f-14

Still there. I get the feeling this problem going to be a real hard one to get rid of. Malwarebytes 150415.txt

Ran the fixlist. The PC rebooted afterwards. Here is the file. Fixlog 150415.txt

Here are the updated files FRST 150414.txt Addition 150414.txt

Did not help. Vosteran still the default search provider in IExplorer. If I make Bing the default, delete Vosteran, close IE, restart IE the Vosteran is back as the default search provider. MBAM still finds the entries in the registry.

Still there. Malwarebytes log.txt

Her it is Fixlog.txt

Here is the file.

Sorry I meant to say I lost the Fixlog.txt

Ahhhh I lost the Fixlist.txt file. I am sure I saved it but cant find it, Checked the directory and elsewhere.

Here are the files attached. FRST.txt Addition.txt

Yes ran as admin

I tried that. Same results. Nothing happens when I try to run ZOEK.

Downloaded ZOEK and disabled my N360. Ran ZOEK but nothing happens.

After running Malwarebytes it finds and deletes Vosteran. On the next scan it finds it again and the cycle continues. Malwarebytes log.txt

I found the last 2 registry key problem programs (blindman.exe and SDFiles.exe) in the SpyBot program directory.

I did the first time. I try again. I also tried to paste it here in the message but system wouldn't add it. malwarebytes problem clean.txt

Ran MalwareBytes and it found some Security.Hijacks (see attached file) that I believe are associated the SpyBot.

When I run Malwarebytes (version 1.70.0.1100) in Vista (home user edition) it hangs (not responding) when it tries to scan - C:\system volume information\tracking.log. I tried to add the file to ignore list but cannot access it since the directory is hidden from Malwarebytes. Any idea how I can get around this problem?

I dont think my computer is infected. It runs fine. I just dont have it connected to the internet. This problem started when I installed MBAM 1.60. I also have Vipre and Advanced system Care by IObit running on the PC.

I copied the rules.ref and database.conf from another computer that is connected to the internet and had the latest of these files. Ran MBAM.exe and it showed it had the latest rules and I started it scanning. Everything looked good until partway through the scan it ran into an error. Error Signature Appname: Mbam.exe Appver: 1.60.0.61 Modname: Mbamcore.dll Offset: 0065c92 Any ideas on this one?

I have downloaded and installed version 1.60. It runs with no problems, but the DB is old (42 days). After I download (mbam-rules.exe) and install the latest DB, when I run the program I get the DB missing or corrupt message. When I look in the location where rules.ref was with the install of 1.60, rules.ref is now gone. I re-install 1.60 and the old rules.ref is back. Anytime I try to install the latest rules (mbam-rules.exe) I end up with no rules.ref on my computer. Computer OS is WinXP. Whats going on here?

I read under section B which indicates that you can't save a log file to a location or file (even though the current help indicates otherwise). I also looked in "C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs" and those log files stopped back in May 2010. Didn't see anything else that applied to my PC Still looking for a way to save log files.

I have MBAM executing from a command line in a batch file. I have tried : mbam.exe /scan -full mbam.exe /scan -full -log mbam.exe /logtofolder C:\mbam_log_files /scan -full mbam.exe /logtofolder C:\mbam_log_files /scan -full -log mbam.exe /scan -full /logtofolder C:\mbam_log_files mbam.exe /logtofile C:\mbam_log_files\mbam-log.txt /scan -full mbam.exe /logtofile C:\mbam_log_files\mbam-log.txt /scan -full -log mbam.exe /scan -full /logtofile C:\mbam_log_files\mbam-log.txt None of these has saved a log file (I have searched the whole C drive). I thought the latest release 1.50.1.1100 fixed some of these problems. Anybody see anything wrong with the above or how I can save a log file?

I have started to get reports from email contacts that they are receiving a suspicious email from me that I am not sending. No one has opened it. I believe someone has hijacked my email contacts. Here is the HJT log file. Can someone please tell me if anything is suspiciou in it? Thanks. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:17:12 AM, on 1/22/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Windows\system32\cmd.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mfcproxy.vs.lmco.com:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - (no file) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O4 - HKCU\..\Run: [TClockEx] "C:\Program Files\TClockEx\TCLOCKEX.EXE" O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 7386 bytes hijackthis_012210.log