JeanInMontana

Looking good how is it running?

I instructed you to upload the file in a zipped folder in my instructions. No forum will allow exe files to be uploaded if they have a clue. Please get this file scanned at Virustotal.com http://www.malwarebytes.org/forums/index.p...amp;#entry31125 Post the log results here for me. Run HJT in scan only and remove these lines below by placing a check nest to them and clicking fix. O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (file missing) O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (file missing) O18 - Protocol: ipp - (no CLSID) - (no file) O20 - AppInit_DLLs: kmon.dll Reboot and update MBAM. Please run a quick scan and post that log and a new HJT along with your log from Virus Total.

Did you install the latest version Sooz? We just released 1.29. I have sent a message to get feed back for positive on that file.

Please see Raid's response there. This is weird I'll find out what is the deal.

To the best of my knowledge the site was compromised. That is how I took it when nosirrah told me it was from that site.

So what were the "problem" files? Vague references are of no use to anyone. What ever you did is nothing Lilstormcloud should do, you have deleted some vague file.

Hi Jonathan. Malware gets many names for the same infection, depending on what program your using that flags it. There is a new malware now that disables the control panel and won't allow anything to run in Safe Mode, actually wipes out Safe Mode. What exactly is a Computer Examiner?

Hi Kimmy and welcome to Malwarbytes. We love you too.

Tigger is right you have to fix with HJT. I think you need to head to the HJT forum and have someone look at some logs. Please follow these instructions here and begin your own topic in that forum.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Sooz I really don't think your infected at all. FProtect gave you a F/P that's why nothing else can find malware. Update MBAM do a quick scan see if it finds something.

The file upload for this whole site is 16MB. Did you try to upload it? Scan it at http://www.virustotal.com/ and post that report please.

Why couldn't you upload it? I have been missing the root of our infections O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" Bit torrent is so risky and most likely how you got infected. It's also illegal to download software, music, or video without paying for them.

Yes that was the file and it shows no infection. I'm not seeing any malware in your logs. You will want to update your Java it is outdated. Many of infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price.

This is MBAM making a needed repair. Please allow it.

OK a general answer to both of you. I have discussed this with the lead developer and it is malware. You can't find it because it is malware. File sizes and "non.exe" won't save you from malware. P2P is risky behavior, and will get you infected. Free or paid MBAM works exactly the same in removal. @ Kevin 1972vet has pmed me about this. I will have nosirrah post to this thread.

Please only post what is asked for, there is enough to wade through. We need samples of all the stuff Panda is flagging. My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe and the others in your last log. Please find these files and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please. I'll give instructions as soon as the files have been analyzed.

Hi again I need you to find a file for me please and submit it as a sample. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Please find this file C:\Program Files\Thunder Network\Thunder\Thunder.exe and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please. Run HJT again and remove this item O20 - AppInit_DLLs: kmon.dll, reboot, update MBAM and run a quick scan, post that log and a new HJT log please. Be sure you have your permissions set as Administrator when your trying to install the programs that are failing. Also you may have system damage that is causing this error.

first thanks for being patient and sticking with it. I think with help from the lead researcher we know what it is. It's not malware but it's stopping MBAM from fixing the registry. O4 - HKLM\..\Run: [PDF4 Registry Controller] "c:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe" <===== that program associated needs to be shut down or uninstalled for us to clean all the Zlob. Once you have done that update MBAM again, its a few versions out again and do a quick scan, post that log and a new HJT log, please.

Your MBAM needs updating and you only need to do a quick scan. Please find this file c:\windows\system32\wpclsp.dll and have it scanned here www.virustotal.com post the report here with a new updated MBAM log and another HJT log.

These are not FP's remove them. http://74.125.45.104/search?q=cache:1vz4kr...;cd=9&gl=us MBAM is identifying them as Zlob because it is.

Hi Sander please update MBAM. Your using a version 3 back. Current version is 1.28, install that version update it and run a quick scan. Post that log and a new HJT log please.

Your scanning with MBAM. You have been here before and posted a HiJack This! log. http://www.malwarebytes.org/forums/index.php?showtopic=2936 follow those instructions, please.

Hi eleez and welcome to Malwarebytes. You need to update MBAM and scan again. The HJT log is the last log you post after the Panda and a new MBAM after you have updated.