JeanInMontana

Hi there spobster, and welcome to Malwarebytes. The second log is the same as the first. A popup won't change that. You can remove these lines with HJT, just run a scan only and put a check next to each item. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) Do you have Symantec, McAfee and Eset32 all installed? Or did you just download the Symantec and McAfee? If you have three AV programs installed pick one and make sure the other two are not running actively. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a new log from tHiJack This. You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

I should have thought of this. It was late when I replied last night, in my mind/brain. Try Last Known Good Configuration that is your best bet to restore the system. You may end up infected again, but you save your system. Here are some good instructions on how to do this http://www.techsupportforum.com/security-c...tml#post1099176 I have just been alerted that there is a new version of Vundo that causes this damage. I'm hoping this works, otherwise if you have a restore disk or the original install that is you last resort. Let me know how it goes.

What makes you think your infected? Just because Xoftspy says so? I agree with adchia. If you really think you have something, use a reliable program and scan. Follow the instructions below and post the requested logs in this forum http://www.malwarebytes.org/forums/index.php?showforum=7 Be sure you start your own topic. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. Someone will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

I highly doubt it is Sasser. That is an old worm and if you scan regularly with updated AV you shouldn't have it. Besides that wouldn't keep you from booting with that error I'm pretty sure. I can't imagine why you would get this after a disk error check. I am away from home right now on business. i will post a request for someone to help you in the experts forum. If someone new starts responding that will be why.

So, how are you running now? You should do a disk error check, and a defragment after all this. Do the error check first. You will probably get a message saying you don't need to defrag, if it is over 3% fragmented do it anyway, you will notice a performance boost. If everything is running good now we need to do a final step or two. Post another HJT log. Make sure you have updated the Java. Do the error check and defrag. If the HJT log is clean there is one final step.

Hi there Nikky, and welcome to Malwarebytes. One thing I see is you have two antivirus programs running at once. This could be causing your memory problem and more. You need to choose one to run always. You can keep one for a backup scanner but not as active. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please and a new HJT log with the start up items. In HiJack This click on the Misc tab. At the top you will see Generate Start Up List and two boxes. Put a check in each and click the tab. This will be long so don't panic. You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. I don't see anything right off, but these scans should show something if you have it. You also need to update both Adobe and Java uninstall the old versions and delete the program files. They are both known security risks. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.

Find that folder and delete it. It is a left over from uninstalling the program. I would do a file search for Antispywarebot and delete everything found connected. You might want to also get CCleaner http://www.ccleaner.com/download/ and prepare to be amazed at the "crap" it removes. Run it then ComboFix again. Your not being a pain either. This stuff is often worse than what we are doing here to get rid of .

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe I had to right click this link and choose save as to get it to download without a "page not found" error. So pick your desktop and save it there.

Hi Doug and welcome to Malwarebytes. First let me say never follow advice for another system. You can cause serious damage, all fixes are system specific. I deleted your other two posts as they won't help us any here. What you do is keep using the reply button on the same thread and then everything will stay together and not create separate topics. You didn't take any action with your scans so you need to run AVG again. This time make sure you take action remove what is found and post that log again please, along with a new HJT log.

Oh the joys of 15 year olds. These miscreants target kids too and it is so wrong. What you can do is make sure Jr is using an account that does not have administrative capabilities. Then nothing can be installed without you having a say. That includes malware that can be gotten from just visiting a bad site. It is possible that is what is happening right now. You have an outdated exploitable version of Java. Please uninstall all versions of Java you have in Add/Remove programs, and delete the program files also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the off line installation. This could be causing you to be reinfected. Be sure you have the system set to show hidden files and folders also. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Then let's run this http://www.techsupportforum.com/sect...s/ComboFix.exe Make sure you don't click the program during the scan. Please post the log when the scan finishes.

Hi again. If you notice for most of your poker games the file was missing, most likely removed by a malware scan of some sort. These games are probably how you got infected. We missed one here: O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab There should have been a log from the Vundo fix also. Look for it on C:\ Vundo.txt Please post that. Spybot Search & Destroy has a feature called Tea Timer, it is a tool for monitoring changes to your system and that is what was giving you the alerts. You can turn it off if you don't want the messages. However, it is a good thing to have for prevention and it will help you learn what is being changed by what in your system. You seem to keep getting yourself infected and as you were advised back in June by TheRock247uk here http://www.malwarebytes.org/forums/index.php?showtopic=1667 you should have some sort of protection and use more caution installing things. LOL Let's have a look at the Vundo log and some final instructions.

