JeanInMontana

I need a HJT log too please.

Hi there smokenfog, and welcome to Malwarebytes. Never follow advice given to someone else. The fixes you read are for that machine only. It may not be what is your problem. Please delete all special fixes you have and their files. I see you had vundo fix backups with in a month. Did you run this fix recently? If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi there Chipper0483, and welcome to Malwarebytes. Please uninstall the version of HiJack This you have and follow the directions below carefully and completely. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Make sure you have gone through the tutorial for Panda scan and try again to get a scan. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Then do this .... Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Please post Smitfraud log, Panda log and HJT log. Make sure HJT is the last log you post please.

You may have to run the Combofix first to gain back Administer rights.

Turn off TeaTimer in Spybot Search & Destroy until we are done cleaning. Then get Windows update SP1 don't get SP2 yet...but you must get SP1 before we go on. Then get this please: 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

You posted a log from Smitfraud run in October Delete those old logs...delete any old programs you have from the first time you were here except HJT and run the Smitfraud scan again please. Do not leave the PC connected to the net unattended.

OK again....you must turn off TeaTimer in Spybot Search & Destroy. It will interfere with removal. Look in Add/Remove programs for FunWeb or anything with SBSoft in the name and uninstall it. Then run another ComboFix scan and post that log.

Adobe is still outdated according to your HJT log, and that should be posted last. I need to see that log after what ever other fix is done. You most likely got in them mess from using Flashget or Azerous. Flashget is known to install adware when you install it. I see that one file is still in the HJT but I dont know when you ran that scan. If the times are correct it was after the CF so you still have a bad file Please do this: Author: Option^Explicit Download Location License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted. Put this file name in C:\Documents and Settings\All Users\Application Data\bash army tool 01\File bleh.exe Also put a check next to these in HJT: O4 - HKLM\..\Run: [tool 01 warn info] C:\Documents and Settings\All Users\Application Data\bash army tool 01\File bleh.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background Reboot and post a new log.

My eyes do cross...they are older eyes and need bifocals. B) I miss stuff too, I'm not perfect. I give it my best shot because I truly believe we all should try to make the world a better place and ridding PC's of infection is one way I can contribute, for no out of pocket expense. I'm not seeing anything in your log other than some general clean up. R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.stopzilla.com/director/?type=AP...&topic=5055 <<<<< Do you really want that as your homepage? If not put a check in HJT and click fix. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) <<<<<< Just clean up. If your feeling we have finally whipped this...... Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Hi there struggling. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi there mehdi, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi there n1ck4lyf, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Yes you are still infected. Uninstall the Ares Lite. Run HJT and put a check next to the items below then click fix. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h O21 - SSODL: sapnet - {B8EA3E82-23FD-41D5-A3F1-76DD766690B4} - C:\WINDOWS\sapnet.dll O21 - SSODL: rmvgor - {3F194DDB-D59E-49E4-A746-766DA4A2D991} - C:\WINDOWS\rmvgor.dll Now follow the instructions for Smitfraud again. Don't use any program you might still have delete it and download a new version. Post the log from it and a new HJT please.

How are you running now? You have a ton of stuff running at start up that are not needed and going to have a drastic effect on performance. You might want to get the free program we have here called StartUp Lite and let it shut some down for you.

OK still work to do. Run HJT and put a check next to these and fix. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [skip drive] C:\DOCUME~1\rishi\APPLIC~1\ACTIVE~1\16 COMP BOWS.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nveockqf.exe (file missing) O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing) O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing) Get rid of anything you know that is associated with the Yazzle ActiveX install you did. I suggest you get rid of FlashGet also. Your Adobe Reader and Java are both outdated and a security risk...please update both. You need to uninstallJava via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation. Adobe is via the program I think or a Google search, the current version is 8. I'm still suspicious so lets run this. 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

I know how you feel Ryan. But I need a HJT log in regular mode not safe. Safe mode doesn't show all programs. What is telling you something is not a virus? What was it then? I need to know these things.

We made some progress, still more work to do. I need to see all logs after any action requested has been done. That is how I see what was removed and what is left to do. Please scan this file C:\Documents and Settings\All Users\Application Data\bash army tool 01\File bleh.exe at Virustotal.com and post the results of that scan. Run HJT again and put a check next to everything below and click fix. R3 - URLSearchHook: (no name) - {132D477C-8AE0-AA33-98A8-F08AAFA0FB9E} - (no file) O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: (no name) - {5BDD2F7C-BBB7-CD39-C9CC-96FC58FFBBCD} - (no file) O2 - BHO: (no name) - {5FA68688-BE83-4914-BBDF-4DE55790F9D2} - (no file) O2 - BHO: (no name) - {70F7F936-ADDA-4515-9C34-0C86BAB34951} - C:\WINDOWS\system32\mljji.dll (file missing) O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Policies\Explorer\Run: [{F8F29F58-07D9-1033-0623-050614200001}] C:\Program Files\Common Files\{F8F29F58-07D9-1033-0623-050614200001}\Update.exe mc-110-12-0001411 O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{F8F29F58-0898-1033-0623-050614200001}] C:\Program Files\Common Files\{F8F29F58-0898-1033-0623-050614200001}\Update.exe mc-110-12-0001411 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{F8F29F58-0898-1033-0623-050614200001}] C:\Program Files\Common Files\{F8F29F58-0898-1033-0623-050614200001}\Update.exe mc-110-12-0001411 (User 'Default user') O20 - Winlogon Notify: nnnopom - C:\WINDOWS\ O20 - Winlogon Notify: vtutqnn - C:\WINDOWS\ O20 - Winlogon Notify: winvdb32 - winvdb32.dll (file missing) Then get this and follow directions carefully Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post this log and a new HJT too.

Never use special fixes like Vundo fix without someone helping you that understands how the program is to be used. Please delete the program and run another Panda scan. Be sure you remove what Panda finds. Post that log please and a new HJT also.

Well, sorry to see you back. I see no evidence of a firewall or antivirus not good. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

OK from what I find about veoh is that it is a resource hog and will slow your PC. Fun web is adware and should be removed also. You didn't take action with AVG at all. Run HJT and put a check next to these items: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll Reboot and post a new log. I would recommend get rid of Limewire also. P2P is very dangerous and often illegal.

OK please get a trial version of RogueRemover Pro from the link in my signature and update then run a complete scan with it removing all it finds. Also use the immunize feature. Then please get this program. Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Follow those directions carefully and post the results and a new HJT log.

Hi there. You didn't take action with AVG. Please scan again and make sure you remove what it finds. Post that log. Then follow these directions: Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Post this log and run another scan with HJT and post that log.

Please read and follow directions carefully. Run the scan and remove all items then post one HJT log. You still didn't remove some items with AVG. And I can't tell when you actually did the HJT scan. So please delete the quarantine folder in AVG and scan again with AVG, remove everything found. Post that log and a HJT log after taking all actions with AVG.

It's gone. How are you running? Just to be sure reboot and post a new HJT log. I think we might have beat this @!%& .