JeanInMontana

Hi Jerry. Few things here that are not good. 1. Never run tools like SmitFraud with out being asked and unless you know how they work and what to do with the results. Please post the log from that tool also . You will find it C:/ rapport.txt. 2. The purpose of the HJT log is to see if items were removed after the scans. We want it posted last always. When did you run HJT? 3. Panda and HJT show a root kit. This means your system has been totally compromised and any sensitive data is at risk or already in the hands of criminals. Bank, credit card info and any other. The only sure way to rid a system of a root kit is to reformat. Usually they can be removed but, there is always that chance it remains. Having said that you must decide your course of action. Reformat, or try to rid the system of the root kit.

Welcome David!!

Since this topic has been resolved I will close it to prevent others from posting into it. The fixes used in this topic are for this system only! Using these fixes on another system can cause permanent damage. If you need help read the instructions at the top of the forum and open your own topic, someone will be happy to help you.

9 days and no response this topic will be closed. The fixes and procedures used in this topic are for this system only. Applying them to another system can cause permanent damage. If you are having problems, follow the instructions at the top of this forum and start your own topic. Someone will be happy to help you.

Due to lack of response this topic will be closed to prevent others from posting into it.

If you feel everything is all good, then yes I think we have it whipped. Your welcome Jim.

Hi gdurkee and welcome to Malwarebytes. I would add to this great advice, your Aunt probably should have someone look at a log from the MBAM program and HiJack This! . If MBAM found that many items there is a good chance she may need further attention. We have a forum here and the instructions for pre-posting are at the top of it.

I said they should reply to bugs in this thread. If that is wrong you have permissions to edit etc you can even attach the file for a direct download if you want.

I put it here. PRM753 has mod permissions in that forum too. If you want them Fred just let me know.

Hi Vesper and welcome to Malwarebytes!

since I started having all posters to the HJT forum here use MBAM this is with out a doubt the biggest job it's had to do http://www.malwarebytes.org/forums/index.p...ic=4113&hl=

Please follow all of the instructions you were given. Your system is badly infected from the MBAM log, we need to look at a Panda scan and another HJT log.

That line is a file missing and is related to a valid Windows process. I would try a scan disk for errors and see if that will repair it or the System File Checker. sfcsannow . I don't think there is anything running you don't see either, as that is what a good share of these special tools look for. You do have a lot of stuff that starts at boot time that you don't need and it will slow performance. You also probably need some basic maintenance. Start with Disk Check for errors and then do a defrag. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts

Sweet! I voted.

@ Dakeyras. Get Smart was a favorite of mine when it was a TV series. Steve Carroll will be great in this role.

1. You must be using the "Reply button just below the post. Scroll just a tad farther and you will see 3 buttons in a row, fast reply, reply and new topic. The one in the middle is most likely what you want. I has the tags and allows the use of quotes, rather than what your doing now with the arrows and what I said in plain text. The point of the request was to reduce the size of the post and scroll time. I really don't need a repeat of what I said. Spyware Terminator is crapware IMO. The program was once listed as a rogue, or software using any number of tactics to goad the user into buying amongst these tactics are fals positives and actually infecting the user. You managed to pick two programs that do a dance just this side of the definite rogue line. Yes I have the full version of MBAM, and yes the full time monitoring is what you pay for when you buy the program. There is a trial link in my signature for the full version. I am also an affiliate for MBAM and RogueRemover Pro. I also use the paid version of WinPatrol it is a superb program in either version and backed with top notch customer service and developer ethics to be admired. MBAM says your clean, I can't see anything in the last HJT log that was not broken up with formatting. I think your clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts

No I didn't and if I remember right I did a clean install of 1.09 and deleted the program file. I didn't delete it this time but otherwise it was clean install.

Keyloggers are used often by spouses to spy on the other and also by parents to see what the child is up to on the www. I find a just a tad hard to believe that you are in the business of removal and don't know about keyloggers or how to detect them.

I uninstalled and downloaded new program, upon install same error message #32, I finally used ignore and it installed updated and a quick scan just ran with no hitch. The protection enabled too. Malwarebytes' Anti-Malware 1.10 Database version: 583 Scan type: Quick Scan Objects scanned: 29122 Time elapsed: 4 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

I also get an error when I even try to open the program about the data base not supported? Attaching screen shots.

I am getting this same error only the number is 32. I didn't attempt to update until this morning. I have screen shots, but I'm not at home right now. Will post later.

Hi there saffionline. Welcome to Malwarebytes.

Please don't use the quote feature for your replies. Love Nitty Gritty. I'm not on my own PC and can't look at what this might be in WinPatrol. However, anything to do with the registry can be malware. Did this happen during any of the scans? I can't find 'Malware Terminator' in a Google search. Please give program details, the company behind it etc. If it's Spyware Terminator, it is not something to keep IMO. Win Patrol is great and a keeper on any system. The music programs probably are where you got the infection and if you still have them, or the one that infected you it needs to go. The SDFix log doesn't look right. The reg keys have no names and text is wrapped. MBAM is finding Vundo in ComboFix quarntine it looks like. Delete all files associated with ComboFix [i should have said this. Sorry] Clear any quarantine in MBAM, shut down McAfee and rescan with MBAM full scan of C after update please, there is a new version. Once again the HJT log is always last. You have it before MBAM's scan. I don't see anything new in it. I do think we should see another MBAM with all the other tools and associated files gone.

Hi saffionline and welcome to Malwarebytes. Is this your personal computer? The reason I ask is because you also have a post asking how to tell if there is a keylogger on a sytem because you do PC work for a living. We don't provided free help for others to make a profit. If this is your personal machine then please follow the instructions at the top of this page for Pre-HiJack This posting.

That is nice Marcin. There are several that deserve this but don't fit into other groups.