JeanInMontana

Hi Monie and welcome to Malwarybytes. Sorry for the delay in a response. You are infected and MBAM is finding it. But your not removing it. Please update MBAM and be sure there is a check mark next to all bad files found and then you choose take action. Please follow all the instructions at the top of this page in the topic "Pre-HJT Post Instructions". I will get back to you once you post those logs.

Resetting System Restore is a last step. The restore point are saved so there is a place to go back if something goes wrong in the fixes. Once the machine is deemed clean then restore points are cleared. Most HJT log volunteers agree an infected restore point is still better than none if the alternative is need to reformat due to something going wrong in the fix. Just an FYI.

Don you must update MBAM before every scan. Current version is 540. Please scan again and post the log. Remove these lines in HJT R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation. Please post the new MBAM and HJT logs. If your still getting popups there is still something there. I will get back to this later today. No time right now.

Clean install per request no problems. Malwarebytes' Anti-Malware 1.09 Database version: 513 Scan type: Quick Scan Objects scanned: 28513 Time elapsed: 4 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The tray icon seems smaller than any other icons. See screen shot attached.

Running SDFix takes about five minutes if that. Those lines I asked you to remove are able to dial a connection to the internet, if you use a dial up connection. It's your choice but when you don't stay with this and let things sit they tend to get harder to remove.

Please make all replies in this topic rather than PM.

I see you will reopen.

Due to no response in six days I will close this to prevent others from posting into it. Should you decide to continue and need to reopen the topic, PM me or any staff member and we will do that. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Closed due to lack of response after six days.

Well nothing was scanned with Kaspersky's. Do you have the system set to show hidden files and folders? Are you running as Admin? These scans and fixes need to be done this way. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK Too much time has passed since last HJT log and any scans that worked. Please update MBAM and scan again post the log, also a Panda scan please and new HJT log. Tell me how your running too.

Are they ad links in the first place? Like the Google adsense links in searches? Your Java is also outdated and should be updated go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation. Another thing that will affect your performance is the amount of items you have at startup. Many are not needed to start with bootup. You probably also need basic maintenance, scandisk for errors and then defragging. Last but not least. Symantec should have found the dialer we are removing now. It's not new, and certainly not a desirable program Run HJT again in scan only and put a check next to this O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe Reboot to safe mode by tapping the F8 key constantly as soon as you reboot. Using Windows Explorer, locate the following files/folders, and delete them: C:\WINDOWS\System32\tibs5.exe c:\windows\downloaded program files\UGA6P_0001_N120M1710NetInstaller.exe Exit Explorer, and reboot as normal afterwards. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot. Now please follow these instructions: Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow"> SDFix.exe * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum. Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please. Update MBAM again and scan just C this will save you some time no point scanning D. Also please run another Panda scan and post both of these logs. Post back a fresh HijackThis log after all items are removed from the other scans please, and we will take another look. .

Nice

Your welcome Mike. I'm going to close this topic as resolved. If for any reason you need it reopened just send me or any moderator a PM to that effect. The fixes in this topic are specific to this system. Applying them to another system can result in complete destruction of that system. If you need assistance, read the pre HJT post topic and start your own topic, someone will be happy to help.

Welcome again! For anyone that doesn't know Jason he is owner of Tech Support Team and all around great person. We will be better for his being here.

Pie!

I need a new HJT log please and feed back on how your running.

Awww John I hope it was a good one. I was sick all weekend.

It's good and I don't like red. That is nice. Clean clear design.

Well we are making progress. But still have work to do. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

That's interesting Fred. If brown is the only issue and from the post about MS requirements its not, the color could be changed. I have it in my head MBAM has a growling cat behind it. LOL I like that.

Hi and welcome to Malwarebytes!!

I don't intend to criticize the art work either, it's good. The old icon is better IMO. It is the head of a growling cat. PacMan does come to mind with this one. LOL Can we have a choice?

Hi MLM and welcome to Malwarebytes. Please follow the instructions at the top of this forum for pre- HJT log posting. Your using a version of HJT that is outdated, your system is way behind in updates also. You can't update to SP2 until we know that you are infection free however.