JeanInMontana

Don, your HJT log is dated for 2/27. I need to see new logs please from an updated MBAM with all items removed that are found and then the HJT log after those actions. Thanks.

GT500 Panda is not installed as a full AV he is referring to the online scan requested in the preHJT post instructions. I am moving this thread to the proper forum. As it is obvious from the MBAM log there is infection present.

Hi subversivo73 and welcome to Malwarebytes. Windows Defender is nothing to place faith in as far as protection or removal. Neither is McAfee for that matter. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 be sure to read carefully and follow instructions exactly.

Ahh I see. We are interested in what was removed. What may be left to remove etc. Be sure to update everything before you scan. MBAM has been updated again. Malware updates also. We need to be sure you got everything. Vundo is extra nasty and can be very hard to remove.

Hi you don't have anything showing for malware. You should be able to remove the file using the FileAssassin feature in MBAM. You will find it in the More Tools tab. Also try some basic maintenance stuff like a disk error check, then run defrag. I have been using a free defrag program that seems to do a better job than the built in one. http://www.auslogics.com/en/software Run HJT in scan only mode and put a check next to these: O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Your also running AdAware 2007 and it has a constant process running that uses a lot of resources. Turn off TeaTimer for now, it may interfere with scanning see the program help files for how to do this. Update MBAM and run a full scan see if anything comes from definition updates.

Hi zkid and welcome to Malwarbytes. Your not *reinfecting* you have never removed it. The MBAM log clearly shows no action was ever taken. Run a full system scan after updating MBAM, your version of the definitions is way outdated, and be sure you click *remove selected* when the scan is completed. Also please follow the directions at the top of this forum for pre-HJT posting and post those logs.

How does one write a testimonial??

Yes like RR and also how about as with several AV programs I have used you check a time interval to check for updates, i.e. every 4 hours, 6 hours, 12 and so on. You guys are updating so fast, I don't ever seem to be current. Of course I shut down the monitor service when I go into Second Life. hehe... but others would see benefit from this.

You must have missed this post http://www.malwarebytes.org/forums/index.p...ost&p=13920 for the control panel have a look here http://www.scribd.com/doc/429350/XP-REPAIR-INSTALL and here http://tpsconsulting.com/XPtweak.htm both are the same procedure [repair install of XP] just variation in the writing styles.

Well MBAM got some nasties. You are not following the instructions however. TeaTimer is a great function of Spybot Search & Destroy, but it is requested you leave it disabled until your given a clean bill of health, so it doesn't interfere with any removal programs. Please do that now. Update MBAM and run a full scan, not the quick one. See the tutorial at the top of this forum for how to run a Panda scan and give that another try. Post all logs from requested scans in your replies. Make sure you run & post the log from HJT last I want to see that log after every thing else has run and done it's job.

Since this topic has been resolved it will now be closed.. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

OMG... I don't know how I missed this. Belated best wishes Tim!! Hangs head in shame and shuffles off.

Hi Kierten and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and if your relying on Spyhunter for protection or removal prepare for repeated disappointments. The statement about Spyhunter is my opinion and only my opinion, however it is backed by several years of monitoring the behavior of Enigma and their practices.

Got this posted at my site too. Might get some interest.

Just spoke with a MS MVP and he suggested this http://www.gmer.net/files.php read the FAQ if needed and post the logs please.

Well sorry about the links. That's a new development. Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

OK if you can't find it how do you know it was ever there? Do you have the system set to show hidden files and folders? Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Or did you empty temp files and it is gone? Get this program and run a good clean up with it http://www.ccleaner.com/download Then lets have a look with this: 1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exe Or from here: http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Hi and welcome to Malwarebytes. I have never heard of the program, hopefully some one else will chime in here.

You might also want to follow the instructions at the top of the forum here http://www.malwarebytes.org/forums/index.php?showforum=7

Woot!!

OK I need to know if this item YacsMon.exe comes from DeRamp Software or another source. It can be safe and harmless or it can be a nasty infection known as LOP. The file you can't delete has an image extension. You can scan both files and I would love that here http://www.virustotal.com/ upload them scan and post the results here.

Hi sorry I overlooked this yesterday. I would still like to see a log from SDfix. It is not due the root kit. What symptoms are you still having? A new HJT with the SDfix please. You can delete Smitfraud before running SDfix.

OMG I am so sorry for not getting back to you before now. I don't know how I missed you. O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe <=========== that is the bad line, and the program maybe AdStatus? Or Windows AdSatus, find that and uninstall delete any files associated and post a new HJT. Again I am so sorry. Give me some feed back too. It's been a few days since this how are things now?

Well that didn't make any difference. It can interfere and cause things to not show up. Let's go with this and see what it turns up. 1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exe Or from here: http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

One of my mods posted it in the joke forum at MM ... made me giggle, had to share.