chiaz

Now if your computer is not freezing, then we can ignore the above tedious instructions! Do this instead... ======================= After your McAfee scan, please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Hi Jamie, Your computer is VERY infected. I need you to print the following instructions out. First, follow instructions here to show all hidden files and folders: http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx Next run HijackThis and place a tick by the following entries: F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\sdra64.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: C:\WINDOWS\system32\xkwqhyjqen.dll - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\xkwqhyjqen.dll O4 - HKLM\..\Run: [fjwtwaar] C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\sqegic\uxolsysguard.exe O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [fjwtwaar] C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\sqegic\uxolsysguard.exe O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\y7pvb6g.exe O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\winlogon.exe O4 - HKUS\S-1-5-21-758658292-1448399802-4154073810-1004\..\Run: [fjwtwaar] C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\sqegic\uxolsysguard.exe (User 'HelpAssistant') O4 - HKUS\S-1-5-21-758658292-1448399802-4154073810-1004\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'HelpAssistant') O4 - HKUS\S-1-5-21-758658292-1448399802-4154073810-1004\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\y7pvb6g.exe (User 'HelpAssistant') O4 - HKUS\S-1-5-21-758658292-1448399802-4154073810-1004\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\winlogon.exe (User 'HelpAssistant') O22 - SharedTaskScheduler: gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\xkwqhyjqen.dll Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis. Now navigate to and delete the following files if they exist: C:\WINDOWS\system32\sdra64.exe C:\WINDOWS\system32\xkwqhyjqen.dll C:\WINDOWS\system32\notepad.dll C:\Documents and Settings\Local Settings\ntload.dll C:\Documents and Settings\Jamie Panico\Local Settings\Temp\y7pvb6g.exe C:\Documents and Settings\Jamie Panico\Local Settings\Temp\winlogon.exe And also this folder: C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\sqegic\ Finally, restart your PC and post a new HijackThis log. Hopefully by now the PC doesn't freeze within a short time so we can run more thorough scans and removal fixes after this.

Hi borojamie, Seems like something is loading at start-up that causes this issue. Looks like we can't run any conventional scanner programs as your PC freezes up that fast. Please download the latest version of HijackThis from Trend Micro and save it to your desktop. Download HJTInstall.exe to your desktop. Doubleclick HJTInstall.exe to install HijackThis. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Copy and paste this log in your next reply. Notes: Do not use the AnalyseThis button, its findings are dangerous if misinterpreted. Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should.

Hi johnblaze, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Hi Tom, Do you recognize this program? enkedn Also go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis: c:\documents and settings\Tom\Application Data\Smilebox\SmileboxTray.exe Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see.

@Tom, A donation would be greatly appreciated. But as I said just because the problem appears to be fixed doesn't mean it actually is. For the sake of your PC, I hope you will post the logs I requested in your next reply.

Hey Randy and gbizzer, You guys are misunderstanding my instructions. Uninstalling ComboFix will perform all that for you automatically. No need to do anything else now.

I think our work is done here - your PC should be clean now. It's time to remove ComboFix. Go to to Start > Run Type in box combofix /uninstall Note: the space between the X and the /uninstall Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore.

OK....let's have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply.

Let's clear the Java cache... Go to Start > Control Panel > Double-Click on Java Icon > Under Temp Internet Files > Settings > go ahead and delete them. How's your PC running at this point in time?

I think our work is done here - your PC should be clean now. First, navigate to and delete the following folder (SmitfraudFix is outdated already anyway): c:\documents and settings\dave\desktop\unused\smitfraudfix Then you may want to go to Norton Anti-Virus and clear your quarantine out. ===================== Finally it's time to remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore.

Which browser are you using? You have to use Internet Explorer or FireFox (with IETab) to run the scan. If it still doesn't work, try this instead: http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Go on with Panda ActiveScan then. :)

Randy, those Winsock entries are part of Stopzilla.

Hey Tom, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

How about MalwareBytes? Did you run that? I need you to post the generated log here as well.

I'll get someone more experienced with tech issues to jump in here, hold on will ya. :)

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis: c:\documents and settings\All Users\Application Data\hpe9D.dll Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see. If Jotti is busy, please go to http://www.virustotal.com. =============================================== Next, please go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button. If it wants to install an ActiveX component allow it. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) The scan may take some time. Once it is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop. Post the contents of the ActiveScan.txt in your next reply, along with the VirusTotal/Jotti results.

Don't worry, I have deleted your duplicate reply. How's your PC running now?

Hi Dave, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Please download LSPFix from here. Run the LSPFix.exe that you have just finished downloading. Check the "I know what I'm doing" box. In the Keep box you should see one or more instances of lspjge.dll. Select every instance of lspjge.dll and move each one to the Remove box by clicking the ">>" button. When you are done click "Finish>>". ==================== Now go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply.

What I got you to run was MalwareBytes and ComboFix (in my earlier post). Please follow all instructions to the letter. Thank you.

Hi old tymer, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please go to Control Panel > Add/Remove Programs and uninstall the following if found: Comet Alot Toolbar Restart your PC. Next, run HijackThis and place a tick by the following entry if it's still present: O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll Close all other windows except HijackThis and press "Fix Checked". Now, navigate to the following folder and delete the following folder if it is not gone yet: C:\Program Files\alot\ At this point, restart your computer again. ========================== Now let's have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply, along with a fresh HijackThis log.

Dred, Now there's no need to get McAfee off the computer like what the above poster suggested. I can assure you that ComboFix is not malware. But it does have powerful capabilities and can be detected as such by certain anti-malware programs. In my above instructions, I did say to close/disable (temporarily) all anti virus and anti malware programs so that ComboFix can be allowed to run and do its job.

The log you posted appears to be cut off. Can you post the bottom part?