JeanInMontana

the quick scan with MBAM is what is instructed and really all you need to do. 00035872 adware/popuper Adware No 0 Yes No c:\documents and settings\all users\favorites\online antivirus and spyware remover.url 00035872 adware/popuper Adware No 0 Yes No c:\documents and settings\all users\favorites\online directory of pure porn.url As you see the two above are the root of the popups and need to be taken out of Favorites and don't go there again. Porn sites are notorious for infection and most likely the other is a rogue application. Run HJT again and remove these lines below by placing a check next to them and then clicking fix. O1 - Hosts: 66.180.173.39 google.ae O1 - Hosts: 66.180.173.39 google.am O1 - Hosts: 66.180.173.39 google.as O1 - Hosts: 66.180.173.39 google.az O1 - Hosts: 66.180.173.39 google.bi O1 - Hosts: 66.180.173.39 google.cd O1 - Hosts: 66.180.173.39 google.cg O1 - Hosts: 66.180.173.39 google.ci O1 - Hosts: 66.180.173.39 google.cl O1 - Hosts: 66.180.173.39 google.co.cr O1 - Hosts: 66.180.173.39 google.co.hu O1 - Hosts: 66.180.173.39 google.co.in O1 - Hosts: 66.180.173.39 google.co.je O1 - Hosts: 66.180.173.39 google.co.jp O1 - Hosts: 66.180.173.39 google.co.ke O1 - Hosts: 66.180.173.39 google.co.ls O1 - Hosts: 66.180.173.39 google.co.th O1 - Hosts: 66.180.173.39 google.co.ug O1 - Hosts: 66.180.173.39 google.co.uk O1 - Hosts: 66.180.173.39 google.co.ve O1 - Hosts: 66.180.173.39 google.dj O1 - Hosts: 66.180.173.39 google.es O1 - Hosts: 66.180.173.39 google.fm O1 - Hosts: 66.180.173.39 google.gg O1 - Hosts: 66.180.173.39 google.gl O1 - Hosts: 66.180.173.39 google.gm O1 - Hosts: 66.180.173.39 google.hn O1 - Hosts: 66.180.173.39 google.kz O1 - Hosts: 66.180.173.39 google.li O1 - Hosts: 66.180.173.39 google.lt O1 - Hosts: 66.180.173.39 google.lu O1 - Hosts: 66.180.173.39 google.lv O1 - Hosts: 66.180.173.39 google.mn O1 - Hosts: 66.180.173.39 google.ms O1 - Hosts: 66.180.173.39 google.mu O1 - Hosts: 66.180.173.39 google.mw O1 - Hosts: 66.180.173.39 google.no O1 - Hosts: 66.180.173.39 google.off.ai O1 - Hosts: 66.180.173.39 google.pn O1 - Hosts: 66.180.173.39 google.pt O1 - Hosts: 66.180.173.39 google.ro O1 - Hosts: 66.180.173.39 google.ru O1 - Hosts: 66.180.173.39 google.rw O1 - Hosts: 66.180.173.39 google.se O1 - Hosts: 66.180.173.39 google.sh O1 - Hosts: 66.180.173.39 google.sk O1 - Hosts: 66.180.173.39 google.sm O1 - Hosts: 66.180.173.39 google.td O1 - Hosts: 66.180.173.39 google.tm O1 - Hosts: 66.180.173.39 google.tt O1 - Hosts: 66.180.173.39 google.uz O1 - Hosts: 66.180.173.39 google.vg O1 - Hosts: 66.180.173.39 google.ae O1 - Hosts: 66.180.173.39 google.am O1 - Hosts: 66.180.173.39 google.as O1 - Hosts: 66.180.173.39 google.az O1 - Hosts: 66.180.173.39 google.bi O1 - Hosts: 66.180.173.39 google.cd O1 - Hosts: 66.180.173.39 google.cg O1 - Hosts: 66.180.173.39 google.ci O1 - Hosts: 66.180.173.39 google.cl O1 - Hosts: 66.180.173.39 google.co.cr O1 - Hosts: 66.180.173.39 google.co.hu O1 - Hosts: 66.180.173.39 google.co.in O1 - Hosts: 66.180.173.39 google.co.je O1 - Hosts: 66.180.173.39 google.co.jp O1 - Hosts: 66.180.173.39 google.co.ke O1 - Hosts: 66.180.173.39 google.co.ls O1 - Hosts: 66.180.173.39 google.co.th O1 - Hosts: 66.180.173.39 google.co.ug O1 - Hosts: 66.180.173.39 google.co.uk O1 - Hosts: 66.180.173.39 google.co.ve O1 - Hosts: 66.180.173.39 google.dj O1 - Hosts: 66.180.173.39 google.es O1 - Hosts: 66.180.173.39 google.fm O1 - Hosts: 66.180.173.39 google.gg O1 - Hosts: 66.180.173.39 google.gl O1 - Hosts: 66.180.173.39 google.gm O1 - Hosts: 66.180.173.39 google.hn O1 - Hosts: 66.180.173.39 google.kz O1 - Hosts: 66.180.173.39 google.li O1 - Hosts: 66.180.173.39 google.lt O1 - Hosts: 66.180.173.39 google.lu O1 - Hosts: 66.180.173.39 google.lv O1 - Hosts: 66.180.173.39 google.mn O1 - Hosts: 66.180.173.39 google.ms O1 - Hosts: 66.180.173.39 google.mu O1 - Hosts: 66.180.173.39 google.mw O1 - Hosts: 66.180.173.39 google.no O1 - Hosts: 66.180.173.39 google.off.ai O1 - Hosts: 66.180.173.39 google.pn O1 - Hosts: 66.180.173.39 google.pt O1 - Hosts: 66.180.173.39 google.ro O1 - Hosts: 66.180.173.39 google.ru O1 - Hosts: 66.180.173.39 google.rw O1 - Hosts: 66.180.173.39 google.se O1 - Hosts: 66.180.173.39 google.sh O1 - Hosts: 66.180.173.39 google.sk O1 - Hosts: 66.180.173.39 google.sm O1 - Hosts: 66.180.173.39 google.td O1 - Hosts: 66.180.173.39 google.tm O2 - BHO: (no name) - {602DD5BD-6413-46D9-B655-937776DFEA19} - C:\WINDOWS\system32\ljJYRHBT.dll (file missing) O2 - BHO: (no name) - {6BAF4B9A-3399-4233-A380-109DFD48E690} - C:\WINDOWS\system32\andcea.dll (file missing) O2 - BHO: (no name) - {D8A7FBC6-AE1D-4743-9E70-21902FB19B6D} - C:\WINDOWS\system32\ljJAPIax.dll (file missing) O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU) O20 - Winlogon Notify: ljJAPIax - ljJAPIax.dll (file missing) O24 - Desktop Component 0: (no name) - http://www.focusstoc.com/forums/uploads/11..._2_2_117383.jpg O24 - Desktop Component 1: (no name) - http://www.wolves.premiumtv.co.uk/content/...R64/367353.JPEG Reboot. Update MBAM do a quick scan again and post that log and a new HJT log.

