JeanInMontana

This truck driver hauling a tractor-trailer load of computers stops for a beer. As he approaches the bar, he sees a big sign on the door saying "Nerds Not Allowed -- Enter At Your Own Risk!" He goes in and sits down. The bartender comes over to him. "You smell kind of nerdy. What do you do for a living?" "I drive a truck, and the smell is just from the computers I'm hauling." "Okay, truck drivers are not nerds," he says and serves him a beer. As he is sipping his beer, a skinny guy walks in with tape around his glasses, a pocket protector with twelve kinds of pens and pencils, and a belt at least a foot too long. The bartender, without saying a word, pulls out a shotgun and blows the guy away. The truck driver is totally shocked. "Why did you do that?" "Not to worry, the nerds are overpopulating Silicon Valley and are in season now. You don't even need a license." The truck driver finishes his beer, gets back in his truck, and heads back onto the freeway. Suddenly, he veers to avoid an accident, and the load shifts. The back door breaks open and computers spill out all over the freeway. He jumps out and sees a crowd already forming, grabbing up the computers. They are all engineers, accountants, and programmers wearing the nerdiest clothes he has ever seen. He can't let them steal his whole load. So, remembering what happened in the bar, he pulls out his gun and starts blasting away, felling several of them instantly. A highway patrol officer comes zooming up and jumps out of the car, screaming, "Stop!" "What's wrong? I thought nerds were in season," says the truck driver. "But you can't bait 'em!"

Now your going to have your kids fighting...LOL

Too funny.

Please disable TeaTimer and run the scans again, be sure to update MBAB first and make the HJT log the last scan you run.

Welcome!!

Hi there is a 2mb limit on the file size I think, could that be it?

Let's give this a try. I'm not seeing what made me say root kit. Embarrassing as that is, I might have been looking at two logs and confused them. Look in Add/Remove programs for anything with DCADS in it. A tool bar is usually associated. Then let's run this tool Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

OK, good work so far. You have/had a serious mess of nasty stuff. We still have work to do. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Go to Add/Remove programs and uninstall WinStat. Also Adobe as it is an outdated and unsafe version you have. Current version is 8. Now navigate to Program files and look for any associated folders and delete them. You can reinstall Adobe at your leisure. Please run HJT again and put a check next to these items then click fix. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5B8D7726-E61D-403D-B9C4-FB30463806Eb} - C:\WINDOWS\system32\pplywarx.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZZ O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O20 - Winlogon Notify: mlljj - mlljj.dll (file missing) O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\PAULSC~1\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Helper (

It doesn't mean an option. It is just as it says. Type Y and hit enter. It is very fast and appears to close, it's working. Look for the log in the folder on C:/ and post that log please. Reformatting wipes the disk clean, all data is gone. Back it up now. What sort of error messages when you try to do updates? Very likely it is the malware. Yes you click fix after checking the lines in HJT, sorry that wasn't more clear. With the update issues and rootkit you may want to seriously consider reformat.

Hi again. Please follow the instructions at the top of this forum for pre-HJT posting. http://www.malwarebytes.org/forums/index.php?showtopic=2936

http://www.malwarebytes.org/forums/index.p...ic=3602&hl= fixed for me.

Scanned with 1.04 today and nothing came up. I haven't dumped recycle so seems fixed.

Did update no problems and F/P is gone.

Due to lack of response this topic will be closed to prevent others from posting into it.

Due to lack of response this topic will be closed to prevent others from posting into it.

Since this topic has been resolved it will now be closed. Many thanks to screen317 it is much appreciated. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has been resolved it will now be closed. Many thanks to TeMerc for your help. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Due to lack of response this will be closed to prevent others from posting in it.

Malware scanners are only able to detect suspicious behavior from programs, not whether the program is good or bad. ThreatFire was telling you MBAM was acting in a suspicious manner. There are some other programs giving F/P about MBAM also. Thanks for letting us know about this one. MBAM is safe no need to worry about it. ThreatFire should have a place in configuration you can add programs to the ignore or allow list and adding MBAM should stop all warnings. I'm not at all familiar with ThreatFire though so don't know.

Hi Scansy and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

I can't find it Bruce. I restored it, I have done file search and get nothing. I don't know what else to do.

I did this twice, this is most recent. First one had some sort of burp in it. Everything cleared out on it's own after detection and I saved a log. So I scanned again.

I was waiting to hear that. Will do for you.