OK Please follow these instructions carefully and in the order written. Uninstall (if possible) UltimateBet.exe Run HJT scan only and put a check next to all of these: O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: POKER - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Program Files\PokermMPP\MPPoker.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Absolute Poker\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Absolute Poker\PartyPoker\RunApp.exe (file missing) Now please get this program below, follow the directions carefully. VundoFix.exe PDF Print E-mail Written by Atribune Feb 03, 2006 at 03:58 PM VundoFix.exe is a removal tool developed to remove Virtumonde infections. To use the tool follow the instrctions below. Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * When VundoFix re-opens, click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Last Updated ( Aug 14, 2006 at 10:47 PM ) Reboot and post a fresh HJT log for me.

Hi there and welcome to Malwarebytes. SpywareBlaster is not a removal program. It is a site blocking program and one you should keep. If you can, uninstall AntispywareBot from your add/remove programs. This is a known rogue program and bad. You must have a new version because it should get removed by RogueRemover. Please follow the directions below carefully. Please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Post the logs from the AVG scan please, along with a log from this program HiJack This! You will post two logs. 1. AVG scan. 2. HiJack This scan. You will finish the AVG first so go ahead and post that log, then with all programs and browsers closed run HiJack This and post that scan. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

8 days no reply. Thread is closed.

That is just so wrong. v@leytman.com Email should anyone care to tell this ass he is out of line!! If this is what pro's are producing, let the amateurs have a go.

Why not expose the dealer to MS and the local authorities, Better Business Bureau etc? Taking advantage of a mentally challenged person is against the law in some states also and there are agencies that will address it. Was it a legal copy of Windows? This behavior has to be in the top ten of "How Low Can You Go".

Hi there, and welcome to Malwarebytes. What is telling you you're infected? If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! Make sure you have it on your hard drive. Currently you have HJT in your temp files. You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

106,908 objects scanned in 44:32 no detections.

Hi and welcome to Malwarebytes. What system are you using? Have you tried uninstalling the program? Maybe a disk error check or system restore if you have XP.

Hi sorry this is a slow reply, I'm a bit under the weather with a bug. I would try disabling Symantec and see if you can download. It could be stopping the download as a threat because it contains an executable file. A quick Google search came up with two hits at the ZoneAlarm forums. MSI is the Microsoft Installer also so that might be it. http://forum.zonelabs.org/zonelabs/board/m...essage.id=72126 and here http://forums.zonelabs.com/zonelabs/board/...essage.id=72127 Thought you might want to see these too I often hear from readers who are worried about the repercussions of downloading music and movies from file-sharing sites or P2P services such as LimeWire and Bittorrent. It is true that some individuals have been sued for downloading and/or sharing copyrighted materials. But now there's something new to worry about. The MPAA (Motion Picture Association of America) is filing suit against TorrentSpy, a search engine that helps people find and download movies. Although TorrentSpy does not host, sell or distribute any files, the MPAA contends that they are violating copyright law by helping people find links to pirated movies. Read on to learn why this might lead to a knock on your door by the MPAA, and what it will mean to your Internet privacy if the MPAA prevails in court... <a href="http://askbobrankin.com/sued_for_searching.html"> SUED - http://askbobrankin.com/sued_for_searching.html </a> And if you missed the companion article, here's the link: <a href="http://askbobrankin.com/sued_for_downloading.html"> SAFE - http://askbobrankin.com/sued_for_downloading.html </a>

Five days no reply this thread will be closed. If you need assistance please start a new topic.

Ditto Sho-Dan.

SB S&D is detecting that your Windows firewall is turned off and the Security Center. wscsvc <=== is Windows Security Center service. You just need to tell SB S&D to ignore it next time it scans. Open the program, make sure it is in advanced mode (click on mode to see), and click on the Settings then the Ignore Products, look for SecurityC.sbi in there you will see several Windows services etc. the second one is the firewall. You can also right click on the item or any item in the scan results and choose to ignore. http://www.safer-networking.org/en/index.html This is the home site of SB S&D, you will find all the information for configuring the program there. I just gave you the admin account info in case you needed it. You know your son. LOL I don't care if he hates me. I do care if he is exploited because he is an innocent child. I know of too many horrors. You can tell his cousin that what she is doing is no different than shop lifting. Game cheat sites can be bad also, because they know kids will be there and they plant malware. Good free antivirus, AntiVir is what I use, I really like it. Avast is also good and I have used it. AVG is good. Those are just 3. I can guarantee you will get better performance without the Symantec. You will lose GoBack and System Doctor but you can replace what they do with other free programs. GoBack is essentially what is already built into XP in SystemRestore. SystemDoctor is a combination of some built in Windows functions, disk error check, disk defragment and a registry cleaner. They always run and use resources though, so it affects your performance. Let me know if you have further questions.

