JeanInMontana

My Web Search is malware. Just for the record. Wouldn't it be best to just fix them?

oops better late than never I hope.

Keep in mind beta programs can do serious system damage. You might want to consider your experience level when beta testing.

Hi littlebity and welcome to Malwarbytes! Thanks for your kind words much appreciated.

Ditto nosirrah, and do you ever do forum work?

Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

Hi maiki and welcome to Malwarebytes. Joe53 is correct. But I will elaborate a bit. First Spyware Blaster and immunization in SBS&D are not back ground scanners. They block sites and active X installs. Keep them always updated and all protections enabled. Second, get a free AV that won't suck the life out of your system and is actually working. We recommend Avira from Antivir to run along sided of MBAM. You do need an anti virus, MBAM is not an antivirus program. The Windows firewall is crap. Online Armor makes a great free firewall I run it Avira and MBAM all together and have very low system resource use. If your going to buy MBAM, please use the link in my signature. Feel free to keep asking questions, we aim to please and give the best support we can for our product.

Bad idea. Update, every time there is one to be had, be glad someone is working to save you from what is out there and for free!

We did do beta testing. Beta testing has never stopped every new version has been tested. There were still bugs. Ermm we do know how MBAM started too.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

H Paulyc and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 .

Combo fix produces a HJT log, so since it is not posted you did not post all the log. Perhaps you have the entire system set for French, since you are French that makes sense. If you don't use P2P how did all this get on the machine? Those are all P2P programs. Not just one mind you but 3. Someone uses them and they are illegal to use to get music and video that should be paid for, and most likely how you got infected.

I don't search the site for all posts by a user. What you put in this forum is all the info I had. The errors you state in the other post can be in FF and the Yahoo search ... what program is it referring to? What are the settings for saving history in FF? It can be set to not save at all. You didn't answer how did you get a HJT log the first time? Have you tried doing as the program says? You need to update MBAM to 1.30 run a quick scan see if that allows you to then run HJT.

Hi there opiumden34 and welcome to Malwarebytes. Your looking better now, MBAM removed a plethora of malware. Please move HJT from your desktop and to it's own folder in program files. Once you have done that run it in scan only and put a check next to all of the following lines and then click fix. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 O2 - BHO: (no name) - {054cb733-20bf-40aa-8392-0df7448addcf} - (no file) O2 - BHO: (no name) - {0f570f28-7ed6-4f41-9df0-401ace8ab0b7} - (no file) O2 - BHO: (no name) - {2835B8E3-DA53-4A77-A657-2E46C84D3330} - C:\WINDOWS\system32\opnkjKAq.dll (file missing) O2 - BHO: (no name) - {5055BBBE-A236-490F-A798-A1ED92BE378C} - C:\WINDOWS\system32\khfCtttt.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {702DC270-C60A-4CAE-8BC2-0009A6174290} - C:\WINDOWS\system32\urqpnKcb.dll (file missing) O2 - BHO: (no name) - {7055903A-E1DF-4F12-82CB-5A3C05E4A0D4} - (no file) O2 - BHO: (no name) - {70af9f25-88c1-4ff5-90a1-b7db14f2c605} - (no file) O2 - BHO: (no name) - {71BF1537-68C6-4A35-B7BB-59185CA2FE7E} - C:\WINDOWS\system32\qoMeEULC.dll (file missing) O2 - BHO: (no name) - {74979E96-A3DB-4AE9-AE48-7A3D1E47ACE6} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {8651D72A-F366-4781-8163-08969B1F37F7} - (no file) O2 - BHO: (no name) - {9868917F-A069-4B6A-8495-1591DEDD17CE} - (no file) O2 - BHO: (no name) - {D2D4546A-A1B0-4344-8F94-78DC44DC0479} - C:\WINDOWS\system32\nnnkIyWQ.dll (file missing) O2 - BHO: (no name) - {E7611C63-2B1C-4E4F-9113-B920578941D4} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing) O20 - AppInit_DLLs: hxmubx.dll,C:\WINDOWS\System32\dbgeng32.dll O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) Uninstall Morpheus and delete all files associated, including those you have downloaded with it. Rarely is P2P downloading legal and Malwarebytes will not be associated with illegal activities and this is most likely how you got infected. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation. Reboot to normal mode. Update MBAM run a quick scan, post that log and a new HJT log please.

Can you get a screen shot of the MBAM error please? Safe mode message? Are you in safe mode? Have you checked all things mentioned in the error message? This might be malware related. I'm not seeing any though. Also please open Notepad and under the edit tab uncheck word wrap. I need to see the HJT log lines as all one line.

You can't have TeaTimer running during the fixes. C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Update MBAM run a quick scan post that log and a new HJT log.

To be sure lets see a new MBAM log, be sure you update it, current version is 1.30. Run a quick scan and post that log then a new HJT too.

I figured since you were in msconfig you knew how to use it. Don't play in there if you don't know what your doing; in msconfig, find the entry and uncheck the box in front of it. Click apply and then OK. It will then say you need to reboot. After the reboot you will need to say no to msconfig starting at every reboot. OK while your in msconfig look for anything that says bootini in the list of autostarts, and if present uncheck it. Disable auto-reboot When Running windows and it crashes you will get a blue screen and it will automatically restart, ofter it will restart too fast for you to see the error message. You could check the error log in this case but that is too easy. We are going to disable auto restart on system failure. 1. Go to Start -> Control Panel -> System (Windows+Pause works, too) 2. Go to Advanced 3. Under the Startup and Recovery section, click Settings... 4. Under System Failure un-check "Automatically restart" Be sure you update MBAM it is now at version 1.30.

OK be sure to update MBAM before all scans. Your running an old version. 1.30 is current. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Please find this file C:\Program Files\Notepad++\notepad++.exe and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please. We need this file since MBAM is not findng it. Please do your best to get it.

Well, how did you run HJT the first time? Get rid of the P2P stuff "Limewire" downloading without paying is illegal and Malwarebytes will not be connected in anyway to illegal activities. You have no malware showing in any logs so I don't know what to do for you. You haven't given any symptoms to indicate you have malware either. "Something is wrong." doesn't tell me anything.

This user has a thread going already with Raid helping, I'm closing this one. Fractal, follow the instructions you were given in your other topic and reply there.

Since you have started another thread and it shows illegal activity I will close this thread. Do Not open another topic.

Be sure you do the System Restore reset too. If you ever use the infected Restore point your going to be right back where you started. Also all the prevention stuff I mentioned is free. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Hello Joe9000 and welcome to Malwarebytes. You are not taking action when you scan with MBAM. Please update MBAM run another quick scan and post that log and then get the correct version of HJT and follow the rest of these instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936