JeanInMontana

Auto update and scan failed.

Another thing is you can have RR start at boot, see if there are updates[it will tell you] use the immunize feature, and shut it down. RR doesn't need to "run".

Hi skorpyo69 and welcome to Malwarebytes. Glad we were of assistance.

Well I don't see anything bad. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Those two should be cleaned up with HJT. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature

OK we are going to take a new approach. Please download GMER to your desktop and extract the contents. Double click the file to start the auto quick scan. When done on the right side of the scan, click copy and then paste the log here.

There is something wrong there. Possibly a hack in the Aumha site, or your infected.

Hi Wrath0 and welcome to Malwarebytes. Please follow the direction here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic in that forum.

Kay everything I list is free. Also I wouldn't throw your old PC away. It's a horrid thing to dump on the environment and still has many uses. It's really simple to clean the fan and if that is all that's wrong, use the PC for a printer server, or to back up files to, donate it to a worthy cause, some poor family or a battered woman's shelter, Big Brothers or Sisters, it's got lots of uses left.

Are you using IE and logged in as an Administrator? There is a tutorial on how to run the scan at the top of this forum. C:\HJT\Administrator.exe <=== don't rename the program. Or put it in with another program. HJT in a folder all it's own on C. I missed that before. Please make these corrections and after the Panda scan run HJT again and post the log. If you can't get Panda, then just post the HJT log from the correct location please.

Hi Kay, McAfee is a resource hog and SpySweeper has taken a rather dark path, from their once great program. I use Avira free and it's just a great AnitVirus program. Low on resources and always on the cutting edge of definitions. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price

Yes update and scan with MBAM again, post that log and a new HJT please.

You should just reformat. You have been rooted, it's not going away and there is no guarantee it ever will. HJT doesn't change drive letters. If Raid wants to keep at it that's up to him, I'm done.

You didn't follow any of the instructions but to post a HJT log. We need some scans too, Panda and MBAM please. You can run scan only in HJT and put a check next to the line below and then click fix. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Are you rebooting as it says is needed to remove? Please read and follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 Start your own topic in that forum and someone will be happy to help you.

O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <======= turn off Tea Timer O23 - Service: Microsoft DDE+ server (423b2bdf) - Unknown owner - H:\WINDOWS\system32\.423b2bdf\423b2bdf.exe (file missing) <===== delete with HJT Suddenly your drive letter is back to normal. I don't know what your doing but its not winning points. Your either doctoring the log or you have swapped machines. Either way its all gonna come to a screeching halt real soon.

Update MBAM current version is 1.22 run the quick scan with it and then with HJT please.

OK are you rebooting right after the MBAM scan? It's targeting the files we have been after and some new ones also.

LOL well I'm sorry if I sounded crabby. I see too many of these logs and people don't realize they will tell me exactly what is on the system. How many accounts are on the PC? I'm going to split this topic if there is more than just two. We will have to clean each one. h:\program files\avira\antivir personaledition classic\avcenter.exe H:\Program Files\Trend Micro\HijackThis\HijackThis.exe Why are the drive letters different? Run HJT again with all programs closed, put a check next to these items and click fix. O23 - Service: Microsoft DDE+ server (423b2bdf) - Unknown owner - H:\WINDOWS\system32\.423b2bdf\423b2bdf.exe (file missing) O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - H:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) Close the program, reboot to normal, update MBAM scan a quick scan, post that log and a new HJT please.

Hi BakTrak and welcome to Malwarebytes!! Glad we could help you out MBAM rules. However, it is still a very good idea to have someone have a look further to be sure your totally free. http://www.malwarebytes.org/forums/index.php?showtopic=2936 <======= Follow those instructions and let one of the helpers have a look.

SBS&D targets other things than MBAM does. There is not one single program that will ever be enough. Please let someone look at your logs to be sure your free of malware.

Keep updating MBAM too and scanning with that. It has a new version and might do the trick.

Let's try this one http://www.majorgeeks.com/download4899.html and I think you should update MBAM and show me a quick scan with that please and a new HJT log.

Those are not infections either. They are quarantine, temp files and the System Restore. That log is dated 7/18 & 19 3 . JASONDESKTOP <==That is not a malware location. So either its in the recycle ben or you have a folder of malware on your desktop. If nothing has been found since the 19, and then it wasn't malware I'm sure your clean. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature

Typing anything Malwarebytes brings you here because Marcin bought all domain extensions for that very reason. It keeps anyone from using the same well known name for malicious intent. I will see to it this site is added to SiteHound, and hpHosts.

Hi Ultimate Predator and welcome to Malwarebytes. What exactly did you have in mind? A simple statement of what you run and like? Many use their signature for that. There is a thread for what browser you prefer. Some discussion on AVG's new version also. We don't have a specific software recommendation thread. If you want to tell everyone what your using I suggest General Chat or your signature.