JeanInMontana

This issue has been resolved, and the topic will be closed. The advice given in this topic is for this system only and should not be used on any other. If you need assistance please start your own topic and we will be happy to help.

Topic closed due to no response.

Hi Kbottles, welcome to Malwarebytes. I am sorry your post has not received any reply before now. Are you still in need of assistance?

Hi Chris, and welcome to Malwarebytes. You have a Smitfraud infection and most likely some others. Please follow these instructions and post your reply in this forum as a new topic. http://www.malwarebytes.org/forums/index.php?showforum=7 Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

ccarbo your Panda scan shows several items not disinfected. Adware:adware/popmonster Not disinfected C:\Documents and Settings\Carol Dettmering\Favorites\shopping\Ebay.url Adware:adware/favoriteman Not disinfected c:\windows\downloaded program files\ATPartners.inf Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.8-2.inf Adware:adware/comet Not disinfected c:\windows\inf\dm.inf Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Carol Dettmering\Application Data\tvmuknwrd.dll Adware:adware program Not disinfected c:\windows\ss3unstl.exe Adware:adware/searchrelevancy Not disinfected c:\program files\SearchRelevant Adware:adware/wupd Not disinfected c:\program files\Windows TaskAd Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\microsoft\office\word\addins\MyWebSearch.OutlookAddin Adware:adware/oemji Not disinfected Windows Registry Adware:adware/exact.bargainbuddy Not disinfected Windows Registry Potentially unwanted tool:application/errorguard Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006} Adware:adware/block-checker Not disinfected Windows Registry Adware:adware/whenusearch Not disinfected Windows Registry Adware:adware/dyfuca Not disinfected Windows Registry Also from your other posts, it appears you are cleaning machines in your shop and charging, but using our free help to do so. If this is the case, it is not acceptable. We give help for free and not for others to use and charge.

Hi Gorimi and welcome to Malwarebytes. I see you also have Combofix on your system. Have you ran a scan with this? If so please post the log. What are your symptoms now?

Hi frmdust and welcome to Malwarebytes. You have a Smitfraud infection. Please follow the instructions below. Do not turn off System Restore until I tell you. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post the log from Smitfraud and a new HJT log please.

Hi there clasiq, and welcome to Malwarebytes. You should never run tools like Smitfraud with out the guidance of someone familiar with their operation. You can do major damage. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

I need to see the Vundo log and a new HJT.

Hi Doug, you are still infected. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 1 and hit Enter. * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt Post this log please and a new HJT. * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

Are you sure? I need to see the requested logs. You also need to update Adobe...it is a bad version.

Hi tultha and welcome to Malwarebytes. You can choose the language for RogueRemover. There are many to choose from. If you want additional assistance to be sure you are clean, this is the forum http://www.malwarebytes.org/forums/index.php?showforum=7 Follow theses instructions. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. RogueRemover only removes programs targeted as rogue. Often there are other malware bundled with the rogues. To be sure you are free of malware you should be checked.

There are no logs Doug. HJT is all I need if you are not having other symptoms.

Hi antwaarpe and welcome to Malwarebytes. Take some deep breaths and calm down a bit. You should never use tools you don't have a good knowledge of it can ruin your system. Please set your system to show hidden files and folders. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Remove the old versions of Vundo, and any other special tools you used. Uninstall GameSpy or what ever program is associated with the 016 file below. [*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {47FD1D75-E4C0-4049-A882-60B57314032A} - C:\WINDOWS\system32\mljklkk.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\SYSTEM32\VDCCDXDM.DLL O2 - BHO: (no name) - {EF72D15E-A329-479B-8747-A6DA1DB499FC} - C:\WINDOWS\system32\sstqq.dll O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O20 - Winlogon Notify: mljklkk - C:\WINDOWS\SYSTEM32\mljklkk.dll O23 - Service: VundoFix Service (VundoFixSvc) - Unknown owner - VundoFixSVC.exe (file missing) Click on Fix Checked when finished and exit HijackThis. Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Hi Paul sorry for the delay, I'm under the weather with a flu shot reaction. As I said here I do think we have a high probability of successful removal, but there is no way to be absolutely sure without reformat. You most definitely should have already changed all passwords and notified banks, credit cards etc. You still need to update Adobe if your not reformatting. It is an exploitable version. Run HJT again and clean this line O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) it's not malware just house keeping. If your not reformatting you need to We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. If your not going to reformat, you will benefit from some basic maintenance and most likely increase performance. Run a disk error check and a registry repair scan with a free program like EasyCleaner. Don't use the duplicate file remover unless you are absolutely certain of what your removing. Many Windows files are meant to be duplicates and removing is disaster. Then do a defragment of the disk. This will help with performance. Last but not least by any means. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Sorry for the delay getting back to you. I am having a reaction to my flu shot. You have a couple of things at work still. Let's begin with the following: Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Are you running Symantec anti virus and McAfee? I can't tell for sure if the Symantec is an AV or perhaps firewall. You never run two AV actively together. If this is the case you need to pick one to run actively and either uninstall the other or keep as a backup only. Your Java is also way outdated and a security risk. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.

Five Live?? Where were you asked to remove that? I asked what you knew about C:\Program Files\Five Live Flash\FiveLiveFlash.exe If you did indeed install the program and you feel confident this is that same program fine. But malware is notorious for using known file names to hide itself. Trust no one.

Good! Looks like it got some more. Now the removal of the rest in the post I requested with HJT and a new HJT log please. Also feedback, on how your running now. Things should be getting better. I need to know.

Hi Paul in addition to the stuff above please do these things. Run Navilog1 with choice 4 enter lbxndbxodi .Navilog1 will check if others extensions related to Navipromo are present with the same name file. Then please look for the report saved on %systemdrive% and post that.

You need IE for Windows updates. It also shows in your log. MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16473) You also didn't remove anything with AVG. Please scan again with it and make sure you take action. Then post that log with in your post, not as an attachment and a new HJT log.

If you wish to receive assistance for your problem. Please follow the directions posted. If you are using a Windows OS everything will work.

Hi there yemaj, and welcome to Malwarebytes, If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. Do not turn on TeaTimer at this time. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Paul did you completely remove the old version of the Navifix? This is very important. Please run HJT again and put a check next to each entry below. O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file) O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab <====== Uninstall program connected also. O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flashcasino.ladbrokes.com/instant-p...en/FlashAX2.cab < ==== Uninstall program connected to this also. O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) C:\Program Files\Five Live Flash\FiveLiveFlash.exe <==== What do you know about this? I'm finding mixed reviews via Google. You need to update your Java and Adobe. Both are known exploitable versions. Please follow all these instructions, give me feedback on your system performance, and post a new HJT log.

I'm asking for a link to the new version Paul. Here is the newest version Paul, please scan with it and post the log, and a new HJT log. http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe Paul also be sure to uninstall/delete the old version of Navifix before you download the new version.

I'm not asking you to use anything beta. This is a stable version of SB S&D. If your not going to use it, I still need to see the other logs or we can just close this.