JeanInMontana

OK let's fix this line: O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47008E-3D23-4842-BEF5-3A651A331128}: NameServer = 85.255.114.21 85.255.112.190 Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

OK I don't know what these two items are: EPN werkboek-i chemie overal/vwo NG NT1 Sacrifice You are also running an old version of Spybot Search & Destroy. The current version is 1.5 you should update to that and update definitions and immunize. Let me know what those two items are. Otherwise I just don't see any malware.

Eeeek! You should never do what you did. You can destroy your system not knowing what is what. It does look like you got the malware but wow, what a risky way to go. Let's clean this line with HJT: O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing) Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Just a pup. Happy birthday Scotty & Bill.

Issues resolved topic closed. Do not apply the advice in this topic to your system. If you need help open a topic of your own and someone will be happy to help.

Topic closed due to no reply.

6 days no reply Marcin has saved the country. Topic will be closed.

Thank you Steven for you help. 10 days no reply I will close the topic.

What's going on? Are you abandoning the process?

5 days no reply topic will be closed.

5 days no reply the topic will be closed.

Hi nicko75 and welcome to Malwarebytes. You didn't take action when you scanned with AVG. Please disable TeaTimer in Spybot Search & Destroy for now and scan again with AVG, this time let the program remove what it finds. Get a free trial of RogueRemoverPro from the link in my signature and run a scan with it also. Post the new AVG log and a new HJT log back into your next post. AVG first then HJT.

Hi Boris and welcome to Malwarebytes. Please run HJT again and put a check next to the items below then click fix. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Policies\Explorer\Run: [1] mapdrive.bat If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Please do the following: 1. Open Hijackthis and select: Open the Misc Tools section. 2. Then choose: Open Uninstall Manager and click Save List. 3. Save the list to your computer. 4. Then copy the contents of the list back to your thread. In English please I don't read or speak Dutch.

I think we both may need that steak & salad. I don't recall off hand Killbox failing if the file actually existed. Can you navigate to the file a delete manually? Make sure the system is set to show hidden files and folder. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. I will seek advice from smarter people also.

Hi there Julian, and welcome to Malwarebytes. You should never follow advice given to someone else. These fixes are done for the system in question and using on another can cause serious damage. I need information about your system, please follow the intstructions below. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

OK your welcome. But there is a final step that must be done. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Yes these machines can do strange things to us. This is a stubborn one for every one. Let's do this. Get the program below and paste this file name into it C:\WINDOWS\system32\secuload.dll Author: Option^Explicit Download Location License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted. Post a new log and give me feedback on how your system is running...have a good lunch, you need your strength.

Are you able to get into your control panel now? I'm not seeing anything glaring in your log.

Hi Bo. and welcome to Malwarebytes. 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Well let's see what if anything this scan finds. Nothing is showing in your log. 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Your welcome Adam. I hope everything works out for the best and you have safe surfing. Prevention and education are key elements to staying away from this sort of trouble. Since this topic is resolved I will close it. The fixes and procedures in this topic are for this machine only. You should not apply them to another system. If you experience similar symptoms and need help open a topic of your own and someone will be happy to help.

Hi Ryan, I am not giving up. That's against policy. You gave me good information most likely by accident. Uninstall BitComet ASAP. Using P2P is very risky and most of the time not legal. Now let's try this. Be sure you have uninstalled BitComet and deleted all files associated with it. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post back the log from Smitfraud and a new HJT.

Ok Chris did you just install these programs? 2007-11-05 18:13 --------- d-----w C:\Program Files\PartyGaming 2007-11-05 18:12 --------- d-----w C:\Program Files\PokerStars Please uninstall if they are still present on your system. I would like to see a log from a Panda on line scan also. You never did run that. How is the machine running now? Also clean this up with HJT O21 - SSODL: bxsbang - {91830368-16EB-4EA3-A745-D88E72F87BAD} - C:\WINDOWS\bxsbang.dll (file missing)

Did you put a check next to the item in HJT and click fix? It's still in your log. I would like you to run the Panda scan with IE and post that log too please.