JeanInMontana

There isn't much you can do about it. Svchost.exe is a needed Windows file, the one showing in the log is not. It is very likely something is hiding, that's why we tell people the only sure way to be rid of a root kit is reformat. These things are constantly being rewritten to escape detection. It's not good this particular file can't be found. It is there because it shows in the log, or possibly it was removed. But again, there is no way of knowing. I'm sorry I can't give you the answer you want to hear.

Due to no response the topic will be closed. The fixes in this topic are for this system only. For assistance open your own topic and someone will be happy to assist you.

Since this issue has been resolved I will close the topic. The fixes in this topic were for this system only and should not be applied to any other. For assistance please open your own topic and someone will be happy to assist you.

Thank you SirJon for your assistance. Due to no reply I will close the topic to prevent others from posting into it. The fixes in this topic are for this system only. Do not apply to any other. For assistance please open a new topic and someone will be happy to help.

Hello and welcome to MalwarebytesPlease follow these basic steps first before posting any logs.First, update your current Anti-Virus to the latest definitions and then perform a Full scan of your system.If you don't currently have Anti-Virus please download and install Avira AntiVir Personal - FREE AntivirusThen update to the latest definitions and perform a Full scan of your system.Second, Our program, Malwarebytes' Anti-Malware can detect and remove most Malware with no further actions required for free.Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish.[*]If an update is found, it will download and install the latest version.[*]Once the program has loaded, select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.We hope our application has helped you eradicate this malicious Malware. If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection.If you're still experiencing issues after running the above procedures then please follow the instructions below.Print these instructions for easier reading and access during this process.Set your email to receive replies to your posts and ensure that you are allowing email from Malwarebytes.org This is how you will know someone has answered your posts and you should then return and read and follow their instructions. Scan and Log Procedures[*]Please download this program Trend Microhttp://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe'>

Hi there gregora, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi there Quantumfox, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi there Kenny, and welcome to Malwarebytes. Run HJT and put a check next to the items below and click fix. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please. Also a new HJT. You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Use IE for Panda, not Firefox. Make sure it is in your trusted zones and allow the active x install. Run HJT again and put a check next to this item and click fix. O20 - AppInit_DLLs: secuload.dll 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Hi Chris, we still have work to do. Please run HJT again and put a check next to the following items and click fix. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O21 - SSODL: bxsbang - {687F46AC-C1B3-408E-8AF0-2D314D90BA07} - C:\WINDOWS\bxsbang.dll Please also get this program: 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply. Note: Do not mouseclick combofix's window while its running. That may cause it to stall You have two seriously outdated programs that are known security risks. Adobe Acrobat Reader should be version 8 and Java should be 1.6 update 3 Please uninstall the old versions of those programs, delete all program files and install the newest version. ttp://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.

Hi Davis and welcome to Malwarebytes. That great list is available in either version of RogueRemover.

Hi there Ryan, and welcome to Malwarebytes. I removed the partial HJT log you posted. The log was missing vital components, please be sure to copy and past the entire log into your replies. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Yes, put a check next to the items and click fix. Sorry for not being more clear. Gamespy has been (and maybe still is) a security risk and venue for infection. It is also listed by at least one security related site as leaving spyware files. http://www.spywaredata.com/spyware/threat_...ings/result.php http://www.packetstormsecurity.com/0512-exploits/index2.html /// File Name: GameFlyXSS.txt Description: GameFly, the popular online video game rental service, suffers from a cross site scripting flaw. Author: Matthew Benenati File Size: 417 Last Modified: Dec 3 06:25:45 2005 MD5 Checksum: fd363324b7ba22cd1ed151f9e8b1cda4 The flaw is a couple year old so maybe it's been fixed. If they do things like Microsoft don't count on it. No do not delete the file you see. Your seeing a legit Windows file. Your not seeing the malware, that's how these things work. It shows in the special tool but can be seen with the "naked" eye so to speak. We have a tool for this situation. Author: Option^Explicit Download Location License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted. I recommend copy and paste C:\WINDOWS\System32\drivers\svchost.exe you can't make a typo this way. Do this and post a new HJT log please.

You should follow the instructions, to be sure you have indeed fixed the problem(s).

Your confusing disk space and memory. They are not the same. The memory is at a minimum but has nothing to do with how much space is on your hard drive. The missing file message is for MS Works Update. I personally would not use Trend Micro nor Office. ; ) I use Open Office a free program that uses a fraction of the disk space and doesn't try to start with every boot. You can eliminate much of the boot time by not allowing some of that crap to start. Get the free program we have here Called Start Up Lite and let it eliminate any items it finds. The programs won't be uninstalled, only stopped from starting with boot. Then run a disk error check, followed by a registry cleaner like EasyCleaner (don't use the duplicate file finder feature). Then run disk defragment. Those things should help performance.

There is a file there because it shows in your log. Do you have your system set to show hidden files and folders? Run HJT again and put a check next to these: O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background I'm not finding much good about GameSpy either. My advice is get rid of it and the Azerous. P2P is dangerous behavior.

Hi there mrhorus87, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

How is the PC running? Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

OK we need to get some things still. C:\WINDOWS\System32\drivers\svchost.exe <===== Delete that file Run HJT again and put a check next to these items below: O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" Uninstall Groove Monitor not Office but this part of it. Then please run another ComboFix scan and post that log and a new HJT. I can't guarantee we will get it all, as I have said before, I'm giving it my best shot but all people that do this type of work will tell you the same thing. The only sure way to be rid of a root kit is to reformat. 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Chris your not running Smitfraud in safe mode. You have to follow the instructions exactly as they are written for the fix. To boot to safe mode begin tapping the F8 key as soon as you restart the PC and follow the prompts to boot to XP safe mode. Please run Smitfraud again in Safe Mode and post the log and a new HJT also.

Yes delete those lines with HJT and run CCleaner and delete all it finds. Scan again with AVG and be sure you remove what it finds.

Your log looks clean. You do have an outdated version of Adobe Reader and you need to update it to avoid exploit. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Welcome to Malwarebytes! Ask questions, and read up. Get involved.

OK please run HJT and put a check next to these items below: O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O21 - SSODL: bxsbang - {F4768BAB-F2E0-4107-8B3D-4AEEC5891A10} - C:\WINDOWS\bxsbang.dll O21 - SSODL: ocgrep - {FB107018-1C90-42A5-ADDE-A6459FAD8E0F} - C:\WINDOWS\ocgrep.dll Then let's run Smitfraud again. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post the Smitfraud log and a new HJT log.