['Redirected Hostile Entry']

Please try it again.

[trojan.extension.exploit - keeps returning]

Where did you get that quote from? There is no post in this thread that says that.

[Help, got xp antivirus 2008 and MBAM doesnt remove it]

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Your going to another location in these instructions to turn it back on and make a new clean point. Be sure your running as Administrator.

[unable to remove all infections]

We think you may have a rootkit. This means all passwords to banks, credit cards and any other sensitive data is compromised. You should contact any of these and tell them change all passwords from another machine and keep this one off line as much as possible.

OK let's go for another special scan tool.

Download GMER get the zip file and save to your desktop.

Just run gmer.exe. All required files ( gmer.dll and gmer.sys ) will by copied to the system during the first lanuch. .

Do not click scan.Use the copy button to copy to your clipboard. Post the log in your next reply.

[Help, got xp antivirus 2008 and MBAM doesnt remove it]

Great logs look clean, how are things running? You didn't uninstall Adobe it shows clearly in your HJT log.

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price.

[My logs show a few things MWB couldn't remove]

Hi there and sorry for no reply to your thread. Please run HJT in scan only and put a check next to the following items then click fix.

O2 - BHO: (no name) - {0640FAF5-3A14-4388-952D-5A04A2C488F8} - (no file)

O2 - BHO: (no name) - {2384D913-2148-441D-9A4A-7ACC6722029D} - C:\WINDOWS\system32\cbxutspo.dll (file missing)

O2 - BHO: (no name) - {4c8a637c-1c21-4394-bcd9-03a18dcc646c} - (no file)

O2 - BHO: (no name) - {526b7b61-7876-427f-9482-b7c7410b39a4} - (no file)

O2 - BHO: (no name) - {5AB5EFAB-276F-434D-B9A5-EF13D7F56750} - (no file)

O2 - BHO: (no name) - {76A6B7EF-3B67-479A-AD25-9166CBE24C1F} - C:\WINDOWS\system32\byxuuurs.dll (file missing)

O20 - AppInit_DLLs: dudjra.dll

O20 - Winlogon Notify: ddcayxvs - C:\WINDOWS\

Reboot to normal mode, and update MBAM. Run a quick scan post that log and a new HJT log please.

[Not sure if vundo was fully removed]

Hi there and thanks for the files. Please update MBAM, run a quick scan post that log and a new HJT log.

[Help, got xp antivirus 2008 and MBAM doesnt remove it]

Are you rebooting? It is pointless to post a log that you haven't done what the program asks. Update run the scan, reboot as MBAM asks and scan again. Post that log and a new HJT log. P

[Error Code during the scan]

Attach the folder in this forum http://www.malwarebytes.org/forums/index.php?showforum=55 start your own topic please. Follow that link and attach all the files there please. Don't scan in safe mode. Attach the files and wait for my instruction.

[Malware not seen by MBAM]

The reboot to delete is common for lots of software. I don't know what SBS&D might have found, but I would appreciate you don't run scans unless requested. Cleaning System Restore is the last step in this process.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price.

[MS Juan never goes away]

You need an antivirus program. So how are things running? Do another update with MBAM and post the log, hopefully we are done with the nastiness.

[Just great, Antivirus 2009 Smart]

It doesn't matter what the size of a trojan is. P2P is risky business. The file wasn't malware. Let's see a new updated MBAM log and a HJT please. How are things running?

[Ok to have teatimer running with MAM active?]

If they do it's new to me. But I quit ZA long time ago when it got so bloated and slow. @ Rick, if I were you I would go to those AV's sites and see what the features are. I really don't know.

[Full Scan doesn't scan everything?]

MBAM is designed to find malware just as well with a quick scan as a full scan. Scanning in Safe Mode will allow malware to be missed, because it is not running during the Safe Mode boot. We recommend users always scan in regular boot mode and quick scans only.

[Malware not seen by MBAM]

Hi there, looking good. Delete the SmitFraud Fix from your desktop. Update MBAM run a quick scan and post that log with a new HJT log. Give me some feed back as to how your running.

[Help, got xp antivirus 2008 and MBAM doesnt remove it]

Are you rebooting as MBAM says for the removal? You have Symantec stuff installed and running that is not needed along with McAfee. Go to Add/Remove programs and uninstall all thing Symantec.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.

Update MBAM again, run a quick scan making sure you do the reboot if it shows in the log, post the log. Then run HJT again and post that log please.

[Does Anti-Malware find keyloggers?]

Keyloggers are spyware. By commercial I assume you mean one intentionally installed? It wouldn't matter, software can't distinguish between intentional and malware installs. In light of that, yes it would be detected.

[unable to remove all infections]

OK no malware in GMER, lets update MBAM scan post the log and a new HJT.

[unable to remove all infections]

No I really don't think so. Lsass is also legit. Try researching the error numbers on the MS site and see what you find out.

[Help, got xp antivirus 2008 and MBAM doesnt remove it]

Good job running MBAM again. I need you to post the HJT log after the MBAM scan. So please update MBAM again and run a quick scan, post that log and then post HJT again.

[unable to remove all infections]

I apologize if you mentioned what program is giving that error. I can't seem to find it in this thread. I'm wondering if the two Adobe's might clash with each other. If they are both full versions, I would uninstall 8 and use the newest patched one. I took yesterday off so will get with nosirrah on the GMER log and get back to you.

[Phishing-based Trojans]

My mistake.

[cant stop the popups, smitfraud-c]

Stick with this topic you already started and do as nosirrah asked http://www.malwarebytes.org/forums/index.p...amp;#entry28502

[Phishing-based Trojans]

What your describing is a phished site and you don't type in anything. They are links in emails. Easy to avoid. Don't click on them. If you have any reason to go to the site at all then open a new window on the browser and go there. Don't use the link in the spam email. Don't open the spam email. Do some Googling and read up on this stuff Dave. Your just as capable of learning it on your own and it's likely to make more sense and stick with you if you actually do the looking. Google, Phish and start reading.

[Slow PC - Testing]

All Panda sees is tracking cookies. Clean the cookies out they are gone. I would get rid of AVG and get a better antivirus like Avira from Antivir or Avast, Kaspersky's. Probably turn off TeaTimer if they don't know how to use it it will drive them nuts. Do some regular maintenance. Disk error check and defrag a safe reg cleaner like EasyCleaner.... do not use Duplicate file remover. Some Windows files are meant to be duplicated.