your not.

Glad we could help. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

OK, but no one can help you unless you give some more details. I moved this to PC Help, since it's nothing to do with RR. When did the problem start specifically? What are the system specs? Have you got antivirus and malware protection? Have you used any antivirus or malware scanners? If so what were the results? Did you install new programs?

RR and MBAM are similar in the rogue apps removed, however MBAM has a much wider reaching database and will soon be something no one else has. RR doesn't address Vundo. MBAM does it's best to keep up with the ever evolving mutant strains of Vundo. No one product can keep you safe and no product will ever be fool proof. The best protection is a layered protection, and common sense. Below is the standard layers I use and recommend, all are free except the protection service in MBAM. WinPatrol does have a pro version that is well worth the one time price too. I do use the paid version of SiteHound also..but that is just because I do so much site investigation stuff, I want those tools. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Good malware/spy/adware scanners are MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP or Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.

Is there some reason you think RogueRemover is at fault? Are you using Rogue Remover? More details please.

1. Yes there is something wrong with getting help on two forums. And I told you what that was. Good chance of system damage and the helper has no idea what is being done at the other forum. Also believe it or not, your not the only person around needing help. Your taking the time of at least 2 people. 2. I did not take a snooty attitude. I told you how it's gonna be make your choice.

What are you saying? That this site is bad and a rogue perhaps? If so it is not a false positive it is rogue.

Tea Timer in SBS&D must be shut off until we are done. That is clearly stated in the preHJT post instructions. Turn it off, update MBAM, run a quick scan, post that log and a new HJT log please.

Your not following instructions. Post logs in the reply, not as an attachment and I asked for a new HJT log after you did the removal.

Well you pick one forum and stick with it, because I am not going to spend time trying to help when I have no idea what is being done at another forum. Systems get ruined that way.

The child porn is gone too? And how did you clean it? Is your PC still infected? Because you didn't have that clean either.

Customer service is a high priority here if you should ever need it.

217.171.129.69 and 195.93.21.7 are the IP's for the two posts here.

You better have got me something really nice.

Yup I do not like you, not after the banana split.

I think I might hate you. LOL