ok, this computer has spyware and it looks like its not pretty. Keep in mind before yelling at me, this isnt my computer. its my brothers. and by the time you read this I have probably already downloaded all the AV's and Spyware things and SP2. :-) I hope I can get it under control before it has to be wiped. Thanks!

Hi PraiseJah,

Yup, a quick scan of your log shows me some nasties.

Please follow the instructions under the Prework link in my sig and we'll get some expert advice on this as soon as out Security team gets here.

all the "prework" is done.

Could you post the Ewido log aswell? And if you run Ewido after you posted that hjt log then please post a new hjt log aswell.

ok, here they are. I also think that I have gotten everything that he needs except SP2. I told him to download it while I was gone but he couldnt find it and I cant remember that site that allows you to get it manualy.

There is a link to sp2 on our mainpage , on side to the right. But first lets get rid of the malware on there.


Download Smitrem to your desktop:
http://noahdfear.geekstogo.com/click...click.php?id=1
Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Download roguescanfix.exe, and save it to your desktop.
http://www.martijnc.be/tools/roguescanfix.exe
Double click roguescanfix.exe to install it.
But dont run it yet.


Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)


Open the roguescanfix folder, and doubleclick run.bat.
Your desktop and icons will disappear and then reappear again, this is normal.
Wait till te message "Completed script execution" appear, then click OK.
Click "Exit" to close BFU.
Click "OK" to start the SpywareQuake/Spyfalcon uninstaller, after that click "uninstall".

Then run SmitRem:
Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:\smitfiles.txt" , or the partition where your operating system is installed on.


Note:
You will need to reload your wallpaper as the SmitRem tool will reset it, you can do this in desktop properties on the Desktop tab , and choose the one you want to use and press apply.

And XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.



And when done , post the smitrem log and a new hjt log. But make sure it is the latest version of hjt , you have used an older version now. See link in my sig below.

ok, heres the latest logs, and I think that I got the new HJT. And then infection appears to be gone, the pop ups have stopped.