JeanInMontana

Hello Sydney and welcome to Malwarebytes. Please follow these instructions here and begin your own topic in that forum.

Yeah and we would have nothing but real life to do.

Following instructions saves lots of time.

MBAM is not an antivirus program. I have the option to scan with my av[Avira], SBS&D, or MBAM on right click. It has to be on your end.

Hello refrig and welcome to Malwarebytes. Please delete Smitfraud fix from you desktop, never use tools like this without supervision, from someone who knows how they work and what to do with them. Please follow these instructions here and begin your own topic in that forum.

Hi and welcome to Malwarebytes. D:\System Volume Information\_restore{AA8025BF-4B67-4F0C-A1BB-1B79773165E5}\RP14\A0004174.exe That file was in System Restore, so it's is a past infection. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Did you try renaming MBAM? Have you considered reformatting? Can you download from another PC and burn to a CD?

OK your infected with a rootkit. You may never be totally cleaned without a reformat. I need to tell you this so you can choose to go forward or to reformat. Either way you must change all passwords, notify all banks, credit cards and any other sensitive areas of information that may be on your machine or that you have accessed. If you decide to go forward please follow these instructions: Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Please get this file below: Author: Option^Explicit Download Location License: Freeware [urlhttp://download.bleepingcomputer.com/spyware/KillBox.exe] KillBox Download Link Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path or copy and paste the path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted. system32\drivers\TDSSpqlt.sys Paste that file path into Killbox. Reboot Update MBAM run a quick scan post the log and a new HJT log. Please post MBAM log before HJT.

did you check O18 - Filter hijack: text/html - {53184a8a-5ad5-4533-b3be-204bfb930c30} - (no file) and click fix? Where is the folder COMMON located? What's in it? The images are a setting in IE I think.

Hello again. ;-) Please move HJT to Program Files\HiJack This . PowerPoint is part of Office, it may try to access for updates. I wouldn't be too worried about PP accessing, it's not malware. The two HJT lines you question are from System Mechanic. If you have it installed. What McAfee found was in temp files and not resident. CCleaner <=== not a security application. I see no malware in your logs, MBAM is outdated. You have lots of stuff starting at boot up that is not needed. You must update the following. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation. Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.

Hi and welcome to Malwarebytes. Please update MBAM run a quick scan post the log. Please get HiJack This! install it to C:\Program Files Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment I will analyze it and give you instructions on the next step.

Panda scans places MBAM does not. You need to delete some email, that is one place Panda shows you have a worm. C:\Documents and Settings\Jeff\Application Data\Thunderbird\Profiles\uvwdr67s.default\Mail\mail.edmondsplace.com Delete all that stuff in that folder from edmondsplace.com that Panda is flagging. The other items are in System Restore and that will be reset once we are sure your not going to need to use it. MBAM has updated many times since you have. Please update it run a quick scan. Post that log and then HJT please do in this order MBAM then HJT, before you scan with HJT shut down all unnecessary programs and close all browsers.

Yes there are much newer definitions, are you able to get the infected machine online? If so update MBAM that way, quckscan, post the log. C:\Documents and Settings\John Doe\Desktop\HiJackThis.exe move HJT to program files into it's own folder. I need that log with an MBAM log always and after you have ran MBAM.

So how are you running? Logs look pretty good. Please run HJT in scan only mode and put a check next to the following, then click fix. O18 - Filter hijack: text/html - {53184a8a-5ad5-4533-b3be-204bfb930c30} - (no file) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Reboot, updtate MBAM, run a quick scan if it's clean and your running smooth go to this next step, if not please post the log from MBAM and then the HJT log. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation. If you clean even after this we have a last step.

I didn't tell you to remove anything. I want to see the log in order to see what is bad. I also asked for a new updated scan and log from MBAM. Update MBAM run a quickscan, post that log and then post a new HJT log. Please follow this order MBAM then HJT. Update MBAM.

Hi robinb and welcome to Malwarbytes. A list of where not to go is impossible, better to install prevention tools, SpywareBlaster, SiteHound, SiteAdvisor, hpHosts, Spybot Search & Destroy and use the immunize feature. Those programs and host file all use site blocking or warnings about bad sites to help and hpHosts targets more rogues than others IMO. Common sense is huge, don't believe the popup telling you program x is needed. Or a certain codec. Stay off the pr0n, free game, poker and torrent sites. No P2P period or cracks, warez, keygens.

Hi and welcome to Malwarebytes. Please get HiJack This! install it to C:\Program Files Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment after you update MBAM and post that log, be sure to remove all items found.

You will laugh.

You need to go to the proper forum and post the logs, if you do indeed have new things showing in an MBAM scan. But as I said, your not infected by what Avira is telling you. You jump to conclusions because you don't understand what the program is saying, and you don't follow instructions, you argued about whether updating MBAM was going to help during the clean up. Learn how your programs work. This is part of the instructions you didn't follow. I stand by my statement, if you had cleaned all Restore points no malware could be found in them. The Avira log showed stuff found in System Restore, it was removed moved to quarantine renamed and awaits your deletion. Turn on the rootkit scan, choose a second action when malware is found. 1 gig of memory is huge. You are NOT limited, and again, you don't know what SBS&D does, or how the protection works, it uses nothing from system resources. Immunize! If you would just do as you have been advised and not double guess or assume, you would be fine. SpywareBlaster doesn't load into memory, if you had read the program details in the instructions you would know that. I make all recommendations based on how the system will be affected, cost, which is free and how well it will save someone. Secunia will scan for stuff known to be exploitable if not updated. It will not protect you if you don't update what it tells you is in need of that. It is not a stand alone program. I might be a bit jaded, and I lose patience when people will not read and follow instructions. I tend to be short and to the point, I have lots to do in a short time. Sorry if you were offended that was not my intention.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.