JeanInMontana

Hi kevinsignia and welcome to Malwarebytes. Please update MBAM and run a quick scan. Post that log and a new HJT.

Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

You really need to follow my instructions. Never run tools like Combofix unless you are asked to do so. You do not have MBAM configured to remove anything. Open the program go to the settings tab and put a check in all the boxes. The HJT log is always the last thing you post. It's useless to me if it isn't done after the removal. The files I wanted you to upload are not in MBAM quarantine Now please update MBAM and run a quick scan and post that log then a new HJT log.

Yes Mona!!!!

Hi Peco were you able to upload the files? It looks like part of the Vundo log is missing did you post it all? I need to see all of it please. C:\WINDOWS\System32\GEARSec.exe <==== please upload and scan that file. To here =====> http://www.virustotal.com/ Post the results in your next reply. Now open HJT and run scan only place a check next to the following items, then click fix. R3 - URLSearchHook: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file) O2 - BHO: (no name) - {529b0b20-0ab5-4297-83fe-79d5a5bcc813} - (no file) O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O24 - Desktop Component 0: Privacy Protection - (no file) Reboot and post a new log. Give me some feed back, how is the system running?

I have replied to this is the HJT forum. Please note the version of MBAM and HJT are both outdated.

Hi again Peco, we have some work to do still. I need you to get some files for me too, so we can make MBAM get all of this. Please locate these files and either drag them all to a folder you create and then zip that folder or zip each file individually. Then upload them to here please http://uploads.malwarebytes.org/ C:\WINDOWS\system32\kncqcksj.dll C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\GEARSec.exe C:\ Windows \%systemroot%\system32\tscupgrd.exe Now open HJT again and run a scan only and put a check next to all these items. O2 - BHO: (no name) - {18D7675F-C6E4-4195-9228-4F0D71813AA5} - (no file) O2 - BHO: (no name) - {2B90707A-8CD0-4123-A608-D1ED2DF11134} - (no file) O2 - BHO: (no name) - {40CD72F8-2BEF-4CDC-AC6F-C4DC0830F78D} - (no file) O2 - BHO: (no name) - {5C2FBDD7-DD4E-4AD9-A8A8-EB2A24EBB30E} - (no file) O2 - BHO: (no name) - {64416729-39F2-4FE9-8C3F-17EB9D3DDF6D} - (no file) O2 - BHO: (no name) - {E8217019-D910-4376-914C-86D68486B792} - (no file) O2 - BHO: (no name) - {f01d2c7b-d333-4d79-8959-c41622c81b97} - (no file) O2 - BHO: (no name) - {F5676298-F8D1-4F26-9F19-B9AD66A7D795} - (no file) O2 - BHO: {75eddc73-94f4-e608-3104-4f0e07e9ef6f} - {f6fe9e70-e0f4-4013-806e-4f4937cdde57} - C:\WINDOWS\system32\kncqcksj.dll O3 - Toolbar: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file) O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O24 - Desktop Component 0: Privacy Protection - (no file) Now click Fix and exit the program. Reboot and follow these instructions: Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt . Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Update MBAM and run a quick scan with it also and post that log and a new HiJackThis log.

Make sure you have the system set to show hidden files and folders. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.

Hi drgill_co and welcome to Malwarebytes. Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get this program, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode [b/]link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please get this version of HighJack This! and run a scan with it. HiJack This! The version you used is outdated and I will be better able to help you with the added information the newer version gives. Please also find these files C:\WINDOWS\system32\idef.dll C:\RECYCLER\S-1-5-21-1801674531-562591055-725345543-1003\Dc409.exe Put them into a zipped folder by either dragging them both to a folder you create and then zipping by right clicking and selecting Send to zipped folder or zipping each one individually. Then upload them to here http://uploads.malwarebytes.org/ . Download the new version of MBAM also you have an outdated version. Install the new version, update it and run a quick scan, post that log and the log from the newest version of HJT. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation.

I didn't get it at all. Why just some?

The file has been deleted according to your log.

What had the error 5 message? During install?

Hi peco and welcome to Malwarebytes. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please open MBAM and go to the settings tab, Put a check next to all the items and choose your language preference. Update the program and run a quick scan again. Post that new log and a new HJT log please and we will see what is left to do.

Hi hawkeye6007 and welcome to Malwarebytes. You should follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and begin your own topic in that forum. It could be you still have traces of malware or a new version of something not yet detected by MBAM. Have you tried any other browsers?

Right click, you will get a menu choose rename, then name it Legacy.exe

The system has been cleaned. I remember now I did forget to have him clear off Restore points.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you. Thanks for your excellent assistance 1972vet.

It is listed in PCWorld http://www.pcworld.com/downloads/file/fid,...escription.html

There are a few bugs getting worked out. I have had this same error but in reality it installs fine.

OK great. There is no sign of McAfee in your log. If you are not stuck on using it, I would recommend a better and free alternative. Avira or Avast are both much better and free. I personally use Avira and really like it. Low resource use and FREE....LOL

Hi subvet646 and welcome to Malwarebytes. Please make sure you are running as the administrator of the machine and that you have enable immediate email reply to your posts. Also make sure Malwarebytes.org is in your email safe or allowed list. The following items are malware and must be fixed The following explains how to remove items from your computer that are malware. These items must be fixed! Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: O2 - BHO: {66d36937-ab65-42a8-5ee4-b533346dc05b} - {b50cd643-335b-4ee5-8a24-56ba73963d66} - C:\WINDOWS\system32\nuwchgtk.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - Startup: PowerReg Scheduler.exe O15 - Trusted Zone: *.gomyhit.com (HKLM) O15 - Trusted Zone: *.imageservr.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.storageguardsoft.com (HKLM) Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: begin clicking the F8 key as soon as you reboot and then choose the option for safe mode. Don't be alarmed when you see a drastically changed desktop and missing icons and programs running. This is normal for Safe Mode. Using Windows Explorer, locate the following files/folders, and delete them: SOUNDMAN.EXE O4 - Startup: PowerReg Scheduler.exe Exit Explorer, and reboot as normal afterwards. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation. Post back a fresh HijackThis log and we will take another look. Please copy and paste the log into the body of your reply rather than attach it.

Hi again Legacy. Please uninstall MBAM, reboot, download the newest version http://www.malwarebytes.org/mbam.php reinstall it and ignore any errors you get. Let us know how that goes.

Cool!!

Let's be positive here and run a scan with the new MBAM version 1.18 and post a new HJT log after that scan.

et's get a log from the new version of MBAM and another HJT please.L