JeanInMontana

Oops you have TeaTimer on we don't want that on yet. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Now close all programs and run a scan only with HJT pur a check next to these items and click fix. Exit the program and reboot. O2 - BHO: (no name) - {30120342-2a52-45c0-86d2-8ca0d0e4d75d} - (no file) O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u Now update MBAB again and scan post that log and a new HJT please.

Hi MichaelC57 and welcome to Malwarebytes. Your friend should join the forum and read the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start their own thread/topic.

Yes please attach this one too uyxgnon.dll.bak . Lets see a new MBAM log and new HJT. Those lines had nothing to do with Notepad. So that is something else. Post the screen shot so I can see what you see.

Log looks good. MBAM has updated twice since that scan, do another update and scan with it, if nothing is found I think we got it whipped. Post the new MBAM log please.

OK, I'm sorry and I know how you feel. I suggest you go to the PC Help forum and post this there. More people can reply with more ideas and probably more knowledge. This is not my area of specialty.

Right click on Local Disk C and choose properties for the defrag, be sure you do a disk check for errors before running defrag. System Restore can be accessed via the Control Panel and System Restore, or by going to the Help Menu. No they are not .exe files.

If I knew where it was or how it was hiding, we would not be here. Sorry, but it's a new variant, and we are doing the best we can to get it into the MBAM definitions so it can remove it. The people behind it are brilliant and it's a shame they can't put that to good rather than evil. O2 - BHO: (no name) - {3787B284-825E-486C-900D-D57056AED3E5} - c:\windows\system32\uyxgnon.dll <==== I need a sample of the highlighted portion of that entry please. Zipped and attached here. Then delete it. I thought I had asked for it but I don't see it. Now run HJT in scan only put a check next to these files and click fix. O2 - BHO: (no name) - {3787B284-825E-486C-900D-D57056AED3E5} - c:\windows\system32\uyxgnon.dll O4 - HKLM\..\Run: [cw9k9s4nfpzv] C:\WINDOWS\system32\cw9k9s4nfpzv.exe And then use File Assassin in MBAM to delete that file C:\WINDOWS\system32\cw9k9s4nfpzv.exe You will find it under the Tools tab. Reboot. Update MBAM again it's at 962 now, might have the stuff we need. Run another scan and post that log and a new HJT log.

I would reinstall the program, it has to be damaged in some way for it to show a file missing. It could be malware related with the boot hang, your log is looking good. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation. Your running an outdated and unsafe version of Adobe latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or if you don't want to see the features etc. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. Your also behind on Windows updates, before you install SP3 I recommend you do a Disk check for errors and defrag. Go to My Computer, right click on Local Disk C and choose properties. Then the tools tab, put a check in both boxes for the error check option and say yes to reschedule the check on the next boot, then reboot. After the error check, do the defrag. Are you seeing any symptoms?

Yes bold and backed with fact!! http://www.malwarebytes.org/forums/index.p...post&p=8736 Your done making money from our help.

Please respond or I will have to close this thread to keep others from posting to it.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

http://malwarebytes.gt500.org/database.jsp Get the latest definitions for MBAM.

Update MBAM and run a scan with it before you do CF, we might have the nasty in defs by now. So run the MBAM post that log and a new HJT and we will see if we need CF. It is a powerful too, and that's what we need with this stuff.

McAfee identified MBAM as Vundo. Not the best detection. I saw that MBAM had updated since your scan is why I asked for a new one. Your not having any symptoms? One more HJT log please.

The Soundman showing in your log is not legit, and the Radmin entry had a missing file, so it was just clean up. The program isn't there or not functioning. OK delete this file C:\WINDOWS\system32\vtfahv.dll sorry I should have said that yesterday. I'm on day 3 of a headache and not really thinking well. Now run HJT again in scan only put a check next to the lines below and click fix. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: {92cc7d5f-5d50-4d6b-a654-c94cf3e1bd54} - {45db1e3f-c49c-456a-b6d4-05d5f5d7cc29} - C:\WINDOWS\system32\vtfahv.dll O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing) Update MBAM run a quick scan post the log, you might use the File Assassin feature in it to delete this C:\WINDOWS\system32\vtfahv.dll. Post that log and a new HJT.

http://malwarebytes.gt500.org/database.jspI think that was posted in your thread. It's on the download page too. Let's do it all again please. Did you use LSPfix to try and get a connection?

OK, first get MBAM updated, your definitions and the version of the program are way outdated. Do another quick scan with it and post that log and a new HJT.

Hi there Rob91, and welcome to Malwarebytes. Make sure your running as an adminstrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

What's going on? We are not finished here.

This new version of Vundo is extra nasty, we are struggling to get all of it into MBAM. It hides very well. Posslibly why you couldn't find it is McAfee took it before you looked? Are you able to access the quarantine files for McAfee and upload them? If you save the logs I would like to see the portion showing what was found, not the whole log just a copy paste of that part please. You don't have the latest definition version for MBAM, you have to update it every time you scan, often it updates 4 or more times a day. Let's get a new scan with it. Your log is looking good how are symptoms?

Hi Ulysses and welcome to Malwarebytes. You have been stricken with the newest version of Vundo. I need you to please find these files C:\WINDOWS\system32\oanpfg.dll and C:\WINDOWS\system32\hssjyayr.dll put it in a zip file and attach here with your next post. Then delete them. Run HJT again in scan only with all programs closed. Put a check next to the items below and click fix when your done. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: {8f5ea10d-17d1-a4cb-6544-b2e64f617690} - {096716f4-6e2b-4456-bc4a-1d71d01ae5f8} - C:\WINDOWS\system32\oanpfg.dll You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation. Your running an outdated and unsafe version of Adobe latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or if you don't want to see the features etc. Use the Secunia Inspector free scan to identify risks in outdated versions of all your other softwares ie QuickTime, RealPlayer and others. Update MBAM run a quick scan and post a new log from it and from HJT.

I know Panda won't work, that's why I said to skip it. The MBAM log you posted is old. You need to update the program, go to the forum in the instructions and start a topic. Post a new MBAM log, not as an attachment, copy and paste it into your reply. Then run HJT and do the same, copy and past the scan log into your reply.

I second the motion!! Over and over I see it, they just don't get they have to take action. This would really cut time in the HJT forum.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.