JeanInMontana

You need to turn off the TeaTimer in SBS&D, it will prevent removal of some of the malware. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Now please scan a quick scan with MBAM again and post that log, and a new HJT log.

In addition to following the instructions here instructions here then post a log here . What email support were you trying to use?

It is piggy backing but this is most excellent info on how to kill that service. Thanks!!

Where did you download it from? We don't have nag screens and removal is free. Please post a log.

Your running HJT from temp files. You must install it to C:\Program Files as you were initially instructed to do. Please do this, update MBAM run a quick scan, post that log and a new HJT log.

OK, I might not get back to you until morning, I need to do other stuff.

It's so ironic a program supposed to remove and prevent malware is worse to remove than some malware. To remove the junk left by Symantec/Norton go here find the version you have installed and get the tool to remove. The Norton Removal Tool uninstalls all Norton 2009/2008/2007/2006/2005/2004/2003 products, Norton 360 and Norton SystemWorks 12.0 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

You didn't update MBAM, you must update MBAM before every scan. The program, updates many times a day and adds new things to remove. Please update MBAM and post that log and a new HJT log.

Hi Josh and welcome to Malwarebytes. Please always run scans in normal boot unless asked to do otherwise. Update MBAM, run a quick scan post that log and a new HJT log.

OK, no you don't need two hosts files. Don't try to access sites SBS&D is blocking! I removed that link it's a malicious site and that's why it's immunizing you against it. What does immunization do as in your flu shot, your measles shot etc? It prevents. That's the same with these tools. Secondly, understand the hosts file. It is a site blocking tool, so is the immunize feature in SBS&D, so when anything asks to allow a change from SBS&D, allow. In OnlineArmor, green is not bad. LOL it is confusing, I had to open mine and test it. The green stuff is the hosts file, OA protects it from change and this is why it flagged SBS&D for you to allow or not allow. Does that make sense? It's not as hard as it might sound, you need to pay attention to what is asking to change the host, if it's a trusted program, allow it. Which is another feature of OA, the program guard, you can configure it to allow some programs to have more freedom than others. The OnlineArmor forums are great at customer service too, if you ever have specific issues. Have you ran an MBAM scan? Is it clean?

Hi there rsvette12, and welcome to Malwarebytes. Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

You would probably be OK with the Vista firewall, it is fairly effective. Common sense and prevention are the best tools.

No one has got to the file yet, so I don't know if we should remove it. I put a bug in a researcher's ear and soon as I know something, I'll let you know.

Did you run HJT after MBAM? This is crucial and please always post both at once. Please update MBAM and run a quick scan, post that log and a new HJT log too.

MBAM updates sometimes 10 or more times a day. Please follow all instructions, I need the HJT log. Please get HiJack This! install it to C:\Program Files Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment

Hi and welcome to Malwarebytes. Spybot Search & Destroy is not malware, is that what you mean by SBS&D? Update MBAM and run a quick scan again post that log and then, please get HiJack This! install it to C:\Program Files Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment

Oh I didn't think of that. Sorry. Nothing runs on 64 bit, or very little. I don't now off hand no. Be sure you have the Windows firewall enabled. Try a MajorGeeks, search for 64 bit firewall see if you get anything. You may have to just go with the Windows one.

Yeah, looks like we are getting there. Please find this file C:\WINDOWS\system32\userinit.exe,iyywfnl.exe, and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please. I need that analyzed before we go on.

Looking pretty good. Please run HJT in scan only put a check next to the items below and click fix. O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O20 - AppInit_DLLs: karna.dat O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing) Reboot, update MBAM and run a quick scan. Post that log and a new HJT log please.

If I was you I would tell your boyfriend to buy his own machine to infect. No C:\Documents and Settings\Person\Desktop\WebfettiSetup2.3.50.21.ZKfox000.exe ^ <=======delete that file No C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll ^ <======= I would get rid of that too. I don't understand why it's not showing in the HJT log. Update MBAM and scan again, post that log and a new HJT please.

You double posted and I suggest you post in the PC Help forum, as this is not an MBAM issue but someone might be able to help you there.

Neither MBAM or SAS are firewalls. What is telling you it's a firewall issue? Allow the connection in AVG settings.

OK, please run HJT in scan only and put a check next to the following, and click fix. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {04A8A82F-95A3-4E1E-9AA4-3319C24DF4E2} - C:\WINDOWS\system32\cbtwnjrc.dll (file missing) O2 - BHO: (no name) - {05E6F45E-0E39-4428-A643-AB44BCD4ABC8} - C:\WINDOWS\system32\khfdEVol.dll (file missing) O2 - BHO: (no name) - {501AE01B-E4D6-425C-8C90-B0C47BCC187D} - C:\WINDOWS\system32\adpti.dll (file missing) O2 - BHO: (no name) - {C3A93E06-442E-4667-A036-B561C1803BF4} - C:\WINDOWS\system32\nnnmlICS.dll (file missing) O20 - Winlogon Notify: jkkJabYr - jkkJabYr.dll (file missing) O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing) O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) Reboot to normal mode. Update MBAM, yes Update MBAM, really update MBAM run a quick scan, post that log and a new HJT please.

Hi hartless and welcome to Malwarebytes. Please update MBAM and run a quick scan, post that log and a log from this program. Please get HiJack This! install it to C:\Program Files Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment