JeanInMontana

Hi again. I see your running two drives with program file folders? D:\Program Files\HiJackThis.exe And you have them on C also. We need to be scanning from the C folder with HJT. Please move it to there. Update MBAM run a quick scan, post that log and a new HJT. Thanks. Give me feed back on your system performance now too.

One needs to go through Donna's testing carefully. There are several errors and issues that have been addressed in her results. Using both programs is recommended by Malwarebytes.

It's great you brought this to us. It's been an interesting thread and we have all learned from it. Secunia is good I agree, all scanners have the ability to come up with erred results. In this case it was not, we got a good explanation as to why there was the message and it will go away soon.

The user has already said they can't boot period. Please do not give instructions on this forum.

My bad, 2000 doesn't have a System Restore. I would stick with Avast vs AVG! Avast is a far superior program in every way. If you don't like Avast for some reason then give Avira a try. Yes install that list of software for prevention. Also keep SBS&D and always immunize when you update it, with all programs be sure to update before scans. Make sure your Windows is up to date. MBAM is way outdated current definition version is 920, you must always update before the scan. For the dreaded Symantec see here http://service1.symantec.com/Support/tsgen...005033108162039 That should find the leftovers and remove them. Make sure SiteHound is compatable for 2000, I am sure the others are, but your getting pretty dated with that system.

Due to lack of response from the user, I will close the thread to prevent others from posting into it. Many thanks to 1972vet for your assistance. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

To the future posters, this is a serious position, asking a simple question for those that may possess the skills required. If you think you might have those skills do as requested in the initial post. If you don't have those skills, simply have a nice day.

Hi Mike and welcome to Malwarebytes. This is not a religious or political forum. This is a forum dedicated to PC issues, research, development of softwares and elimination of malwares. Please keep your posts to those topics.

hmmm seems odd. Will be interesting to see what someone that knows what is used has to say. LOL I am NOT one of the programmers, seems strange to me a new program like MBAM would have outdated stuff.

Hi Sparkchaser87 and welcome to Malwarebytes. Keep this machine offline as much as possible. Your rooted and it's being controlled by someone else. Notify all banks, credit cards, any place where your identity is in danger, change those passwords, but do not log on from this machine. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. I need you to find the files below for me. Drag them into a folder you name Sparkchaser, zip the folder by right clicking it and choosing Send to zipped folder . Now upload it to here http://uploads.malwarebytes.org/ please. If they are files larger than 2MB each then zip each one separately and name them with your name and number 1,2,3. C:\ Windows\ System32\ 321102.exe C:\ Windows\System32\ JAguAr.exe C:\Windows\ System32\ init32.exe[ C:\WINDOWS\system32\google.exe Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. [*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R3 - URLSearchHook: (no name) - {0A37A66B-0DCD-F2EE-A257-3B8EDCE65FAD} - driver64.dll (file missing) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [jopplerg] ms-its.exe O4 - HKLM\..\Run: [10010] Uint32.exe O4 - HKLM\..\Run: [gogle] C:\WINDOWS\system32\google.exe O4 - HKCU\..\Run: [spyElim] 321102.exe O4 - HKCU\..\Run: [media64] JAguAr.exe O4 - HKCU\..\Run: [Preliminary] init32.exe Click on Fix Checked when finished and exit HijackThis. [*]Reboot into Safe Mode:begin tapping the F8 key as soon as you reboot. Your screen will be all black and the mouse won't work. This is normal. Use the up/down keys to navigate to the option Safe Mode and hit the enter key. Using Windows Explorer, locate the following files/folders, and delete them: R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html R3 - URLSearchHook: (no name) - {0A37A66B-0DCD-F2EE-A257-3B8EDCE65FAD} - driver64.dll (file missing) SOUNDMAN.EXE ms-its.exe Uint32.exe C:\WINDOWS\system32\google.exe 321102.exe JAguAr.exe init32.exe Exit Explorer, and reboot as normal afterward. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot. Post back a fresh HijackThis log and we will take another look.

It will be interesting to see how a compression of files can be a security risk. Did Secunia describe what the file was?

