JeanInMontana

Your welcome. I see there has been a Java update from your log. Good job, now I need to update! I will close this as resolved.

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background This should do it.

It probably isn't related to MSN. It is a known malware line in HJT logs. It is easy to put back a background if that is what it really is, but safer to remove. Log looks good I will close this as resolved, if you need further assistance send me a PM and I will reopen the thread.

Well it looks clean, you made a new restore point right? And I have advised you of the preventative measures you should install. I will close this as resolved.

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user') Those above too. Sorry

Oops I might have looked at the wrong log. But fix this entry O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

The one account shows the correct version. I don't know why they all wouldn't.

It's AVG Antispyware, if you have it set to save it will. Your sure we are talking about the same program?

Hi there foofoo, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

You must not have it set to save a log is all I can think. O4 - HKUS\S-1-5-21-3746299716-2376927081-3986171330-1005\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Nathan') Remove that line above and for some reason, this profile has the correct version of Java and no bad 020 line. How is it running? I need feed back on all of these accounts please.

Hi Doug. So sorry for the delay in a response. This was actually posted in the wrong forum. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post the Smitfraud log and a new HJT log for me please.

If it did a scan there is a log. But I don't really need it, it's too late now most likely. O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat <===== again our culprit entry. Get that Java fixed. I don't know how to stress this enough. It is a major hole for exploit if you continue to surf the net with this version.

Spybot Search & Destroy is not an anti virus program. It detects and removes many variations of spyware/adware and some nasty trojans, it is a malware removal and prevention program. You still need an antivirus and at least one other general malware remover like AVG, which is free. I'm not saying get rid of Norton, you asked my opinion. I do not and will not use it. There are several free very good AV programs that do not suck the life out of the PC. Take a look at the last link in my last post for a wealth of information on protection options.

If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Due to lack of response in this topic it will be closed. Should you still need help PM a Moderator for assistance.Anyone reading this should not apply the fixes to their system. It can cause severe damage. Start your own topic for assistance and we will be happy to help you.

Since this topic has been resolved it will now be closed.. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic.

Closed due to no response.

If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

OK I'm home. What is the status with these accounts? I see the one bad file is in the last HJT log. Was that posted before we had the other account all clean? It has been 4 days if these accounts are not clean we need to start from the beginning. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Since this issue has been resolved I will close the thread. The advice in this thread is for this machine only. Applying the fixes to your system can cause disaster and irreparable damage. Post your own topic for help.

I am not a Norton fan in any way. It is a notorious resource hog and from personal experience it has let me down in protection with the anti virus, I think the firewall is pretty good. You can get rid of all the special fix tools. However, I would advise you keep SB S&D and use the immunize and IE download protection, plus scan with it weekly after update. You should really get the other prevention tools also. Be sure you reset System Restore also.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here.

We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here If you think there is no problem with the other accounts then this should wind things up. If you still have problems with those accounts. Then you need to start the process. Post a log from HJT, run the preliminary scans from AVG, Panda and post those logs. Wait for instructions.

Did you run Killbox? You need to get rid of this file C:\WINDOWS\system32\sulimo.dat Use HJT to clean this up too O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file) I'm not sure about that Adobe distiller either, can you update that? We need to get a HJT log with no reference to sulimo.dat before we are done.

I'm glad to help. You did/do have Smitfraud, it is a new version, because as we know, the normal removal procedures did not work. You are not alone in this I have just finished with another victim with the same thing. Yes you should delete the programs you mention. You need to update Acrobat because it is a risk. It has nothing to do with how the program works for you, it is a means of getting infected again. It is in a tool bar for IE and that means your at risk. Which brings me to IE and this: R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory is this where you have IE? If so I suggest you move it to program files. Let's get this program and go after that stubborn file. Author: Option^Explicit Download Location License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted. C:\WINDOWS\System32\alertic.exe That is the file name and path you should put in the program. After the reboot run HJT again and if it is gone move on to this last step blow. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here