JeanInMontana

Thanks 1972vet for your excellent assistance. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Hi jekyll and welcome to Malwarebytes. Did you run the HJT scan before or after the MBAM scan? Your log is showing malware that MBAM takes out with no problems. Please update MBAM scan again post that log and then scan with HJT and post that log. Always post the HJT log after any removal scans. I also see no signs of an anti virus program or firewall. Your Adobe Reader is seriously outdated and a security risk. Get the current version 8 please.

I sorry, but if we can't run anything on the PC there just isn't much we can do to fix it. The only option I'm seeing here is to reformat the drive. Use your reinstall disks, hopefully they came with your PC and start over. I know this is not what you want to hear, but I am at a loss. I can ask for someone else to have a look but we need to be able to boot to clean.

That may very well be, but it wasn't what I asked. I asked how he checked.

How can you say it was MBAM when you removed two other things? That doesn't pin it down to any one thing at all. Unless your running a paid version of MBAM with full time protection it won't do anything unless you open it and run a scan. How did you check for malware? I'm betting that's what is slowing the PC and if MBAM was in on that it would be because it's fighting the malware, if you have a full version.

OK and we know that's not so. It's malware talk for not gonna let you. Go ahead and run ComboFix then. And post that log please.

Try last known good configuration. See if you can restore the system to a point where it worked.

Why couldn't you zip them? Error messages? User Accounts in the Control Panel is how you know what your account is. Log on as the administrator for all these fixes and scans please. I would really like to get those file samples if at all possible. It's something new and can really help MBAM. If you can't get them then continue with ComboFix. Oh and please don't quote my posts. Scroll down just a bit and you'll see a "Reply" button in the middle of three other options. Use that one.

Hi blackstetson [nice hat] and welcome to Malwarebytes. Please follow the directions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic in that forum.

Try booting to safe mode. Reboot and immediately start tapping the F8 key when the screen appears to choose and option choose safe mode with networking. Try to get a scan with MBAM if nothing else. It may be able to clean enough to allow you to get to a more operable state. It is also possible you have hardware failure rather than malware.

Your still infected. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Please zip these files and upload to here http://uploads.malwarebytes.org/ C:\Documents and Settings\Cindy\lsass.exe C:\WINDOWS\system32\tnmiwgih.dll C:\Documents and Settings\Cindy\Local Settings\Temp\temp.fr5909\Save.exe C:\WINDOWS\SYSTEM32\TNMIWGIH.DLL L Drag all the files into a folder you make named infected then right click it and send to a zipped folder. If you can't drag just zip them separately and send. Now run HJT again in scan only mode and put a check next to these files and click fix. O2 - BHO: (no name) - {302DF258-3B30-4946-98A1-8C92233FF377} - C:\WINDOWS\system32\vtUllkhG.dll (file missing) O2 - BHO: (no name) - {6F4FF565-EE75-4FD5-B0DE-7BD3F3820BB8} - C:\WINDOWS\system32\qoMeCrQK.dll (file missing) 2 - BHO: {dfff5798-421e-87fb-c524-26cea3e20727} - {72702e3a-ec62-425c-bf78-e1248975fffd} - C:\WINDOWS\system32\tnmiwgih.dll O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Cindy\lsass.exe O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing) Exit HJT and open MBAM. Update the program and run a quick scan. Post that log and a new log from HJT with all browsers and exptra programs shut down when you run the scan.

Hi there sharlicious, and welcome to Malwarebytes. Make sure your running as an adminstrater on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode [b/]link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

Don't delete files unless I tell you to. Not all rundll files are bad, most are needed to run the system. Your still infected so yes you will get popups. Your system is in terrible shape and if you have any personal info, credit card, banking etc call those places ASAP and alert them that your identity may have been stolen. Change all passwords to any accounts that can be used for purchasing or anything actually. Make sure you are running as the administrator. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Uninstall this C:\Program Files\BitTorrent\bittorrent.exe P2P is risky and usually illegal. Most likely it is how you got into this mess. Delete SDFix,and Smitfraud fix never use tools like this without supervision. Now turn off Trend Micro and try to find these files: C:\WINDOWS\system32\SSEMBL~1\rundll32.exe C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe C:\Documents and Settings\Chris Ng\Local Settings\Temp\snpp.exe C:\WINDOWS\Downloaded Program Files\HGStart9USA.exe C:\PROGRAM FILES\COMMON FILES\МІCROSOFT.NET\ЅCANREGW.EXE C:\Program Files\Steam\Steam.exe Don't type them into search just use Windows Explorer and navigate to the the folder and file. Right click on them and send to zipped file. You may need more than one, the size limit is 2MB. Now please: Review this article here how to use ComboFix Be sure you cover the section on How to install and use the Windows XP Recovery Console and make sure it is installed on your machine. This is important shoudl anything go wrong and we need to recover your PC and not lose all the data. 1. Download this file : http://download.bleepingcomputer.com/sUBs/ComboFix.exe save it to your desktop. 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

First you should be sure you really are clean of malware. Symantec is notorious for corruption after an infection. Follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic, post the logs requested and someone will be happy to help you.

Still waiting for logs.

Due to lack of response this topic will be closed.

Due to lack of response this topic will be closed.

No this in not an updated log. Get rid of this version of HJT delete it. Now run a new scan with the Trend Micro version and post that log please.

Hi Cheech0987 and welcome to Malwarebytes. Your using a way out dated version of HJT. Please get this version HiJack This! and run a new scan. What version of MBAM are you using? Try this run MBAM again, go to settings and uncheck all boxes but memory. First scan , just do memory , second scan , just do registry , after that , check all 4 boxes again run a quick scan and post the logs from MBAM and then the new updated HJT log.

OK, so how are you connecting? I can fix your connection if you can get this http://www.majorgeeks.com/download4372.html Also need you to upload this file C:\WINDOWS\system32\SSEMBL~1\rundll32.exe -vt yazb to http://uploads.malwarebytes.org/ be sure to zip the file or it won't accept it. Once you get your connection fixed, then go for the online Panda scan please and post that log. MBAM will have defs updated soon to get what it's missing once we get that file.

Yes, and many people install them thinking they are getting the "best" deal around because it's all in one. I.E. Symantec and McAfee, Adaware, I could go on.

I haven't had time to really look into this but twice after reboot I've gotten a Windows notice that MBAM needed to close did I want to send a report, yet the program was still running. I don't know if this is MBAM or my system. Also when the updater shut down MBAM to install the new version it still popped up and started the scheduled quick scan. Shouldn't it have stayed shut down? Something has gone haywire with my printer/scanner too, and I can't say they are connected but it went south after the updated MBAM. I'll do more checking and a scan in a bit.

Delete ComboFix and all files associated with it. Do NOT use this program without supervision. If a site is blocked it maybe listed in Spyware Blaster or Spybot Search and Destroy. My Space is a major source of malaware and it is no surprise it's blocked. Leave the Hosts file alone! It blocks sites for a reason.

Hi Aznkidng and welcome to Malwarebytes. Please get the latest version of MBAM 1.18 update it and run a quick scan. Post that log and a log from one of the online scanners listed in the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 . Follow all the instructions in that link also. I don't see any evidence of you having SBS&D at all from your HJT log.