JeanInMontana

I'm currently running the Panda scan on my system to see what the end report looks like. Yours is nothing like the scan reports used to look like. However, there are some items of concern. 1. G:\Einer Hardrive In Here\HardDrive\Programas...ohol 120 keymaker.rar[keymaker.exe] 1. G:\Einer Hardrive In Here\HardDrive\Programas...BS Player Pro v2.20.949\KeyGen.exe Key gens are from illegal software. We don't deal with that here legal or we quit. Illegal software is also a prime source of infection. What are the key gens for? Are you willing to uninstall the software associated? I need you to please send these files to be analyzed: C:\WINDOWS\system32\upuhnjnt.dll C:\WINDOWS\system32\iulzft.dll C:\WINDOWS\system32\iulzft.dll Create a folder you name einzerox copy the files into that folder. Right click on it and choose, send to, zipped folder. Now please upload it to here http://uploads.malwarebytes.org/ Note: If the files are larger than 2MB each or combined you will need to send them separately. In this case name them einzerox1 ... einzerox2 and so on. Run HJT again in scan only mode and put a check next to these items and click fix. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: {2c5746c3-4fb1-27c8-5c04-aac474d559f9} - {9f955d47-4caa-40c5-8c72-1bf43c6475c2} - C:\WINDOWS\system32\iulzft.dll 016 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab Please send the files. Reboot and post a new HJT.

If it's malware it's not showing it's pointy ugly head. I gave AdvancedSetup a heads up on this and he is far more experienced in your problems than I am. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Figured that.

I can imagine what your going through. I understand completely how you came to your conclusions. Nothing I said was directed to you. There are people in this thread telling you what to do, that are in no way associated with Malwarebytes, nor are they known by us to be capable of giving advice. Nosirrah is the only person posting to this thread with any association to Malwarebytes other than myself of course. I feel it's important your aware of that.

Should see another HJT log.

No SP3 would not have anything to do with it. Vundo is a constantly morphing trojan. New versions all the time. To be sure your clean you really should follow the instructions in the link GT500 gave and start a thread of your own in that forum.

http://www.malwarebytes.org/forums/index.php?showtopic=5271 Yuppers and thanks for the support in the other topic.

You will find I never refer to myself as an expert. I am a moderator here and I do try to head off disasters and keep some order. The information you provided is not common knowledge. As a HJT log analyzer I give instructions on how to boot to Safe Mode often, because most don't have any idea how to do it. I did not make any instructions because someone that is an expert and a part of the hands on development team was responding. In cases like this the less others interject with their opinions and instructions the more likely there will be a solution. Try putting yourself in the OP's shoes with several people giving instructions to do this and do that. This is how systems get damaged not fixed. If you note in the title of the post, it states the problem was after running a scan with MBAM. That signals the problem to be program specific, AFAIK your not a part of the development team for MBAM. That's why they should be responding. Most of the time these cases are not to do with MBAM or any other Malwarebytes products, but when the OP notices the problem after using one of our products they come to us for help, we give the very best we can. In the rare instance one of our products did cause the problem, then it's even more crucial that someone from the team is able to get the information and give a solution with the least amount of interference. Thanks for your cooperation.

Donna does state her tests show more than one scanning program is needed and she is absolutely correct in that statement. Anyone that knows what they are talking about in PC security advocates a layered protection module, and that includes active processes and nonactive block lists such as those found in host files, SpywareBlaster, Spybot Search & Destroy immunization, and RogueRemover immunization. More than one malware scanner a third party firewall and a good anti virus are crucial.

Yes completely normal.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Trish I need a response or I have to close this topic.

Jekyll? What's going on? We have some final steps here before we close.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Hi there einzerox, and welcome to Malwarebytes. You didn't remove the malware found by MBAM. Please follow the instructions below. Make sure your running as an adminstrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode [b/]link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation. ViewPoint is not a desirable item. It's considered foistware and forced on AOL customers. If your not using AOL for your ISP I recommend getting rid of it. It's just one more thing running using resources you don't need. Gamers need to keep this sort of crap to a minimum. C:\Program Files\Viewpoint\Common\ViewpointService.exe <==== Uninstall it via Add/Remove Programs in the Control Panel. Now run HJT again in scan only mode. Check the following lines and click fix. These are just clean up. Looks like you do use or did use Comcast and there are missing components. O9 - Extra button: Help - {1DF60FA1-19D2-11D6-8756-00A0D2170C61} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: Support - {1DF60FA2-19D2-11D6-8756-00A0D2170C61} - http://www.comcastsupport.com (file missing) (HKCU) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Reboot to normal mode and continue with these instructions. Go to Windows Update and get Service Pack 3 installed and what ever else is needed. Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and anti virus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature

OK I don't know how you can see the space missing with out being able to see a cause. The more details you can give the better the chance of finding a cause. I see nothing malware in your logs. You should post this issue in the PC Help forum, that will allow others to join in the conversation that can't here in this forum. You might get a solution or reason that way.

Hi roo and welcome to Malwarebytes. There is a forum specifically for RR but it's easier to just answer here. I feel safe in saying yes, when MBAM gets a new dll I'm sure RR will too.

No worries.

This site doesn't have the always use this option or always keep copy. You must always save a copy. You get used to it after a while.

No worries I merged the two now they are all one.

Just an FYI to this group you now have your very own forum also. Check it out! Also the chance to join in the beta testing of the next version of MBAM!

Hi again, not sure this is the location we will keep you in as I see no infection. Have you seen what is taking up the space? Details are crucial here. A file name, etc. Remove all files associated with Killbox, and run a quick scan with MBAM updated please post that log and a new HJT.