JeanInMontana

You should get rid of all programs and files associated with them. I would need a new HJT log after this long to see if your clean.

Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow"> SDFix.exe * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum. Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

Please follow the instructions carefully. You didn't delete Smitfraud before running the Panda scan. I did not ask for a CCleaner log. So please delete Smitfraud, run Panda post that log and a HJT log.

AVG Anti-Spyware Settings Select the "Scanner" icon at the top of the screen, then select the "Settings" tab. In the Settings screen click "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" DE-Select "Only if threats were found" IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan" AVG Anti-Spyware will now begin the scanning process. Be patient as this may take a little time. While scanning, AVG will list any infections found on the left side. When the scan is completed, the recommended action should be set to Quarantine. If not, click Recommended Action and set it there. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Close AVG Anti-Spyware. For the Panda log see the tutorial.

Look in Add/Remove programs Windows Components. Or the Windows folder on your HD, mine is also listed in the Start menu. Do a reinstall of it and make sure you add a desktop icon if that's what it takes to find it. I am laying low with a bug so, sorry for the late response. Feel like crap.

Must be first time beta testing. That is what it's all about. B)

Hi Sparx and welcome to Malwarebytes. Please get rid of the Beta version of HiJack This you are running and follow the directions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

Sorry, sometimes they all start to look alike. Anyway, what I said about the back door is true regardless. We can attempt cleaning, but there is no guarantees, and the system and all confidential information has been compromised. Let me know your decision and whether or not we proceed.

OK your log shows clearly that you do have IE and the most current version. Now please go through the tutorial on how to run a Panda scan and post that log.

Hi I need the logs posted here in this forum, not what you saw listed but the entire log. I don't do them via email;I don't know how you got my email address. It is supposed to be hidden.

So how do you do Windows Updates? You have to have IE for that. Are you going to say you haven't done an update for 4 years? I need to see all the logs you can post or we can't do much. HiJack This Log. You were/are infected. AVG got some but I would bet there is more.

If it's in the chest, then send it to be scanned. The chest is where you will find it.

Congratulations to everyone in the trenches!! Great voting and reviews.

Huge thanks to TeMerc for stepping in here. It is greatly appreciated and welcome anytime. The fixes used in this topic are for this machine only and should not be applied to yours. If you need assistance open your own topic and someone will be happy to help.

OK... your using vague terms. I can't give you any intelligent answer. Exact messages with exact trojan names is what I need to see. Let's do this. Get this http://www.ccleaner.com/download run a scan and cleanup everything it finds as garbage. Be sure you have deleted all the fixes we used. Vundo, SdFix, Combofix etc and run another Panda scan and post that log.

C:\windows\winstart.bat scan that file.

B) No, but I did see that feature. I know I missed the last version entirely, and I suppose this is my punishment. But please Massah Marcin, I been so busy in your HJT forum, and other stuff.

Installed and updated to DB 219 ran a quick scan and was pleased to see Anitvir updates were not flagged as malware!! Yeah!! I did deny start at boot up and constant monitor. Is this going to be a problem for the program? I just didn't want the added services running etc.

Hi there Colgrove, and welcome to Malwarebytes. I have split your post into it's own topic so you can get help. Please follow the directions below. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

I will close this topic due to lack of reply. The advice in this topic is for this system only applying to any other system can result in disaster.

OK... if I remember right, we discussed you having been infected by a back door trojan and no guarantee of cleaning it. Also that you have possibly been victimized by identity theft. The same holds for this account. The same infections are presenting. So what this means is you have never really been clean, if you want to continue we can but I really think you should reformat this machine.

LOL thanks. I am not even among the best there are doing this. I give it my best. You use Windows Explorer to navigate to the file and delete it, then empty your recycle bin also.

Vundo did find things and remove them. More than once from the logs you posted before, I asked for the log from the new download and new scan. I would like to see that. Run HJT and put a check next to these items and click fix. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {9fe3446d-fc2d-4909-fea4-8082d63d73aa} - {aa37d36d-2808-4aef-9094-d2cfd6443ef9} - C:\WINDOWS\system32\xuhcwyww.dll Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow"> SDFix.exe * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum. Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please. Also the information you got on the other forum is true and valid. Your system was compromised completely. There is no guarantee we will ever get all of it cleaned out and your personal information should be changed for any sensitive sites.

Ahhh the nasties are getting weak.... muaaahhhh OK find this file and delete: c:\windows\system32\bbchk.exe Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow"> SDFix.exe * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum. Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

Wow, this is amazing. I have had two people from Montana join my website this past week. I can count the people from here I know on the WWW on my fingers. I'm in Livingston. Good you have your router password protected I hope? Thief is the nicest word for those that steal bandwidth. Now AVG removed 6 trojans, that is good (that they are gone). Let's see what Panda finds and a HJT log also.