done all the wares, ad ware spyware and all that. not too sure what next to do. any help would be great
thanks

Hi there Dr Kyello , welcome to PCHF.


Let's see if we can clean that up.




Before using HijackThis Please Do the Following:



Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download Process Explorer by Systernals from HERE.


Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.



Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of msupdate32.dll once and then click the kill button.
After you have killed all of the msupdate32.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of msupdate32.dll then click the kill button.

Once you have done that click OK again.


Next run HijackThis and place a check beside each of the following:


And then delete the file in bold , and do a manuall search for msupdate32.dll and delete what you find.

I would also recommend to disable the Messenger service if you don't use it:

And i also see that you have severall anti spyware apps running atm , its better to have one running in the background , to prevent conflicts and performence issues , and then use the others to scan manually every now and then.


When youre done please post a new hjt log to check.

thanks for the help
hope it helped
here is the file

It is not completely gone yet , let's try it with a little more muscle:



First download KillBox by Option^Explicit from HERE.

Then boot in safemode again and fix this one with hjt:


Now double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

c:\secure32.html

Click the red circle with the white x and allow your computer to reboot.

And then post an other hjt log to check again.

still seem to be there
however there doen't seem to be a file in the c drive
killbox didn't seem to do much, not sure if it was going to reboot by itself, i had to exit the program and manualy reboot

i do appeciate all the help

The only real references i can find about "secure32.html" involves other running services "tool2exe" and "paytime.exe"..

Maybe there is a rootkit on youre pc that is hiding running services , can you first install this "cloaking technology remover" (From Sony...) from here:

http://updates.xcp-aurora.com/

And then run Unhackme and report back if it finds anything:

http://www.pchelpforum.com/anti-viru...s-scanner.html

And post a new hjt log please.