JeanInMontana

We must have had a miscommunication Dave. Everything in your log was ignored. You should run the scan again and fix all the infections. The log shows a trojan and many tracking cookies. Panda may remove the Trojan but it will not remove the cookies.

Welcome Jacee great to have you here!!

Your very welcome Aaron_G. I'm going to close this thread then since it has been resolved. Note: Fixes in this thread are for this machine only. Every case is different following advice given to someone else can do major system damage. Start your own topic and we will help you individually.

Status of this please?

Are you abandoning this? Please let me know so I can close the thread. There are some final steps also.

Hi there Digimap, and welcome to Malewarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please, along with a log from HiJack This! I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi DigiGuru and welcome to Malwarebytes. Please post the Panada scan and a new HiJackThis log. Also see this about Bazooka http://www.malwarebytes.org/database.php?id=1 RogueRemover would be a good item to do a scan with also. Ditch the Bazooka is my advice.

You probably have settings in IE that aren't allowing the active x for the Panda scan. Or maybe you are not running as the administrator. It's OK. I should have had you move HJT from the desktop though, my bad. You should do that if your going to keep the program move it to C:\ HJT. Did you look at the AVG log? I don't see it here. If you feel your infection free I don't need to see it. If your still having symptoms I would like to see it please.Your HJT log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation. I don't see what version of Adobe reader you have, if it is older than 8 you should update it also. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here or the link to my site. Any questions or problems don't hesitate to ask.

Heh you know what they say, better late than never. We are happy to have you and I think you will be happy using MBAM also. Be sure to add any ideas for features you have to the thread in the MBAM forum.

Hi Aaron_G and welcome to Malwarebytes. You gave it your best shot, now we will try again. Please set your system to show all files and folders. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Please download VundoFix.exe to your Desktop. You may need to right click on the link and choose save link as. *Double-click VundoFix.exe to run it. *Click the Scan for Vundo button. *Once it's done scanning, click the Remove Vundo button. *You will receive a prompt asking if you want to remove the files, click YES *Once you click yes, your desktop will go blank as it starts removing Vundo. *When completed, it will prompt that it will reboot your computer, click OK. *It will make a log in C:\vundofix.txt, please include that in your next reply.. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Close all programs leaving only HijackThis running. Place a check against each of the following if they still exist, making sure you get them all and not any others by mistake: O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} - C:\WINDOWS\system32\urqpmno.dll (file missing) O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\kysgewqc.dll O2 - BHO: (no name) - {C9184ED7-96B3-479D-878A-809D2C4BF3DB} - C:\WINDOWS\system32\vtuts.dll O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\abmoxqhd.dll",forkonce O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O20 - Winlogon Notify: urqpmno - urqpmno.dll (file missing) O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: Begin tapping the F8 key as soon as you hear the beep. Using Windows Explorer, locate the following files/folders, and delete them if they still exist: C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 Exit Explorer, and reboot as normal afterwards. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please, along with a log from HiJack This. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi there, and welcome to Malwarebytes Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\urqnlif.dll (file missing) O2 - BHO: (no name) - {997B61A1-33B5-495A-B468-9E41FACD2BB6} - C:\WINDOWS\system32\vtutq.dll (file missing) O2 - BHO: (no name) - {A86EF427-ECD2-46C4-A1CF-1852E8FC47BD} - C:\WINDOWS\system32\jkkli.dll (file missing) O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\mcyasefq.dll O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe O4 - HKLM\..\Run: [wbmpukzA] C:\WINDOWS\wbmpukzA.exe O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\hrwvxksk.dll",forkonce O20 - Winlogon Notify: fccbcya - C:\WINDOWS\ O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing) O20 - Winlogon Notify: urqnlif - urqnlif.dll (file missing) O20 - Winlogon Notify: vtutq - C:\WINDOWS\system32\vtutq.dll (file missing) Click on Fix Checked when finished and exit HijackThis. Please set your system to show hidden files and folders: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Using Windows Explorer navigate to this file C:\Program Files\WinPop\winpop.exe and delete it. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please, along with a log from HiJack This. I will analyse the logs and give you further instructions. Be patient and persistant. These things can take time and many procedures. Feel free to post the AVG log when your done and continue with the Panda scan. Give me feed back about your symptoms too please.

Welcome aboard Ruby!!

I posted in the other thread before I saw this one, but how about LSP fix?

Hi there, and welcome to Malwarebytes. Please let me know what you did from other logs. That is a dangerous thing to do as each fix is specific to the system in question. I need to know what fixes you have already tried please. Please set your system to show all files and folders: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. The following explains how to remove items from your computer that are malware. Go to Add/Remove programs and uninstall Mywebsearch toolbar. Close all programs leaving only HijackThis running. Place a check next to each of the following, making sure you get them all and not any others by mistake: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZC O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab Click on Fix Checked when finished and exit HijackThis. Using Windows explorer go to C:\Program Files and look for any folders with MyWebSearch also. Delete anything you find. Do the same for any files connected to Zango and PuzzlePirates. Please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy be sure to immunize with this program also. AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please, along with a log from HJT. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. You will finish the AVG scan first so feel free to post that log then move on to the Panda scan etc.

Yes, it was updated etc. and seemed fine when I restarted it also.

I got updated and immunized even with the error. as soon as I clicked the OK button the program crashed. Took a screen shot so you can see what I saw.

Due to lack of response I'm closing this thread. If you wish to continue with cleaning your machine send me a PM and I will reopen this thread.

Due to lack of response I'm closing this thread. Should you need further assistance send me a PM and I will reopen.

Five days no response I'm closing this thread. Should you wish to continue with the clean up of your machine, just send me a PM and I will reopen the thread.

Simon?

So, what's going on with this?

Your running two antivirus programs. Not a good thing. You need to choose either the McAfee or the Symantec. You can keep them both installed but you can't run them at the same time. Run HJT again with all programs and browsers closed, put a check next to these items: O13 - Gopher Prefix: O20 - Winlogon Notify: vtusppm - C:\Windows\SYSTEM32\vtusppm.dll O20 - Winlogon Notify: winyvc32 - C:\Windows\SYSTEM32\winyvc32.dll Reboot and then, Please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to immunize with this program also. AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please, along with a log from HJT. They will be long and it's fine to post the AVG log then run the Panda scan and post it and the HJT. I will analyse the logs and give you further instructions. Be patient and persistant. These things can take time and many procedures.

The link works fine for me, a download box pops up and you save the file as in the instructions. I need to see the log from the program. Are you sure you followed the instructions? If Symantec is interfering with the Vundo fix turn it off. Run HJT again and put a check in these items: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = But I still need the Vundo log.

Hi there, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize function for this one also. AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! Be sure you install it to a folder on your hard drive, usually C:\HJT. You have the version your using now on the desktop. I will analyse the logs and give you further instructions. Be patient and persistant. These things can take time and many procedures.

Hi and welcome to Malwarebytes. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. When VundoFix re-opens,click the "Scan for Vundo" button. Once it's done scanning,click the "Remove Vundo" button. You will receive a prompt asking if you want to remove the files, click "YES". Once you click yes, your desktop will go blank as it starts removing Vundo. When completed,it will prompt that it will reboot your computer,click "OK". Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log. Please also describe what all of your symptoms are. Note: It is possible that VundoFix encountered a file it could not remove. In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.