Hi chucky830 and welcome to Malwarebytes. Interesting, how did you use malware to remove malware? xp 2008? No such thing, that I'm aware of. I suggest you follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

You never finished your topic here http://www.malwarebytes.org/forums/index.p...amp;#entry21734 so it's impossible to tell if your infected or not. You don't have to install for some infections to get you. I can't stress enough you follow the instructions in the pre HJT post instructions and start your own topic.

Use the whitelist and no problems.

MBAM doesn't remove cookies and SBS&D does.

The topic here is if just MBAM alone is enough for PC security. The answer is no. No one program is enough, not any program out there is enough on it's own. User's must use a layered protection or they will get infected.

Well this sucks. I am an affiliate with RegNow and how do I get this fixed?

Hi kgom and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic. Someone will be happy to help you.

No, I don't think you are realizing anything. Please start a topic in the Malware Removal forum and follow the instruction in the link I posted prior. You need to clean this machine, it's a menace to the WWW.

Hi RifRaf and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

No it is NOT up to date, the current version is 1.24. This is the last time I will say follow the pre HJT post instructions. Read these http://www.malwarebytes.org/forums/index.php?showtopic=2936 and do what is requested.

Please read the instructions and follow them. This is important, your not following any of the instructions in the link I posted. Give me logs in english please.

Looks good now. Get some of the free prevention programs on it, us SiteHound or SiteAdvisor and a host file.

Interesting results? Online analyzers are not safe or reliable. They might show you something that should be removed or they might not. No one I know uses them with confidence or recommends.

It doesn't take 5 hours. 30 minutes is an average, something wasn't right. What does MBAM show now? and HJT? There is a new version of MBAM, run a quick scan and post the log and a new HJT.

A malware removal school like Malware Removal University, Geeks 2 Go, What the Tech is your best bet for learning how to use HJT. It is a diagnosis tool not a malware scanner. The majority of items you see in a HJT log are valid and crucial system items. Those are schools that can teach you.

Then you put a reinstall disk in, and ran a full install? Not a repair?

Please read and follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 .

Hi Adaox and welcome to Malwarebytes. Have your girlfriend join the forum and follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 . Someone will be happy to help her.

Ok still waiting for those.

You must not have done the reformat correctly is all I can think. When it asks do you want to completely remove the volume on C or overwrite, I forget the exact wording. Choose yes. You must completely erase the drive and then reinstall Windows.

Hi Edward and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 .

You have not followed the instructions http://www.malwarebytes.org/forums/index.php?showtopic=2936 <===== HERE. Please follow those instructions completely.

Hi Coolpoolfool and welcome to Malwarebytes. Only one active antivirus running you can have more as backup scanners but running two at once is no good. Many of infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.

Some of the features are in the pay version. You can schedule tasks to be preformed minimized and you barely know the program has run.