JeanInMontana

Those are not virus or malware. Two are saying there were no new virus definitions I don't know what the other is for sure, but it's not malware. Plus it shows 0 threats. I don't see anything to indicate infection. Do you have any symptoms?

Hi figeroaspanky and welcome to Malwarebytes. I suggest you have someone look at more logs to be sure your clean of the trojan. Following the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic in that forum.

Don't let me know what happens, I need to see that log from ComboFix. Yes, there is a chance you might back up the files containing the malware, since I have no idea what you might back up. I'm attaching a screen shot of what the FF entry looks like in A/R. If you don't see that delete the file. There are other programs that will take screen shots and save in a format not so large BMP files are always large. MBAM has a new version.

you are not updated. The current SP is 3 not 2.

Post the Symantec log not attached a new scan with updated MBAM and that log and new HJT log. NO AVG is not better. Avira or Avast would be two better and free.

Oh dear.

Yes!! Backup, always and on a regular basis. It sounds like you have the right CD, I can't be positive without reading what's on it. Try the procedure if it works it was right. Report those Yahoo ID's to Yahoo, don't contact them unless you can walk to their house with a baseball bat. Go to Control Panel > Add Remove Programs If FF is installed it will be there. Being rooted means there is a trojan in the root of your PC's Windows directory. Your not in control of the machine someone else is and therefore all your information on the entire PC has been exposed to them. You should consider doing a total reformat. That is the only way we can be positive your clean. Keep updating and running MBAM. There is no need to zip files with only picture or a text file. You can simply upload them.

The information we need will be given if the instructions are followed in the link provided by Eric the Red. They were written specifically for determining the cause of the symptoms.

You still need to follow instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

Sorry to be late, hope it was the very best.

Those are all in Temp files. I asked you back there to empty those. Please get CCleaner Install the program run the scan. If you have any queries or comments then please use the Forum or contact us via this form.. NOTE: You may wish to save your cookies for sites you use often and have saved the passwords or use auto logon. Also Saved form information. BUT since this is a malware issue, starting over is always a good plan. You will be amazed at the amount of space on the HD you gain and probably notice improved performance. After you run that, scan with Norton and see what it says. You can post that log in your response, saves me time.

Yes this helps. You must be what we call "rooted" and in a botnet. You need to keep this machine offline as much as possible. Your positive you don't have Firefox installed? We need to use ComboFix. It isn't as scary as it sounds. But delete the version you have and get a new one. The main part of this, is make sure you have the Recovery Console installed. The rest is a matter of clicking the program to run and posting the log to me. We need this done ASAP. Be sure you change all passwords to any place. Notify banks, credit cards etc that your identity has been compromised. Review this article here how to use ComboFix Be sure you cover the section on How to install and use the Windows XP Recovery Console and make sure it is installed on your machine. This is important should anything go wrong and we need to recover your PC and not lose all the data. 1. Download this file : http://download.bleepingcomputer.com/sUBs/ComboFix.exe save it to your desktop. 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Wanda you probably don't need another scanner. Your best move IMO is get rid of McAfee [huge resource hog and not on the cutting edge of protection] go for a free AV and the OA firewall when the subscription runs out. Avira and Avast are very good free. NOD32 from Eset is top notch but you must pay. the other programs I mention are either block lists for bad sites or give an alert when a change is made to the system. All are free and low on resources or use none at all. From what you describe you have everything set up great. Surf safe/ Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Had nothing to do with games. It is corporate software and a System Restore fixed it.

To get help with this read the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic.

w00t!! That's an impressive group. Have a great day all of you.

Installed via the program, only thing out of norm was a popup telling me the program was already running during the install. This was true, I clicked ok and the install completed and asked for a reboot. I said ok, machine rebooted, I updated manually and ran a quick scan. Malwarebytes' Anti-Malware 1.21 Database version: 967 Windows 5.1.2600 Service Pack 2 11:39:31 AM 7/19/2008 mbam-log-7-19-2008 (11-39-31).txt Scan type: Quick Scan Objects scanned: 38070 Time elapsed: 5 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

OK, empty the Recycle Bin, all your temp files and the quarantine folder for Symantic. Make sure MBAM quarantine is empty too. Update Symantec and scan again. Do the same with MBAM. Let me know what Symantec says, post the MBAM log and a new HJT log please.

Hi PiperK1980 I am going to step in here since the topic has been 4 days with no reply from a helper. I apologize for that and suggest you give this a try to fix the connection issues. LSPfix Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software[and malware], that result in loss of Internet access LSP-Fix is a free Windows utility to repair a loss of Internet access associated with certain types of software. This type of software, known as a Layered Service Provider or LSP, typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to and from the Internet. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, causing the Internet connection to become inaccessible.

Yes tell me symptoms, the problem is vundo. It's stubborn and MBAM team is working hard to get the program to where it can deal with this new version. I was told no tools are getting it, so we have to just keep trying to do it manually and updating MBAM and scanning again. O20 - Winlogon Notify: enqrkyuu - C:\WINDOWS\SYSTEM32\uyxgnon.dll Did you delete that file? Delete it and the bak one with the same name. Delete it with HJT please. Update MBAM run a quick scan and new HJT log please.

Your welcome surf safe. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

What kind of popups? Popups are not good. What are they?

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.

You have SP1 it shows plainly in the HJT log. The current SP is 3. Delete the quarantine in Avira and the SmitFraudfix on the desktop. Empty the recycle bin and temp folders. Run another Avira scan after update. Close all programs and run a scan only in HJT. Put a check next to the following line then click fix. O2 - BHO: (no name) - {E4FFD1CB-D8A7-44BB-A3F1-C177AE513988} - H:\WINDOWS\system32\mljjj.dll (file missing) O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - H:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing O20 - Winlogon Notify: mlJCTmKa - mlJCTmKa.dll (file missing) O20 - Winlogon Notify: pgjrawnu - H:\WINDOWS\ O21 - SSODL: CheckAlrt - {5f7b7b43-7742-4f33-83ba-7952324a36d4} - H:\WINDOWS\Resources\CheckAlrt.dll (file missing) O23 - Service: Microsoft DDE+ server (423b2bdf) - Unknown owner - H:\WINDOWS\system32\.423b2bdf\423b2bdf.exe (file missing) O24 - Desktop Component 3: Privacy Protection - file:///H:\WINDOWS\privacy_danger\index.htm Exit HJT reboot normally. Update MBAM run a quick scan and post that log and a new HJT log please.

We have some final things to take care of and Tea Timer can interfere. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.