JeanInMontana

Well that makes two of us confused. AdvancedSetup is going to tackle this with you in your other thread. I'm convinced your infection free. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature. Since this topic has been resolved it will now be closed.. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

The list is your hosts file, I need to see everything but that. If you feel you can edit it out but leave everything else in the file go ahead and do that. If not then please post it using as many posts as it takes, and I will edit it once it's posted. We can remove these items with HJT O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\WINDOWS\wxdbpfvo.dll (file missing) Put a check next to them and click fix. I can't seem to find anything definitive about Absolute Poker how long have you had it? Please submit the .exe file to here and scan it at virustotal.com and post the report please.

The VirusIsolater stuff has been removed in part. I'm guessing you got a new version of the Vundo trojan. I have reported that it was not all removed and it can get added to the next update. This stuff mutates all the time into another form. We will try this tool to rid you of it. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post back the SmitFraud log and a new HJT log and we will see how it's going.

Please don't think I'm criticizing. It is FYI only. I just have noticed this and no one else seems to have the issue, and now it looks like a f/p too. I will follow your advice.

That post is my affiliates post to sell the program.

Looks like a rogue has got you. If you close the browser and other programs you don't need, the scan will go faster and that is the best way to do the HJT scan also when you get there.

There is an exclusion feature now. It's called the Ignore List.

Hi again. Get rid of Spyhunter is my advice, the makers walk a fine line between rogue and real. And do as you already are in the HJT forum.

I hear ya and saw your other topics. What is telling you this worm is present? Please just use the Add Reply button not the one with " Reply [ look down a bit]. It saves scroll time and these threads tend to get long.

No errors for MBAM. I checked settings and the scan box was unchecked. So I checked it again and set the times to something else and then reset to 10 AM today I got no update or scan. I did a manual update and the usual quick scan after. I was running Second Life during the scan and it is resource heavy, but I have done this before with a slightly longer scan time. Today, I actually closed out SL to get the scan finished. Malwarebytes' Anti-Malware 1.11 Database version: 720 Scan type: Quick Scan Objects scanned: 32403 Time elapsed: 34 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Spyware.OnlineGames) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ================================================================================ ==================================== Windows folder: C:\WINDOWS System folder: C:\WINDOWS\system32 Root drive: C: Program Files: C:\Program Files Common Files: C:\Program Files\Common Files Desktop: C:\WINDOWS\system32\config\systemprofile\Desktop Start Menu: C:\Documents and Settings\Administrator\Start Menu Start Menu: C:\Documents and Settings\All Users\Start Menu Start Menu: C:\Documents and Settings\Default User\Start Menu Start Menu: C:\Documents and Settings\Jean xxxx\Start Menu Start Menu: C:\Documents and Settings\All Users\Start Menu User Root: C:\WINDOWS\system32\config\systemprofile Favorite: C:\Documents and Settings\Administrator\Favorites Favorite: C:\Documents and Settings\All Users\Favorites Favorite: C:\Documents and Settings\Default User\Favorites Favorite: C:\Documents and Settings\Jean xxxx\Favorites Application Data: C:\Documents and Settings\Administrator\Application Data Application Data: C:\Documents and Settings\All Users\Application Data Application Data: C:\Documents and Settings\Default User\Application Data Application Data: C:\Documents and Settings\Jean xxx\Application Data Application Data: C:\Documents and Settings\LocalService\Application Data Application Data: C:\Documents and Settings\NetworkService\Application Data Application Data: C:\Documents and Settings\All Users\Application Data Quick Launch: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch Quick Launch: C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch Quick Launch: C:\Documents and Settings\Jean Dahl\Application Data\Microsoft\Internet Explorer\Quick Launch Temporary Folder: C:\DOCUME~1\Administrator\LOCALS~1\Temp Temporary Folder: C:\DOCUME~1\Default User\LOCALS~1\Temp Temporary Folder: C:\DOCUME~1\Jean xxxx\LOCALS~1\Temp Temporary Folder: C:\DOCUME~1\LocalService\LOCALS~1\Temp Temporary Folder: C:\DOCUME~1\NetworkService\LOCALS~1\Temp Temporary Folder: C:\WINDOWS\Temp I'm fairly sure I have no infection. The other thing is it didn't save the scan log in the program, and it didn't take anything to quarantine. I get no option to move to quarantine, only to remove. I don't get it. When I see the logs in the HJT forum all items are moved to quarantine. I also have it checked t auto save and show the log and that failed also. Do you think the program has been totally corrupted somehow and I just need to reinstall? I have only had bugs in the beta stages with MBAM I just don't know what's up now.

This is strange, the file is missing according to HJT. O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing) Put a check in the box next to it again and click fix. Run another scan only and if it's still there use this. Author: Option^Explicit Download Location License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted. C:\Program Files\McAfee\Common Framework\FrameworkService.exe <======= copy and paste that line into KillBox.

Open SB S&D Make sure you are in Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck 2. Leave 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. I do believe it. I see it all the time.

We do the best we can, it depends on what the scans show. Some things can only be cured with a reformat. Reformat is always the last resort.

Hi Chris and welcome to Malwarebytes. By on the level are you referring to the help you will get here? Why are you running the scans? The more information you give the better someone can help you.

Hi Maketa, let's get some logs to see what might be going on. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 .

I am always logged on and protection running. It doesn't scan though.

Hi, I stalked down the Fed-Ex guy yesterday and got the AC adapter. I don't know why you can' t get rid of those. If the program is uninstalled, and not running they should be easy. Maybe ask AdvancedSetUp in your other topic.

Good to have you back.

Auto update was working fine.

Hi and welcome Ellen!!

Try using HJT to remove them. I missed the one line 023. I don't know why you can't get proper permissions, to remove the folders. Strange. My AC adapter fried on my laptop yesterday, so I have no internet access except when I'm at work. I have the part ordered, but may not get it until Friday or later. I will be sure to check on you then.

Hope your having a great day Bobby.

Hi again. Delete Vundofix. Never run these sorts of tools unless you are asked, it is dangerous to your system. Your log is looking good AVG must have got it yesterday. O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey <====== That is a remainder from McAfee You can remove it using HJT and look for the program file and delete it. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.

I just ran CCleaner the other day, it is not Vista. This s something that quit with 1.11. The auto update did work, as far as the window opening, but I wasn't sure whether or not there had been another DB update after that and when I did a manual update. This time I am sure there was no update or auto scan as it should.

Auto update failed today completely. Scan times have also increased by a minute plus.