kckane

Finally got a chance to do this - sorry for the delay. The stop command reported that the service had not been started but the delete command worked. That did the trick, HijackThis no longer reports this entry. Trying to fix the two other entries that you mention doesn't seem to have any effect - they just show up again. I'm going to change the default IE settings to not automatically search anyway, so I'm not worried about these. Latest logfile is attached (note that I may have reinstalled a couple of items since last run). Thanks again for all your help - everything seems good. Now that I've trimmed this machine down to the barebones I'm going to upgrade to Windows 7 Beta and see how that goes Cheers, Kevin hijackthis_24_jan_2009.txt hijackthis_24_jan_2009.txt

Haven't had a chance to get back to this the last couple of days - will do so tonight or tomorrow.

Hmm, I guess I chose the wrong one when I downloaded HijackThis. It was available from multiple sites so I tried to pick the one that seemed the "safest". Thanks again for pointing this out. The latest logs are attached. Everything looks good except for the last service entry (LiveShare). I had removed Roxio during my cleanup process but for some reason this entry stayed. Strangely enough, selecting "Fix" in HijackThis doesn't actually remove the entry - it's still there when I do another scan. Irritating but probably benign. Regards, Kevin mbam_log_2009_01_20__19_20_08_.txt hijackthis_20_jan_2009.txt mbam_log_2009_01_20__19_20_08_.txt hijackthis_20_jan_2009.txt

Thanks for the response. I was rather surprised to hear the version of Malwarebytes and HijackThis I had were "way" out of date, considering I downloaded them just prior to Christmas. In the world of trojans and viruses, however, I guess 4 weeks is an eternity :-) At any rate it was of course a good suggestion, as the latest version of Malwarebytes did in fact find the culprits - logfiles are attached - and I'm now able to send this post from the formerly infected machine. Sneaky little devils for sure; I'm almost impressed at how well-disguised they were. Which leads me to say, I definitely am impressed with both Malwarebytes and HijackThis as tools to combat malware. Many thanks to everyone involved in creating and maintaining these products, as well as to those who take the time to respond in these forums. Best regards, Kevin mbam_log_2009_01_18__11_00_33_.txt hijackthis_18_jan_2009.txt mbam_log_2009_01_18__11_00_33_.txt hijackthis_18_jan_2009.txt

I am having the same problem with browsers being prevented from going to www.malwarebytes.org and other sites. Two similar posts I found are http://www.malwarebytes.org/forums/index.php?showtopic=6956 and http://www.malwarebytes.org/forums/index.php?showtopic=9707. In short, while researching a solution to a Linux printing problem I managed to follow a Google link that resulted in various browser hijackers and other viruses getting installed on my machine. I noticed it immediately and took corrective action, and with the help of Malwarebytes (excellent product, BTW) was able to remove everything. Or so I thought. The one symptom that seems to remain is that certain websites (such as www.malwarebytes.org) are either blocked or misdirected by the browser. I have verified that it is not a router issue, as I have other machines on my LAN that can get to these sites no problem. Also, nslookup does give me the correct IP address for alpha.malwarebytes.org (69.162.79.74). I tried to get there from the browser via IP address but receved a Forbidden response, probably due to your server using name-based virtual host mapping (or something similar). Running tracert also shows that it ends up at alpha.malwarebytes.org. Being technically savvy I have been working on this for a while now but am finally running out of ideas. Like others, steps that I've taken include: Doing a full Malwarebytes scan Running Hijackthis and removing suspicious entries Removing non-critical software from the system Running netsh int ip reset and ipconfig /flushdns multiple times Starting up in safe mode with no services other than networking Resetting Internet Explorer settings to default values Completely removing and reinstalling Firefox I've attached the latest Malwarebytes and Hijackthis logs for reference. I have been tempted to run ComboFix, but as a power user I have not been able to find enough information on what this tool actually does to satisfy my need to know what the actual problem is. Any help would be greatly appreciated. Thanks, Kevin mbam_log_2009_01_17__15_23_41_.txt hijackthis_17_jan_2009.txt mbam_log_2009_01_17__15_23_41_.txt hijackthis_17_jan_2009.txt