JeanInMontana

Ok let's clean up some things with HJT. Run scan only and put a check next to the following items, then click fix. R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) Reboot the machine. Do you use a Logitech mouse or keyboard? The lines below are from Logitech if you have that installed, but are not necessary to run at startup if you are not using those features. O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation. Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc. Update MBAM run a quick scan post that log and a new HJT log.

Bruce this keeps coming back on her machine. We fixed it in HJT forum and it's back again, something strange going on. @ Blondie it's not malware, but there is a problem of some sort.

This has nothing to do with this topic. Not sure what your posting it for?

Please get and use this version of HiJack This! .

Looking good. Run HJT in scan only and put a check next to the following. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - Reboot, update MBAM run a quick scan post that log and a new HJT please.

Yay! I think we whipped it! You can clean up this line with HJT O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price.

Ack poor instructions on my part also. I meant turn off McAfee just long enough to allow MBAM to do the repair and then turn it on again. See your a bit more techno than you thought. Glad this is all fixed up now. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Hi Wireneck and welcome to Malwarebytes. Follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and someone will be happy to help you.

It's in Program Files so perhaps also in Add/Remove Programs. You need to zip files to upload here. Update MBAM run a quick scan, post that log and a new HJT log please.

Old logs are of no use to us. Please do this. Turn off McAfee totally. Update MBAM, do a Quick Scan post that log and then the HJT log. Those lines are not actually malware and should get fixed if MBAM is allowed to do so.

Hi s0tet and welcome to Malwarebytes!

Memory will cause all sorts of problems and so hard to pin to memory. LOL glad you got it fixed up.

Hi JesseXXX and welcome to Malwarebytes. HiJack This! is the program you need to install. To add a signature go to the My Controls link and find Edit Signature it's fairly self explanatory from there, but if you still need help let us know. I'm going to move this topic to the correct forum and step out of it.

I need the HJT log too please.

And what is a PTR record? And why did BD get that response? We all get to learn from this one. @ BD I think Steven explained how the IP even with a user name change can be traced very well, if not keep asking. Most sites I help manage do not allow user name change without an Admin or Moderator assisting. Which brings me to a question for you, why do you want to hide your posts on these forums in question? Or am I reading more into this than there is? Edit #2 Why on earth would you want to stick with AOHELL as ISP? There are lots of options from providers that actually get you straight to the WWW and don't force install crapware on your machine.

No I don't need Panda again. Did you reboot as MBAM asked ? Update and run a new quick scan with MBAM post that log, shut down all the extras you have running please and post a new HJT log.

Hi, you need to post a HJT log after you post a log from MBAM please. Quick scans from MBAM will get as much as a full scan also. Update MBAM run a quick scan post that log and a HJT log.

Hi Nick I need to see a new HJT log and not the start up list version. Just a normal scan only please. So let's do this, update MBAM and run a new quick scan, post that log and then the HJT log.

C:\WINDOWS\system32\afynuran.exe C:\WINDOWS\system32\lyheharq.exe C:\WINDOWS\system32\jupidsxq.exe I need you to get those files scanned at Virus Total and paste the results in your next reply please.

Update now scan again and post that log and a new HJT log too please.

That's nice Tom, and now we can point the nay sayers to credible testing and removal. Give the active protection a whirl next time. See how well it stops known injection sites etc.

You might want to take a look at these test results too http://temerc.com/forums/viewtopic.php?p=3432982#wrapheader

What I see is your identity was stolen via a trojan. Your IP address had nothing to do with that. Your activity can be tracked via IP to a point, but only by people on forums with the right permissions are able to see your IP. The software in this forum will track every post you have made here and what the IP was for that post. What they are talking about in the post you put up, is one person is in a position at two sites that allows her to see your IP address at those sites. Steven's tool resolves website IP's only. Your IP is not a website so it comes up as null. I hope this helps you understand a bit.

OK I have alerted the devs, should be update soon that will rip this stuff out by the roots.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.