How do I get rid of Hijack.StartMenu ?

[sadPCowner]

I am running Windows XP Pro & use Malwarebytes' Anti-Malware, Malwarebytes' RogueRemover, SUPERAntiSpyware Home Edition, ATF Cleaner, CCleaner, and until recently avast! .

> I uninstalled avast! as it wasn't updating properly, but did find a corrupted file in a Boot Scan, but didn't repair it.

>When I installed Malwarebytes' Anti-Malware , the program found about 54 Infections, which I wrote down by hand (my printer is not installed until I get rid of malware), for reference, however, I still find remnants of these varmints in places like the Registry, Windows Explorer, Startup Programs, etc. Currently I am having trouble getting rid of what Malwarebytes' calls : Hijack.StartMenu . It is possible that it as installed with Windows Live Toolbar, as I searched thru Event Viewer & found the Product Description : Smart Menus (Windows Live Toolbar) --Installation completed successfully. Source: Msi I nstaller Category: None Type: Information Event ID: 11707 User: NT AUTHORITY\SYSTEM Data in Bytes {F084395C-40FB-4DB3-981C-B51E74E1E83D} I have since, uninstalled Windows Live programs: Windows Live Photo Gallery: Windows Live Writer; Windows Live Writer [12.0.1370.0325]; Windows Live Favorites for Windows Live Toolbar; and Windows Live Toolbar. I did "keep" Windows Live Messenger, and Windows Live Mail, but if they are corrupt, unsafe, or need to be uninstalled to get rid of Hijack.StartMenu , then I will do what it takes to get rid of it. When I run a Full scan, with Malwarebytes' it finds the Infections, I remove them, then Malwarebytes wants me to Restart the PC to continue the removal & they then RE-INSTALL themselves onto the Stat Menu, or into the Start Menu's Properties. I am also losing my curser continually, and now my other anti-malware programs aen't working properly or updating. **Please HELP we need this PC for school!!** Thanx for your time, sadPCowner

[AdvancedSetup]

Hello and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: I'm infected - What do I do now?

Someone will be happy to assist you further with cleaning your system if required

During this scan and cleanup process you should not install any other software unless requested to do so.

[sadPCowner]

Thank you, for the reply AdvancedSetup & the Welcome. Sorry, it took so long to get back, to the forum...very busy. I will follow the link & instructions & return to check out replies, etc. more often.

Thanx again, sadPCowner

[sadPCowner]

Hi! I wanted to update you after following the instructions (up to "If you're still experiencing issues after running the above procedures then please follow the instructions below."), in I'm Infected - What do I do now?

I ran a MBAM Full scan.Objects scanned: 89904; Objects infected: 5 (All are:Vendor: Hijack.StartMenu & Registry Data); Time elapsed: 28minutes,36seconds. All items were selected & MBAM saved to the Log folder. MBAM asked to restart computer to complete removal process. I clicked Yes. **After restart: a iTunes icon from the desktop was gone -this is a new one & identical to the other 2 on desktop.Also, the same problems in the Start Menu & Start Menu Propeties are RE-checked, that MBAM REMOVED: My Documents, My Computer, Help and Support, Search, and Run. I am still losing my curser, especially when I go anywhere near the Taskbar. I have been trying to get rid of this malware for at least 1 1/2 months, since MBAM found it the 1st time. **Note: I did not uninstall & reinstall MBAM, but am wondering if it was hijacked also-as I think avast! & now possibly SUPERAnti-Spyware were. Should I uninstall MBAM & reinstall?? Because I had uninstalled my AV program avast!, I downloaded, installed, updated & ran the AV suggested in your instructions: Avira AntiVir Personal - Free Antivirus. Scanned files: 123024; Scanned directories:5001; Scanned archives:764; Time elapsed:30:23; Scanned:100%; Detections:0; Suspicious files:0; Warnings:24; Objects searched(scanned with rootkit scan):40126; Hidden objects:0 **Next: I ran MBAM again. MBAM found the SAME 5 infections, and although it scanned only 42 more objects, than this morning(2nd: 89946), it took much longer to scan-Time elapsed:43minutes, 30seconds.

Are these Locked files, that I can somehow just run a tool to remove? Or has MBAM been hijacked? I will wait for a Reply, before I download HijackThis, as maybe I can just run one of MBAM's tools, ie, FileAssasion, or...?

I have saved the last couple of Log files, in case you need them, in addition to MBAM file.