JeanInMontana

Hi and welcome. I see what's going on here. Reboot into Safe Mode by tapping the F8 Key as soon and you click on restart. Using Windows Explorer navigate to the files below and delete. Reboot, update MBAM and run a quick scan post that log and a new HJT log please. C:\Program Files\Antivirus 2008\Antivirus-2008.exe C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe

Errrm there is no scheme, it's all for real.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Just follow the instructions, I don't need a play by play. Keep all replies in this topic.

You have a topic started already. DO NOT start another. Keep your replies in one topic.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

OK, I moved this over to PC Help because this rogue is no where near new. If you install and scan with MBAM and then follow up with these instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 you can be assured of no further problems.

Thanks!

I don't see a problem with it. Thanks! We can't just allow all to download files, this is a concern for security and as it is we are usually under DoS attacks. Word from those in the small inner circle of all knowing, is we are very close to new version and no more issues at all.

You could have system damage. You have a lot of stuff running and a resource hog AV. Let's clean up some stuff with HJT. Run in scan only and put a check next to the following then click fix. O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: (no name) - {73F7F495-A325-4C52-BE48-5F97FA511E89} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) Your log keeps changing on review, you had Ares installed and now it doesn't show, did you uninstall it? C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe <======== that file gets mixed results in malware search. What can you tell me?

OK the only thing I see weird is all the host entries for www.winmx.com err.winmx.com it is a long trail of name servers on Who Is and if you don't know what it is remove with HJT. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price.

Whoa! one topic and follow the instructions. Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

Run HJT in scan only and put a check next to the following then click fix. O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) If you did update Adobe, you would have the correct version. Your still running 7 the current version is 9. http://www.reader-download-free.com/ I start to lose patience real fast when people think they can fool me. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price.

News flash! This is detected and is actually removed... we just need to take it out with HJT. So run HJT in scan only put a check and click fix. Reboot and run a new quick scan with MBAM after update and a new HJT scan. Post both logs and we will see.

Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Navigate to the Windows folder on C:/ and it should be in System or System32/dll cache . http://www.systemlookup.com/lists.php?list...s:%20karina.dat

Hi cent and welcome to Malwarebytes! Glad we were of assistance.

Hi jeanette and welcome. I need you to please get this file O20 - AppInit_DLLs: karina.dat and attach it as a zip here. I'll be back to you soon after the file is here.

You should stick with this and finish.. a few days in not really and option. Malware is not something to mess with. So this download program is similar to P2P? Why is it not on C:/?

I will look into this. You have a valid point, in the meantime you might ask the Admin of those forums to attach the file to their post about it.

You need to follow the instructions given by AdvancedSetup and let someone help you.

I've merged your topics since they are all the same issue there is no need for two separate threads.

Looks like progress to me... you removed several trojans. Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc. Reboot and update MBAM run another quickscan post that log and a new HJT log.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Update MBAM and run a quick scan, post that log and a new HJT log.

So how are things running now? J:\Program Files\Steam\Steam.exe Strange location, did you install this? You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.