Pardon me for a snicker or two. I was thinking Stephanie, might be at fault here. Let's take one thing at at time. Change jr's account settings to non-administrator and he can't install anything, no junk period. He can still surf, use Xbox etc just not install programs. To do that: Start> Control Panel> User Accounts, If you don't have user accounts set up, say everyone just turns on the PC and uses it. Set up user accounts. You make yourself the administrator, say Mom is the account name, set it to password sign on, don't tell the kids the password, be sure you remember it or write it down and hide it. You can also make yourself a non admin account and some recommend this because nothing can install, ie no bad stuff. CursorMania is a hotbed of malware, yes you should delete those leftover files. The firewall, I am not a Symantec fan at all. I used to use it, changed once the subscription ran out to try something else, it discovered 3 trojans that had been on my system for months! And my performance improved dramatically. I honestly don't know if your firewall is still working or not. I wouldn't take the chance it's not if I were you. Get a free one like ZoneAlarm uninstall the old one, make sure the Windows SP2 one is off and use ZoneAlarm, or any other decent free one. There is no need to pay for any antivirus program either. Next time your subscription is due go out for a nice dinner instead and get a free program.... When IE7 first came out there were major problems with it. I think they have been fixed now, I don't use it, unless I'm forced. It does have some parental control features you might like. You can restrict sites in it. (Your son is going to hate me.) Reset System Restore: To erase all restore points, right click on My Computer,choose properties, then click on the System Restore tab put a check in the turn off System Restore points, then click OK. It will delete all restore points set by Windows. GoBack I can't remember, you will have to look at the program and maybe the Symantec Knowledge Base. It is probably not crucial in your case either since we didn't really find anything bad. To set a new point: Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. OK, now LimeWire. LimeWire is a software program used for P2P file sharing and the program itself is legal, it's what can be done with the program that gets into the gray area. There is no disputing that. You mention a website. I don't know what that might be, it could be a torrent site, which there are many, not many are legal. Bottom line, movies, music etc are all copyrighted materials and obtaining them any way other than paying the given price, is illegal. Who pays in the end when Jr is caught? Mom. To download free legal music etc, a program like LimeWire is not needed. Just going to some of these sites that claim to have free media can give you an extra payload not worth the "free" thing. When it sounds too good to be true, it usually is. This is where a host file and a program like SpyWare Blaster will save your bacon. They keep the site from ever loading. RogueRemover is another and it is made right here, there is a free version with many bad sites to block. Your pretty sharp I would say to figure out what file was missing and to copy it into the needed location. Don't sell yourself short. You also ran these fixes we did and I can't count how many people I have tried to help, and they just can't seem to do them . Don't sell yourself short. The best protection you can do is keep everything up to date in your software and scan at least weekly. Keep your Windows updated and programs like Java and Adobe. Don't allow kids administrative rights. It also saves them. These miscreants prey on the innocent and lure them into doing dangerous things. If there is anything else I can help you with don't hesitate to ask. I am more than happy to help you.

Well, there is a detection from Kaspersky's, certainly not a root kit. There is nothing to show a root kit in any scans we have run. C:\Program Files\AWS\WxBugSetup60b6.04.0.9m.EXE/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped C:\Program Files\AWS\WxBugSetup60b6.04.0.9m.EXE WiseSFX: infected - 1 skipped C:\Program Files\AWS\WxBugSetup60b6.04.0.9m.EXE WiseSFX Dropper: infected - 1 skipped Those files are from WeatherBug I'm guessing? You can get similar programs that don't give you AdWare etc. You should be able to uninstall the program via Add/Remove programs and delete any leftover files. Do the uninstall first then delete or you may have trouble uninstalling. The other thing that is best to be rid of is the file I had you scan at Virus Total. Even though nothing was found there I did find it in some other logs and it was considered something to remove. I also consulted with a MS MVP and they agree it should go. You should update your Adobe Reader to version 8. There is a known security flaw in version 7. After you do these things above we need to reset your System Restore points and since you have GoBack that also. Any infection will be stored in that file, if you ever use it you will reinfect yourself. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here . Did you ever have symptoms of infection? Popups, browser redirects, slow performance? I would also give a word of caution about the P2P program Limewire. P2P file sharing is risky and often illegal.