JeanInMontana

What is the status here? It doesn't look to me like you posted the entire Panda log. There is no incident report, yet it states there is 5 malwares.

How do you know anything has been fixed? Now you have no pop-ups? You didn't follow instructions. A full scan of C with MBAM, see the tutorial on how to run a Panda scan.

Sho-dan has made some very good points. When you post in a forum expect people to post back. That is what forums are all about. No one "jumped " on you ever. People asked questions and gave their very best advice based on what you said. No one was trying to argue with you ever. What you described is what all of us that have done this for years know as symptoms of infection and we gave you the advice that is our responsibility as members of this community. Never was that advice meant to judge you or in anyway cause distress. Everything was offered in the best of intentions.

Hi Azune and welcome to Malwarebytes. Please follow the instruction at the top of this forum http://www.malwarebytes.org/forums/index.php?showforum=7 for Pre-HighJack This! posting. Someone will be happy to help you.

SiteHound has a freeware version and is compatable with IE7 and Firefox 1.5. Firefox is totally free. @YoKenny I use both SH & SA with FF and have no slow down at all.

People are allowed to post replies if they wish. If you don't want to reply that's your right.

Hi aliensrus. Welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showforum=7 for Pre HiJack This! log posting and start your own topic in that forum. RogueRemover will remove VirusIsolator but you should get a look at what else might be lurking. WinPatrol is a great program but it does not remove malware.

Are you saying this should be added to StartUpLite?

Amazing. I'm sorry I have no solution but I will be sure the guys that might are aware of this thread. Stay tuned.

Hi Geeza and welcome to Malwarebytes. Never run a tool like ComboFix with out being asked and under supervision. You must have read someone else's instructions. The logs requested in this forum are in the following instructions. I also wonder how you have SP3 for XP? It's not generally available. My advice is get rid of the P2P C:\Program Files\uTorrent most likely how you got infected. You are still infected so please follow these instructions. Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the user control panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. Be sure to be in advanced mode also. Please run a full scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

Is there any processes or services running in Task Manager associated with MBAM? Did you get any error messages? Very strange. Where did you download from?

Hi laserjet. You should follow the instructions here http://www.malwarebytes.org/forums/index.php?showforum=7 for Pre HiJack This! posting and start your own topic. If you do have Vundo we need to make sure it's gone.

What is this? It looks like someone has given answers somewhere and you added them to your post. Why are you trying to delete the key?

Pogo is also a huge game site. Are they connected? I didn't see anything saying that, but not much is visible without registering.

You have two Antivirus running. Pick one or the other McAffee or Symantec. Neither is a first choice IMO both are resource hogs and don't do the best job. Avast is a better choice but you cannot run them all at the same time. A hosts file ls not a program. It adds a list of sites that are bad to the block list for safe surfing. Once you install it, yes you should do updates when they are made. However any protection already added is better than none. That .dll is related to Vundo from what I find. So we will do this. Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Its not fair because water is NOT antifreeze. It will not do what antifreeze does even if you buy it. It's apples and oranges. Nothing in common. Your equating inconvenience with protection quality and they are not the same. The convenience of a paid version that does auto updates does not increase the protection it offers. I understand why a business setting would choose to go the paid version route and it does make sense for them to do that.

Hi and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showforum=7 in the topic Pre-HiJack This! Posting Instructions.

The procedure is to get you someone to help you. You won't be on your own someone approved to help will have a look and give you advice.

Ok done sent it to MWB.org

Ok I will make sure Bruce is aware http://www.malwarebytes.org/forums/index.p...ic=4333&hl= logs here.

Hi Tarun AVG 8 is force installing the Yahoo tool bar to anyone that installs. There is no opt out for the tool bar. Yup this is how malware behaves.

Malwarebytes' Anti-Malware 1.11 Database version: 651 Scan type: Full Scan (C:\|) Objects scanned: 128014 Time elapsed: 59 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Jean Dahl\Desktop\OOo_2.4.0_Win32Intel_install_en-US.exe (Trojan.Downloader) -> No action taken. C:\Program Files\HijackThis Scanalyser\uninstall.exe (Trojan.Downloader) -> No action taken. C:\SWSETUP\HPGame\progfiles\Apps\hpuninstall.exe (Trojan.Downloader) -> No action taken. C:\SWSETUP\HPGame\progfiles\Apps\onplay.exe (Trojan.Downloader) -> No action taken. Now with quick scan Malwarebytes' Anti-Malware 1.11 Database version: 651 Scan type: Quick Scan Objects scanned: 30098 Time elapsed: 5 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Avira Antivir is also detecting TR/Crypt.CFI.Gen - Trojan in stysem restore. I can't find where the quarantine folder is for the program to scan them It also labels Scanalyzer as potential with the heuristics. Attached zip of MBAM fp's grrr one is 3 mb file. Do you have an alternative place I can send it? 3fps.zip 3fps.zip

Due to lack of response this thread will be closed.

Due to lack of response this thread will be closed. Thanks screen317 for your help!!

Hi again. School is important. Those two lines in HJT are not dangerous. hpHosts isn't that complex. It is a hosts file basically you install it and forget it except for updates. If SiteHound is in your face, it's doing it's job. You got infected remember? That infection may have come from a site you should not have gone to. McAfee is a resource hog for the most part and not the best choice for protection IMO. Avast is good, so is Avira Antivir both have a free version, but you should never run two active AV programs at the same time. Scan your D drive, this is the HP recovery drive correct? If it comes up clean you should be fine. It can become infected. Browsers, I use Firefox exclusively unless some site has not entered the 21st century and is not W3C compliant. Opera is not safer or faster. Bottom line you can get infected using any browser and any amount of protection. Prevention is the key and the majority of the items I list for users are prevention tool. I posted about OA and Vista on the OA forums. I need more details please. Why do you say it wont work with Vista? I found plenty of posts on their forums to show it does. ZA and Commodo will do what you need, I don't like to suggest them because their ethics have slid to the dark side. Lets see another scan with MBAM after update do a full system both drives and a new HJT log to be sure.