JeanInMontana

Nothing in the HJT log. Did you scan with it before or after the SF? HJT log is always last. Let's run one more tool just to be sure. I don't like leaving anything. Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow"> SDFix.exe and save it to your desktop. Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, the Advanced Options Menu should appear; * Select the first option, to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. * Finally copy and paste the contents of the results file Report.txt with a new HijackThis log Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

OK you are not following the initial instructions you need to turn off TeaTimer. This is a great tool but it can interfere with the procedures. Open SB S&D Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck 2. Leave 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Did you scan with SBS&D? I'm sure it will remove all those tracking cookies Panda finds. Be sure you disable TeaTimer before we move on. Please do another MBAM scan after you update. Make sure it is set to scan all of C . Post that log and a new HJT please.

No it does not mean your clean and with your added information my best advice is you reformat. Your system was part of a spambot net. That means you have a root kit allowing someone else to control the machine. There is no guarantee we can ever remove it without a reformat. You should notify all banks, credit cards any place with sensitive information and change all passwords. You may have had your identity stolen.

IPB has some nice features IMO. Don't hesitate to ask if you can't figure it out.

Hi Omega and welcome to Malwarebytes. Please follow the instructions in Pre HiJack This topic. Open a topic of your own and post the logs requested in the instructions. Someone will be happy to help you.

No don't get AVG. I use a prepared speech and somehow missed editing out AVG and replacing it with MBAM. Did you empty the quarantine on MBAM before the Panda scan? I need the HJT log too. Please.

Hi Jim. How are things running? O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background I should have had you remove that one too. sorry. Nothing is showing in the HJT log. But I would like your feedback.

OK since you can boot. We can do some analysis. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. Please run a full scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

Yes it looks like it is legit. I had found some instances where the file was bad with the same name. Malware does this, names itself after known good files. Please continue with the rest of my instructions.

Hi wontgo and welcome to Malwarebytes. Looks like MBAM has got quite a lot. But I need to see some more scan logs to be sure. Hi there, and welcome to Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. Please run a full scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures. I know you have already done some of this. This is my canned message so please just pick up where you stopped with the Panda scan and a HiJack This! log.

Studio look at your first post in this thread. You will see Options. Click on that, and choose track this topic. Do the same for any thread you want to follow. You can also change the look of the thread there and the order of the posts. Entire forums can be subscribed to with that same link. It's a drop down menu.

Hi Jerry. Yes, I agree if those working to fill the world with malware put that brain to work on something like AIDS or Cancer it would be nice. It's all about greed though. OK, still work to do. Please upload this file C:\WINDOWS\privacy_danger\index.htm to here . This will ensure it gets added to the data base for future removals. Now run HJT again in scan only and put a check next to O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm then click fix. Reboot and let's try SmitFraud again. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post the log from SmitFraud and a new HJT please. Tell me how things are running also.

Those two things MBAM is showing are temp files. We will do a cleanup of those. Please upload this file C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\devenv.exe to here . This will ensure it gets added to the data base for future removals. Please upload the file C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\devenv.exe to here and post the results in your next reply. We will make sure it is malware this way. Now let's sweep the mud out. Get the program here and scan with it remove what it finds. Now please get this tool. 1. Download this file : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Hi Bloodloss and welcome to Malwarebytes. Have you tried doing a system restore? Or repair install? I can't find the one file you mention in any searches are you sure it's spelled correctly? When you say you can't use the system at all, will it boot?

Several things were removed. Let's get a new scan with MBAM too be sure to update. HJT log please and how is the system running now?

I also see the update box as a flash. I actually thought it was a forum glitch [see admin topic] until I connected it today with update scheduled and flash on this site. The update box has been like this for me over many versions. I just assumed it was part of the overall speed of MBAM.

Due to lack of response this topic will be closed to prevent others from posting into it.

OK Jerry I will give it my best shot to do that for you. If you have sensitive data be sure you notify the proper entities. Delete the SmitFraud tool and all files associated please. You have a rogue malware program on your system. Please download RogueRemover update it and run a scan for both options, and immunize. Run HJT again in scan only and put a check next to these items and click fix: O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O20 - AppInit_DLLs: cru629.dat O20 - Winlogon Notify: pmnljhg - pmnljhg.dll (file missing) Now please get this tool: 1. Download this file : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Ooops yes click fix after you check mark those lines. Sorry

I aborted the install after getting the same error message as with 1.10. But, I have it set to update at 10 AM daily and it just did and I show the current version. I also have a quick scan scheduled for 10 AM and it didn't run. Malwarebytes' Anti-Malware 1.11 Database version: 599 Scan type: Quick Scan Objects scanned: 28338 Time elapsed: 4 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) <============= manual scan.

Hi there and welcome to Malwarebytes. This thread is for discussion of the newest version of MBAM. Weatherbug was once considered adware and I agree totally it's not something you want. I don't think any software targets it any longer as malware. I'm going to slide you over to the General Malwarebytes forum and we can go from there.

Hi StudioT and welcome to Malwarebytes. Look at your first post and the "options" box you will see "track this topic", for all topics you wish to recieve notices of new posts click this. In your "My Controls" [the link is at top of every page on the right] once your in your control panel on the left is a sidebar and a section titled: Subscriptions and a section for topics and forums. This site allows you to subscribe to topics and entire forums. I hope that answers your question and if not just let us know and we will have another go at it.

Yes you should probably follow the instructions here and start your own topic in that forum.

Hi again. You have more than one source of misery. Most likely bundled with the Winreanimator but we can't be sure. Run HJT again in scan only and put a check next to these lines. O2 - BHO: (no name) - {03B0CB02-BD15-4842-9E79-05D701FB6EE7} - (no file) O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O20 - AppInit_DLLs: cru629.dat Now please get this tool: 1. Download this file : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Hi jimnbarb and welcome to Malwarebytes. Please be sure you have your email settings inn your * My Controls* panel to notify you of replies. Always post the HJT log after any removal scans. I am going to delete this one now and please repost an new one after the Panda scan You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation. This is a rogue program C:\Program Files\WinReanimator\WinReanimator.exe <=========== Uninstall it please and upload the file to here http://uploads.malwarebytes.org/ IF Your running bit torrent software, very risky behavior, and a good chance this is part of your problems.