JeanInMontana

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price, from the link in my signature.

Hi skierjames and welcome to Malwarebytes. Please run HJT in scan only mode. put a check next to the item below and click fix. O20 - AppInit_DLLs: karna.dat Reboot to normal mode. Update MBAM. Run a quick scan post the log and a new HJT log.

You need to do what I asked for. Update MBAM, run a quick scan. Reboot when it asks for that. Post the log and a new HJT log. Please find this file C:\WINDOWS\system32\jahasike.dll and attach it in a zipped folder here in a new topic you start, link back to your thread here in the HJT forum please.

I need to see an updated MBAM quick scan log and the HJT log please.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price, from the link in my signature.

Hi LeeR33 and welcome to Malwarebytes. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Run HJT again in scan only mode and put a check next to the following and click fix. O20 - AppInit_DLLs: ypnntr.dll UmxSbxExw.dll Reboot to normal mode. Check for updates in MBAM and run a quick scan. Post that log and a new HJT log please.

I forgot to answer the firewall and security center questions. Online Armor is the firewall I use and it's free. The security center should turn it's self off once you have a firewall either turned on or installed and an antivirus. You can choose how it alerts you. Open it up and see in the Resources panel, at the bottom the link "Change the way ..."

The Java version showing in your HJT log is not updated. Let's see a new MBAM, be sure to check for updates, and a new HJT log.

Whoopeee!!! OK, update and run another MBAM scan please, post the log. I suggest you delete the contents of your downloaded program files. There is a ton of them and while some are certainly not malicious they are just wasting space and make the HJT log longer.

Please boot to normal mode. Update MBAM, run a quick scan, post that log and a new HJT log.

Do it after so it's gone and if there are any issues you do still have a restore point.

How are things running?

Well, they are not in the last log. How are you running? Please run HJT again and put a check next to the following and then click fix. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank If you don't have a start page chosen, do choose one, so in the future if it changes due to malware you will see it immediately. Reboot. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation. This is crucial.

I need you to update MBAM, run a quick scan, post that log and a log from HJT.

That is the Security Center and part of Windows. It is telling you that you have no firewall (fix that now) and that you have automatic updates turned off. You can turn off the Security Center too. You need to address the hardware issue, go to the Update site and see what it finds for it. Ignoring stuff won't make it go away. Some other things you must fix is your Java. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

The link I gave you for Prevx was free. No charge for anything. I have used it myself to see how it worked. Have you tried updating MBAM ? Move HJT to C:\Program Files\HiJack This not any secondary folder it's own folder. Make sure you have your system to show hidden files and folders. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. C:\WINDOWS\System32\GEARSec.exe <====== delete that file. See if you can use MBAM and the current version of HJT.

Hi there jamparing, and welcome to Malwarebytes. Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

Thanks I'll alert the server crew, yes something must be broke and that would explain, why I haven't gotten a reply too.

Bill your being quite naive about rogues. When you use one there is often nothing ever removed because there was nothing there to start with, or they plant it and then play the hero and remove it. If your relying on this particular rogue to clean, most likely your doing nothing in your travels. Or your infecting 100's.

Hope you have a great day!

Have you tried since MBAM removed what it did? You can try here http://www.malwarebytes.org/forums/index.php?showtopic=6844 I'm not sure what the current version is there they are usually behind also, but may be newer than yours, you are over 1000 defs behind.

What does the icon say? Would it be CA anti virus? When did it appear? Can you screen shot it and attach? New found hardware, could be reconnecting a printer ? Not sure, but if you click that it should tell you what it thinks is new. Run HJT again and remove this O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

When the log says delete on reboot as it does for several items in your MBAM log you must do that. Reboot the machine, quick scan again, post that log and a new HJT.

Hi there branthan, and welcome to Malwarebytes. Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Do not post this log. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. * If it finds any malware, it will offer you a report. * Please ignore any entry it finds and wants you to buy the program for removal as we will address this later. * Click on see report. Then click Save report Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

If you install the recommended prevention in my earlier post you will be in good shape. Just because your paranoid, doesn't mean they aren't out to get you. They are. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.