LDTate

Files Infected: c:\WINDOWS\system32\pumotozi.dll (Trojan.Vundo.H) -> Not selected for removal. C:\WINDOWS\system32\logon.exe (Worm.Emold) -> Not selected for removal. Did you not select those for removal?

Hello and Welcome to the forum. Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop. * IMPORTANT !!! Save ComboFix.exe to your Desktop Link 1 Link 2 Double click on the ABCD.exe ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

Hello and Welcome to the forum. Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop. * IMPORTANT !!! Save ComboFix.exe to your Desktop Link 1 Link 2 Double click on the ABCD.exe ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

Stay with this topic until I give you the final 'All clean' post. Vista users: 1. These tools MUST be run from the executable. (.exe) 2. With Admin Rights (Right click, choose "Run as Administrator") every time you run them 1) exeHelper Please download exeHelper to your desktop. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com) Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Being helped here: http://www.malwarebytes.org/forums/index.p...c=29124&hl=

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html O4 - HKLM\..\Run: [jahukezaj] Rundll32.exe "c:\windows\system32\pumotozi.dll",a O20 - AppInit_DLLs: c:\windows\system32\pumotozi.dll O21 - SSODL: nejoviliw - {2bc5d69f-e002-40fd-b50f-026ca3e43635} - c:\windows\system32\pumotozi.dll O22 - SharedTaskScheduler: mujuzedij - {2bc5d69f-e002-40fd-b50f-026ca3e43635} - c:\windows\system32\pumotozi.dll Close ALL windows and browsers except HijackThis and click "Fix checked" Before rebooting lets try to run MBAM. Follow these instructions. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Then click Remove Selected . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment. Please don't attach the scans / logs, use "copy/paste". .

Welcome to the forums. Lets try this and see if MBAM will run after the below suggestion. Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Uncheck "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Uncheck "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. 1. launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4. Save in: Desktop File Name: fixme.reg Save as Type: All files Click: Save 2. Save this text as fixme.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop. Include the word REGEDIT4 3. Double-click on fixme.reg. When it asks you to merge the information to the registry click Yes. 4.Empty Recycle Bin Reboot and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

Hello and welcome to the forums. Stay with this topic until I give you the final 'All clean' post. Vista users: 1. These tools MUST be run from the executable. (.exe) 2. With Admin Rights (Right click, choose "Run as Administrator") every time you run them 1) exeHelper Please download exeHelper to your desktop. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com) Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file). You can now also try running MBAM now.

-peepster1005 The infection you have / had disables most programs (.exe) from running. I would start a new topic here. http://www.malwarebytes.org/forums/index.php?showforum=7

You're more then welcome. Glad we were able to help Peace be with you

This will take care of that. Good job :thumbup: The following will implement some cleanup procedures as well as reset System Restore points: Click START then RUN Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there. To be on the safe side, I would also change all my passwords. Here's my usual all clean post Log looks good Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. [*]Next press the Apply button and then the OK to exit the Internet Properties page. [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. [*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Only run one Anti-Virus and Firewall program. I would suggest you read How to Prevent Malware:

We're not finished yet. How's it running now? Any issues?

Backup Your Registry with ERUNT Please use the following link and scroll down to ERUNT and download it. http://aumha.org/freeware/freeware.php For version with the Installer: Use the setup program to install ERUNT on your computer For the zipped version: Unzip all the files into a folder of your choice. Click Erunt.exe to backup your registry to the folder of your choice. Please do not delete anything unless instructed to. Next: 1. launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4. Save in: Desktop File Name: fixme.reg Save as Type: All files Click: Save 2. Save this text as fixme.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop. Include the word REGEDIT4 3. Double-click on fixme.reg. When it asks you to merge the information to the registry click Yes. 4.Empty Recycle Bin Reboot and see if MBAM will run now.

Yes it does.That's looking pretty good. Lets run another MBAM scan. Stay with this topic until I give you the all clean post.

DO NOT use any TOOLS such as Combofix, SmitfraudFix, Vundofix, or HijackThis fixes without supervision. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Uncheck "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Uncheck "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Next: Please download ATF Cleaner by Atribune. Download - ATF Cleaner

Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

Sorry about the delay in responding If you still need help, please post back. Also please describe how your computer behaves at the moment.

Sorry about the delay in responding If you still need help, please post back. Also please describe how your computer behaves at the moment.

Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

Welcome to Malware Bytes forums. You have quite a collection of bad guys onboard. If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

Welcome to the forums. Your MBAM scan shows "No Action Taken" Did you Select the bad ones found and then Remove Selected?

Great job

If we can do anything to help, let us know