JeanInMontana

Keyloggers are often used by spouses to see what the other is doing too. There are good keyloggers for keeping kids safer. You should change all your passwords, and use the prevention tools you were advised to use in your HJT thread. Keep everything updated and you should be OK.

Hi and welcome, I see you have posted in the correct forum, and are being assisted. Please keep all replies to that forum and follow all instructions.

Yes he may, however, I need to know exactly. We are having issues and can only track it down with exact addresses.

Run MBAM as an administrator. Using the interactive desktop is a security risk period. The article your referencing is not taking security applications into consideration. My advice is turn off the interactive desktop and run MBAM as an administrator, update and quick scan.

Posting to increase post count will be considered spam and dealt with as such. You have 2 minutes to edit a post, proof read before hitting send.

Most likely your using an unsecured connection, and it is your router that is infected. It will require a special process to remove it. Hi read and follow the instructions here then post a log here . Someone will be happy to help you.

Let's remove O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 with HJT reboot and see what works.

Ooops you can put the item MBAM is finding into the ignore list. Your sure your running as an administrator?

Hi Jim and welcome to Malwarebytes. Please post all logs in the body of your reply and not as an attachment. Update MBAM run a quick scan and post the log. Reboot when it says to reboot for removal. Please get HiJack This! install it to C:\Program Files Open Notepad, under the format tab, please make sure that word wrap is not checked for these procedures. Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment.

You did what? Did you upload the file? Stuff in the Windows folder can be malware but it is your system. You need to know what your doing there, and that is why we test before we delete. When I say update MBAM, I mean click on the button that says UPDATE. It will update anything there is to update. You haven't shown me the logs I requested and I have no idea what you have done. I need you to do what is requested, and take no action on your own.

The items AVG is finding are in System Restore. That will be one of our last steps to clean. Please don't run scans with other tools until asked. Run HJT in scan only mode and put a check next to the following, then click fix. O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) Now reboot and update MBAM, run a quick scan post that log and a new HJT log.

MBAM indicates a rootkit and in this case the only way we can be sure your clean is to do a reformat. You must notify all banks and credit cards immediately and change all passwords to those sites from a clean computer. Do not access the sites until you have a clean machine. If you decide to go on with cleaning please following the following instructions. OK let's go for another special scan tool. Download GMER get the zip file and save to your desktop. Just run gmer.exe. All required files ( gmer.dll and gmer.sys ) will by copied to the system during the first lanuch. . Do not click scan.Use the copy button to copy to your clipboard. Post the log in your next reply.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price, from the link in my signature.

Hi Rick you right click the file and choose send to zipped folder. To shut down McAfee do this. OK we will need to kill the service in Computer Management. Click on Start===>My Computer==>Right click and choose Manage===>In the list find Services and Applications===> Scroll down until you see GEARSec.exe===> Right click and choose stop

Hi, OK we will need to kill the service in Computer Management. Click on Start===>My Computer==>Right click and choose Manage===>In the list find Services and Applications===> Scroll down until you see GEARSec.exe===> Right click and choose stop Reboot to normal mode. Update MBAM, quick scan, post the log and a new HJT log. Let's see if it's gone. Let me know how your running.

Hi again. I'm not seeing malware, and the stuff in the Panda log has to be false positives, they are listing MBAM also. Couple things to clean up and the cause of your reg edit issue is this O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 It's disabled. I can't find that key at all in my registry, I go as far as System and Policy and there is nothing for Regedit. I'm thinking it's ZoneAlarm or AVG blocking. Please run HJT in scan only and put a check next to the following then click fix. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank Please make sure you do set a start/home page, so we know if your being hijacked. Use Google, or any site of your choice. How are you running now? MBAM has updated since your last scan also.

Nat AVG is not malware, and that log is of no use to me. I don't know what you mean here? You got the uninstaller tool, and ran it?

Personally I think the guy is an affiliate for the rogue. No one with any sort of credibility would endorse it. Nice call on the pay to remove exile360, that convinces me he is from or associated with the rogue. At any rate it will not be removed from the data base because it is indeed a rogue.

I'm sorry Larry, this is not the norm for our customer service. I am trying to get someone to address this ASAP.

It is very frustrating. Malware is a greedy, lazy crime of humanity. Those people behind it are too lazy to earn a living in any honorable profession and choose to exploit and assault others.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation. Now proceed to the following, do not skip resetting the System Restore Point. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price, from the link in my signature.

Ack!! Again I missed you. I am so very sorry. I don't just move on...LOL it's against the rules. I'm so sorry. Let's see a final updated MBAM log and a new HJT log please.

Looking good. How are you running? Please run HJT in scan only mode put a check next to the following and then click fix. O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing) Now reboot and check for any updates in MBAM, quick scan again, post that log and a new HJT log please.

Yes try that, but do not skip clearing the Restore Points. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Great. I can't stress enough the importance of adding the free prevention tools I listed. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.