I think we have beat it Beau! Couple things im seeing now. First, you can't run two active antivirus. You show Symantec installer and Avast as active. O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab <===This line remove with HJT. And make sure you are not running both programs. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 <=== Remove also. C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe <====== Make sure this version of Java is uninstalled, and all program files associated deleted. The current version is 1.6.06 or update 06 of version 1.6, check it out to be sure and other software your running. Run the Secunia Online Software Inspector to make sure that your system is up-to-date: http://secunia.com/software_inspector/ Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

How did you bump into it? What security reasons would prevent sending the file? Here is another name for the malware you mention http://www.threatexpert.com/reports.aspx?f...stealer.Yahmali It just depends on what program says it's finding the malware what name might be applied. Details about your encounter would be helpful.

When you see it, be sure to note the url of the page you see it on. Then let us know. I'm thinking it's still infection but very strange.

I see some specialized tools on your system. Deckard and OT Move-It. Are you getting help at another forum? Have you used them? Please locate the following files and put them into a zip folder and upload to here http://uploads.malwarebytes.org/ C:\WINDOWS\system32\Erasext.dll C:\WINDOWS\system32\drivers\tvichw32.sys C:\Program Files\Common Files\Filseclab C:\Documents and Settings\Administrator.SLOWJOE3 C:\Documents and Settings\norman ishmael\Application Data\Spycar C:\Program Files\Tracker Software C:\Program Files\KellySoftware If you can get an ESET scan yes do it. You have the Panda scan on your system but I suspect the malware is preventing it.

Huh? Do you mean the malware problem? Or some other problem? Your forum is very slow to load but I didn't get any icon. What new software did you install? Have you updated MBAM and ran another scan?

Yay!!! Got it this time. So how are things running? Run HJT again in scan only mode and put a check next to these items, then click fix. O16 - DPF: {6D251D8B-FD68-4BA2-83D5-1A0A245830C3} (alaWeb.clsSolutionCenter) - file://C:\win2000\CONTENT\cabs\alaWeb.CAB O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/i...ViewerSetup.cab O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} (Vault Files Downloader) - http://vault.alamode.com/cab/vfd.cab O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://C:\win2000\CONTENT\cabs\alaGrid.CAB O16 - DPF: {2C15848B-21C0-406A-9902-56C8D90684F3} (alaWeb.clsGetStats) - file://C:\win2000\CONTENT\cabs\alaWeb.CAB You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation. Let's do another quick scan with an updated MBAM. Post that log and a new HJT. Be sure to let me know how your running.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Hi there normanishmael and welcome to Malwarebytes. It's the malware locking up the online scans. Yes ESET creates a log that's why we have it as an alternative. Review this article here how to use ComboFix Be sure you cover the section on How to install and use the Windows XP Recovery Console and make sure it is installed on your machine. This is important should anything go wrong and we need to recover your PC and not lose all the data. 1. Download this file : http://download.bleepingcomputer.com/sUBs/ComboFix.exe save it to your desktop. 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

You fixed things? Not a good plan Trish. Very likely you have done serious system damage. Nothing you deleted is malware. What made you think you should delete them? What previous scan? HJT does not automatically identify malware, it allows us to see locations know to be where malware installs to. Never should you randomly delete entries. O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm <====== That is a bad entry. At this point, I am reluctant to continue since I have no idea what you have actually done. System Restore may be an option for you. Try and restore to a point before you became infected.

Well it looks like a clock. Please post the URL's of the sites you get this on.

How do you want it killed? Kill box, delete on reboot? Also don't you think the scan time for a full scan is too fast? I keep asking for quick scan but the log shows full evey time but under 10 minuts.

I didn't notice it at all until I had updated today and yes it was from It-Mate server. I can't seem to keep it on Malwarebytes.or for the location to update from it always goes to either It-Mate or Malware support. I installed from Major Geeks. LOL WoW I just did an update and did it from MWB and it's fixed!

Well nothing really new there. Few things we can clean up but if your running good, eventually the line we can't get will go away is what I was told. O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) Go ahead and hit that 024 line again too. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.