JeanInMontana

It is bad and your system was loaded with bad files. I'm getting a second opinion, but as I said before no guarantee you are safe.

Hi there, and welcome to Malwarebytes. Your system is seriously in need of updates to the OS. However, we can't do them until you are free of malware. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. Do not enable TeaTimer at this time. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please and a new HJT log. You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi still work to do. R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb2.dll O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll O4 - HKLM\..\Run: [zcdmpiv] C:\WINDOWS\zcdmpiv.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE Also uninstall the program WildTangent. Get this program and run it http://www.malwarebytes.org/forums/index.p...ic=2868&hl= Let it remove everything. Reboot and post a new HJT log. Let me know how things are running too.

Yes always remove what a scanner finds. Those instructions were in my initial post. Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-2800008515-2036834628-2616585276-1003\Dc594.exe[sDFix\apps\Process.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-2800008515-2036834628-2616585276-1003\Dc595.exe[ComboFixT\nircmd.cfexe] Those lines above are evidence of special fixes that have been on the system at some time. Nothing I requested. They show as being in the Recycle Bin. I would need a new HJT log to declare you clean there. But I'm thinking you probably have something hardware related causing you problems or the use of the special fixes took out something and did damage. I will give a HJT log another look then if clean it's back to the regular forum for general PC help and more people may have a fix.

OK Chris still work to do. You need to turn off the TeaTimer feature in Sbybot Search & Destroy, so it doesn't interfere with the fixes. Did you run Smitfraud before the HJT log? To turn off TeaTimer open Spybot S&D and under Mode go to Advanced. Then under tools, go to Resident and uncheck the box next to TeaTimer. You will need to uninstall the two poker programs PokerStars & PartyPoker. Make sure you disable TeaTimer. Let's try this tool to get the Zlob. 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Be sure the Combofix is run before another HJT. Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Hi Highroller, OK we have confirmed infection of a backdoor trojan. I must tell you all your confidential information has been potentially compromised. You need to notify banking, credit cards and change all passwords immediately. We may be able to completely remove the trojan but there is only one way to be completely sure and that is to reformat. If you wish to procede do this: 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Hi there, and welcome to Malwarebytes and unfortunately the world of malware. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature, but do not enable TeaTimer at this time. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

You need to not have TeaTimer running in Spybot Search & Destroy. Did you try scanning in safe mode? To boot to safe mode as soon as you start the PC begin tapping the F8 key and follow the prompts to boot to safe mode with no network connection. Then try to scan with AVG and save a log. Make sure you take action on anything and everything found. Again I would like to know what is telling you there is an infection? Did you try removing it?

No you have not followed instructions and you have not solved all problems. I need the log from Panda scan and you need to run the Smitfraud fix. Then post that log also, after Panda and Smitfraud have been run and the logs posted another HJT log is also needed.

Closing due to no reply.

These items that were ignored before with AVG should be removed. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP384\A0029659.exe -> Adware.180Solutions : Ignored. C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP384\A0029660.dll -> Adware.Zango : Ignored. Scan again and remove them. From what I see you ran nearly every special fix tool around. This is very dangerous to do. What symptoms are you still having?

Hello Highroller and welcome to Malwarebytes. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Now please do this: Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post the results of the Smitfraud as a reply. Then also please go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post that log for me and a new HJT log also. We will see what is left to do.

Sorry for the delay Chris. You are using a beta version of HJT. Please get the version from the link in my initial instructions uninstall the beta and delete the program files. Now go to Add/Remove programs and uninstall SpywareBot. This is not Spybot Search & Destroy. SpywareBot is a rogue program and has also installed at least one trojan maybe more. Disable the TeaTimer option in Spybot S&D as it might interfere with the cleanup process. Now please get this program: Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Please post the results of the Smitfraud scan and a new HJT log using the program you get from the link in my post here http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Hi there emil, and welcome to Malwarebytes. What is telling you there is a trojan and backdoor "bug"? Please do your best to follow the directions below, you might need to scan in safe mode with the Spybot Search & Destroy and the AVG. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Sorry I'm late, hope it was great.

Whole new meaning to "lost in translation".

Get your Java updated ASAP it is a huge avenue for reinfection using that version. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here

What symptoms do you still have if any? R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll <====Not considered malware, however it will redirect your browser to pages that Dell and Google have decided you should go to. It's your choice to remove. R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) <===== Clean up O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) <====== More clean up. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.

You must allow the ActiveX install. Go through the tutorial at the top of this forum for how to run the Panda scan. You must use IE.

The log will be here C:\vundofix.txt

Hi Drew and welcome to Malwarebytes. It's hard to tell if you have an infection from just HJT. I do see you need to update your Adobe. It is an exploitable version. Please follow the instructions below and post your replies here http://www.malwarebytes.org/forums/index.php?showforum=7 Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Tigger thanks for your help as always. Due to lack of response I will close this to prevent others from posting into it. The advice in this topic was for this system only. You should not apply to your system without advice. Please post a new topic and we will be happy to help.

Due to no reply this topic will be closed. The advice in this topic was for this system only and should not be used on any other. If you need help please start your own topic and we will be happy to help you.

Due to lack of response this topic will be closed. The advice in this topic is for this system only and should not be used on any other. If you need help, please start your own topic and we will be happy to help.