JeanInMontana

Fixes? I see nothing wrong.

87368 objects scanned in 23:56 nothing found. Shaved almost 5 minutes of full scan boys! WTG. I'm really not doing anything different on my end since the earlier scan.

13104 objects scanned in 3:49 nothing found!

I got the F/P C:\WINDOWS\system32\drivers\ip6fw.sys (Rootkit.Agent) Scanned 87276 objects in 28:21. It's getting faster every time.

Hi and welcome to Malwarebytes. Please post the entire ComboFix log and a new HJT log also.

Hi, no you don't immunize with Panda. Sorry if I confused you. Did you remove the initial items I listed in HJT, using HJT? They are still in your log. You run a scan only and put a check next to each item, then click fix. Do this please then reboot and show me a new log.

Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. When VundoFix re-opens,click the "Scan for Vundo" button. Once it's done scanning,click the "Remove Vundo" button. You will receive a prompt asking if you want to remove the files, click "YES". Once you click yes, your desktop will go blank as it starts removing Vundo. When completed,it will prompt that it will reboot your computer,click "OK". Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log. Please also describe what all of your symptoms are. Note: It is possible that VundoFix encountered a file it could not remove. In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Hah, I don't get many cyber kisses. Glad to help.

Thanks for the compliment Dave, I give it my best. I promise not to bad mouth Symantec. I found this and it looks interesting. http://www.castlecops.com/t191385-Prevx_in..._Antivirus.html Prevx makes a special tool to remove it. Also I should have said in your other thread you need to update your Java and Adobe both for major security fixes. Let us know if that thread at CastleCops helps.

Yes and no Dave. I mean allow Panda to remove what it will, and as in the case of MyWebSearch get rid of that plug in. That is a bad item. Did you immunize when you ran Spybot Search and Destroy? You should, it will help prevent somethings from getting on your system. I suggest you get this program and get rid of all the junk http://www.ccleaner.com/download/ When did you use SmitFraud fix? Files\Content.IE5\YR2LA3BU\SmitfraudFix[1]\SmitfraudFix\Process.exe

Due to no response this thread is closed. The fixes posted here are for this system only. Using these fixes on another system can cause major damage.

I bet it's a Symantec problem then. But HJT is not renamed C:\Program Files\Trend Micro\HijackThis\HijackThis.exe I would try uninstalling Symantec and doing a reinstall. Then if your still have trouble, post it in the general computer help section and more people can respond. You might also check the Symantec site knowledge base for your issue. Personally I find that program more trouble than it's worth to run. But that is just my opinion. I will close this thread as resolved. The fixes and advice given in this thread are for this machine only. Applying them to your machine can cause major damage.

Well I didn't get it either. I have plenty of protection. However, I did miss two DB updates somehow, from what it was with the build release until now. Scanned with release of 66 and nothing except the update for Antivir found, so it was the next DB that gave the F/P's?? Scan with DB 120 nothing found.

I would like to see the entire log, please, that looks very short. Is the machine running any better?

Hi there. You didn't rename the HJT program. O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll That is Prevx above. It or part of it is installed. What did you attempt to install? Remove the line below with HJT. O20 - Winlogon Notify: winpaa32 - winpaa32.dll (file missing) Post the Panda log when you get it and please rename HJT to Digimap.exe and run a scan with it and post the results. To rename right click on the program and choose rename from the context menu. There are certain infections that hide from HJT and renaming will expose them.

Good job. Remember a new HJT log after you remove everything Panda finds and the Panda log. Also please let me know if your noticing any improvements.

I see that I was misidentifying the program, Bazooka. Sorry about that. There is one with the same name that is rogue. If Panda crashed that could be a sign of something making it crash, it is usually stable. Run AVG first if you can and post that log. Thanks.

Run a scan and remove everything found with this program http://free.grisoft.com/doc/28415/lng/us/tpl/v5 AVG AntiSpyware and post that log please. Panda can run while you use the machine. Bazooka is a rogue program and that makes it virtually useless. Rogues tell you they find things and remove them, when in fact nothing is done. Your using a version of Java that is known to be a critical security risk, highly exploitable. You should uninstall and delete the program folder and get the latest version. http://www.java.com/en/download/manual.jsp As for your productivity, I'm sure it is more impacted by your infection(s) than you realize and in fact all your information could very well be being sent to someone else. When ever you find time please post the logs from Panda and AVG.

Hi again. I found this http://tinyurl.com/yv8wty several things to look at.

You still didn't fix anything. All the entries show ignored. You have to remove them. Take a look here http://wiki.castlecops.com/Malware_Removal...emoval_Programs

I don't know what you have done as far as the HJT log instructions, if you did those, you shouldn't need to do again if you didn't do them, then yes start at the beginning and follow each step exactly. Yes, you should run the programs in the order listed. Otherwise all the tracking cookies etc that show in the AVG log will also be in the Panda log and it makes it harder to read. Panda will not remove them either so this way you are getting cleaner with each step, or would have.

What is the error you get from Panda? Have you scanned with Prevx? That is an aggressive program and kept very up to date. Let's do this, remove thsese two items with HJT run the program and put a check next to them, then click fix. O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-976828038-1446016067-1691616715-4971\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'gcockram.1') Reboot and rename HJT as Digimap.exe then scan again and post the log. We will see if anything is still hiding.

OK thanks.... just with a quick glance I see you need to rescan and take action ie remove everything found. You have several trojans and they need to go. Make sure you choose to remove anything found with the Panda scan also. Sorry you have to rescan but it can't be ignored.

Please use copy and paste to post the logs into a reply. I can't decipher that log at all.

The items should have been removed that were found using AVG and Panda. Panda log seems very short also. Please post a new HJT log and the rest of the Panda scan if you have it. You should rerun all scans actually and remove the bad stuff. What Panda found is bad and needs to go.