[Freeze]

Hi sorry for no reply until now. What version of MBAM are you using? What are your system specifications?

[SmartComputing Magazine mentions MBAM]

Awesome!! Thanks for sharing.

[Blocking of updates and URL's]

First MBAM download and installed the version will be current only. Second, your not giving any info we need to help. You don't know the machine is clean. There are no solutions you think are needed vary by each machine. Those that you link to are either still in progress or as you noticed, the user didn't follow through. I'm betting since you can't update your not clean. But since your not willing to cooperate, this will remain one more unsolved.

[Trojan.Agent]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

[Backdoor.bot need removal help]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

[Windows Update goes to MSN &]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

[TR/Trash Gen Vundo]

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

[MBAM wont remove MS Juan and MS Track System]

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

[DNS settings keep reverting]

Well, it doesn't show in HJT now. Taking steps on your own complicates this, please don't. OK, here's the trick.

Click on Start, then Run ... type

[Trojan.Vundo.H]

Hi Shili and welcome to Malwarebytes. I'm sorry for the delay in anyone replying to you. Never turn off System Restore, when you suspect infection until you are sure the infection is gone.

Please run HJT in scan only and put a check next to the following line then click fix.

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

Now please reboot, update MBAM and run a quick scan. Post that log and a new HJT log.

[Trojans in Tampa]

The stuff I listed is free. If your getting infection notices then we are not done. Update MBAM, post that log and a new HJT log please.

[Task Mgr disabled, regedit can't be accessed]

They are completely different forums. But that doesn't mean we don't know what is going on at each other's sites. Getting help at two forums, takes up the time of two people and increases the chance of system damage.

You need to do exactly as requested. No running stuff on your own, no double posting edited logs. Now update MBAM, fix what ever it finds, post that log and a HJT log. If I see one shred of evidence your editing we are done here.

[please help rookit agaent and trojan]

Hi JessicaAmber. First with a rootkit there is a possibility it can never be fully removed, you must immediately contact banks, credit cards, any other online shopping sites where you have used your credit cards. Change all passwords and keep this machine offline as much as possible. The surest way to rid a rootkit is reformat. That being said should you decide to proceed. Beta products are a huge risk and should only be used with a full knowledge of this and preferably on a machine used for testing only.

Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible.

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

I need you to update MBAM, there are several definitions past where you are. Post a new log from MBAM and a log from HiJack This!

[McAfee deleting MBAM files]

Simple fix uninstall McAfee get Avira.

[Re. Help Wanted]

OK, looking good. Few things to clean up. Run HJT again in scan only put a check next to the lines below and then click fix.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Reboot and update MBAM scan a quick one, if its clean, move onto the next steps.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

Windows needs updated to SP3

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price, from the link in my signature.

[DNS settings keep reverting]

You need to allow MBAM to do what it wants and delete the line with HJT by putting a check in the box and clicking fix. Run both as an admin. Vista is horrid for stopping all functions. What else is getting blocked from starting? You need to be logged on with full permissions as an admin. If it's blocking MBAM from starting, it wont let HJT delete on reboot either. You might try file assasin in MBAM delete the file C:\Windows\system32\kdkfp.exe that is your malware. It has to go.

[Viruses in Tampa]

Are these scans of the J drive? I'm not seeing anything. MBAM has had several updates. Please Update and post a new log.

[Trojans in Tampa]

Good glad to help we are not done quite yet. Have you updated and scanned with MBAM again? Please do and if clean then proceed to this below.

We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price, from the link in my signature.

[When sycronize time from internet disappear]

Why is this here?

[Task Mgr disabled, regedit can't be accessed]

You should not post to two forums.

Update MBAM run a quick scan fix this item below

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Post the log and a new HJT log.

[Re. Help Wanted]

The trace needs to be removed with HJT. If the machine was still being used for a business and gathering credit card info it is all compromised. Consider all info on the machine compromised. If she did online banking etc, those places need to be notified and passwords changed.

P2P programs and the downloading of illegal files with those programs is most likely how she got infected.

O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h <======= That is a P2P program. Ares, uninstall it.

Her java is out dated and exploitable and so is the Adobe reader.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.

Is the machine running ok now?

[Helppp - Google Redirect problem]

Oh good. Yes do as Raid asks.

[Trojans in Tampa]

OK looks good. I would not run both A2 and Adaware active. In fact I wouldn't run Adaware at all. It's become a bloated resource hog and not nearly as well updated at A2 is. You need to update Java.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

How is it running now?

[Re. Help Wanted]

Jack, I have just been given info about this machine that seems to be a bit contradictory to your story. Seems this is usually used to process credit cards? If that's the case you need to reformat period no further discussion. Your putting lots of people at risk here. It has P2P software on it against our policiy.

O20 - AppInit_DLLs: pitqhl.dll hedqdr.dll <======== trace

[DNS settings keep reverting]

Did you delete this O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdkfp.exe ?

You need to run HJT in scan only, put a check next to this O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdkfp.exe click fix, reboot, scan with updated MBAM post that log and the HJT.