JeanInMontana

Hi lowpost99 and welcome to Malwarebytes. Please get this version HiJack This! Install it to Program files, update MBAM, run a quick scan, post the MBAM log and then a new HJT log from the new version.

Please try it again.

Where did you get that quote from? There is no post in this thread that says that.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Your going to another location in these instructions to turn it back on and make a new clean point. Be sure your running as Administrator.

We think you may have a rootkit. This means all passwords to banks, credit cards and any other sensitive data is compromised. You should contact any of these and tell them change all passwords from another machine and keep this one off line as much as possible. OK let's go for another special scan tool. Download GMER get the zip file and save to your desktop. Just run gmer.exe. All required files ( gmer.dll and gmer.sys ) will by copied to the system during the first lanuch. . Do not click scan.Use the copy button to copy to your clipboard. Post the log in your next reply.

Great logs look clean, how are things running? You didn't uninstall Adobe it shows clearly in your HJT log. O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price.

Hi there and sorry for no reply to your thread. Please run HJT in scan only and put a check next to the following items then click fix. O2 - BHO: (no name) - {0640FAF5-3A14-4388-952D-5A04A2C488F8} - (no file) O2 - BHO: (no name) - {2384D913-2148-441D-9A4A-7ACC6722029D} - C:\WINDOWS\system32\cbxutspo.dll (file missing) O2 - BHO: (no name) - {4c8a637c-1c21-4394-bcd9-03a18dcc646c} - (no file) O2 - BHO: (no name) - {526b7b61-7876-427f-9482-b7c7410b39a4} - (no file) O2 - BHO: (no name) - {5AB5EFAB-276F-434D-B9A5-EF13D7F56750} - (no file) O2 - BHO: (no name) - {76A6B7EF-3B67-479A-AD25-9166CBE24C1F} - C:\WINDOWS\system32\byxuuurs.dll (file missing) O20 - AppInit_DLLs: dudjra.dll O20 - Winlogon Notify: ddcayxvs - C:\WINDOWS\ Reboot to normal mode, and update MBAM. Run a quick scan post that log and a new HJT log please.

Hi there and thanks for the files. Please update MBAM, run a quick scan post that log and a new HJT log.

Are you rebooting? It is pointless to post a log that you haven't done what the program asks. Update run the scan, reboot as MBAM asks and scan again. Post that log and a new HJT log. P

Attach the folder in this forum http://www.malwarebytes.org/forums/index.php?showforum=55 start your own topic please. Follow that link and attach all the files there please. Don't scan in safe mode. Attach the files and wait for my instruction.

The reboot to delete is common for lots of software. I don't know what SBS&D might have found, but I would appreciate you don't run scans unless requested. Cleaning System Restore is the last step in this process. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price.

You need an antivirus program. So how are things running? Do another update with MBAM and post the log, hopefully we are done with the nastiness.

It doesn't matter what the size of a trojan is. P2P is risky business. The file wasn't malware. Let's see a new updated MBAM log and a HJT please. How are things running?

If they do it's new to me. But I quit ZA long time ago when it got so bloated and slow. @ Rick, if I were you I would go to those AV's sites and see what the features are. I really don't know.

MBAM is designed to find malware just as well with a quick scan as a full scan. Scanning in Safe Mode will allow malware to be missed, because it is not running during the Safe Mode boot. We recommend users always scan in regular boot mode and quick scans only.

Hi there, looking good. Delete the SmitFraud Fix from your desktop. Update MBAM run a quick scan and post that log with a new HJT log. Give me some feed back as to how your running.

Are you rebooting as MBAM says for the removal? You have Symantec stuff installed and running that is not needed along with McAfee. Go to Add/Remove programs and uninstall all thing Symantec. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation. Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc. Update MBAM again, run a quick scan making sure you do the reboot if it shows in the log, post the log. Then run HJT again and post that log please.

Keyloggers are spyware. By commercial I assume you mean one intentionally installed? It wouldn't matter, software can't distinguish between intentional and malware installs. In light of that, yes it would be detected.

OK no malware in GMER, lets update MBAM scan post the log and a new HJT.

No I really don't think so. Lsass is also legit. Try researching the error numbers on the MS site and see what you find out.

Good job running MBAM again. I need you to post the HJT log after the MBAM scan. So please update MBAM again and run a quick scan, post that log and then post HJT again.

I apologize if you mentioned what program is giving that error. I can't seem to find it in this thread. I'm wondering if the two Adobe's might clash with each other. If they are both full versions, I would uninstall 8 and use the newest patched one. I took yesterday off so will get with nosirrah on the GMER log and get back to you.

My mistake.

Stick with this topic you already started and do as nosirrah asked http://www.malwarebytes.org/forums/index.p...amp;#entry28502

What your describing is a phished site and you don't type in anything. They are links in emails. Easy to avoid. Don't click on them. If you have any reason to go to the site at all then open a new window on the browser and go there. Don't use the link in the spam email. Don't open the spam email. Do some Googling and read up on this stuff Dave. Your just as capable of learning it on your own and it's likely to make more sense and stick with you if you actually do the looking. Google, Phish and start reading.