Hi all. Big thanks in advance to anybody who can help run me through this. I've followed 7 of the 8 steps to the letter --- I seem to be prevented from updating Java somehow, though I did uninstall the old version using the remove programs menu. Only other symptom seems to be a general slowness. Here are my logs.

Big, big thanks again.

Attached Files

	SUPERAntiSpyware Scan Log - 12-02-2008 - 22-45-54.log (1.3 KB, 1 views)
	hijackthis.log (7.2 KB, 3 views)
	mbam-log-2008-12-02 (21-57-52).txt (4.5 KB, 3 views)

Some concerns in your HJT log sadly

Try these easy steps first

CCleaner (some strange Temp stuff needs to be removed)
Norton removal tool (unless you have symantec stuff installed, but it's running anyway)
Restart
Malwarebytes (Yes I know its been run already, but trust me, update it, and run it again)

Done and done. Thanks a million. Here are new logs. Perhaps I'm inching my way forward?

Attached Files

	hijackthis12-3-08.txt (6.9 KB, 3 views)
	mbam-log-2008-12-03 (09-59-27).txt (1.2 KB, 2 views)

Update both below even if you did it already to day, and Run

1st SAS we have no log
2nd MABM get new log to confirm it is in fact clean now and finds nothing else.
3rd After above new HJT log.

Mike

Any guess as to why I can't seem to update Malwarebytes (or SAS, for that matter) from using the software's update tab? It just won't connect to either of the offered mirror sites (tried taking down my Windows Firewall to see if that made a difference -- no dice).

Yesterday I updated the database at gt500.org, but it's a version 1442 that's up there now and some Googling suggested to me there's already a 1443...

Special case where after installing MBAM and SAS they will not update or run
Read here: Google Yahoo redirect TDSSserv.sys

Nice. Mom always told me I was special. For the record, I can run both programs, just can't seem to update without separately downloading and installing the new ones. Still cool for me to follow the procedure on the link?

Thanks thanks thanks...

Hmm... Followed through with the instructions re: TDSSserv.sys. It's disabled, I've restarted, double-checked it. Still unable to update MBAM or SAS using the their respective Update tabs.

Well that "read here" link above should work
But I've had users also say that they needed to rename Malwarebytes executable (mbam.exe), like to MBAM2 or something
It's found here: Start->Run-> C:\Program Files\Malwarebytes' Anti-Malware

Yeah, no dice. I click "Check for Updates," I get a window telling me "Looking for SecurityWonks.net (or Malwarebytes.org)" ... then nothing. The window stays for as long as I care to leave it open with no movement in the status bar. SAS tells me, "There was an error trying to retrieve definitions. Make sure your firewall is not blocking SUPERANTISPYWARE.exe from accessing the Internet." But I'm running no firewall at the moment. This is maybe related to why I can't download the Java Installer?

Again, though, I was able to separately download each of the most recent definitions databases just fine, then run and install them from the desktop. Just can't seem to connect from "inside" either program.

Hmm

That special link above, also has a reply by another member
And in his big reply you should see some blue writing, this is clickable
Please click it, then locate the "Fixit" file
Download it, and run it

No it's not the Firewall off issue

Check. It gave me the attached two logs and two shortcuts that don't lead anywhere when I try to proceed with the instructions on that page (runmbam.exe and sas.exe).

Attached Files

	NotExist.log (9.3 KB, 2 views)
	Malware.log (171 Bytes, 2 views)

Now do they update

Aha. No, Fixit had no effect, but I'm getting somewhere. I opened Internet Explorer (which I usually don't do --- been conducting this through Safari and Firefox) and I was told I was offline. Was prompted to connect or remain offline (despite an otherwise functioning wireless connection). I chose connect, and I can now update both piece of software properly (and install Java).

As an added symptom, though, I now notice that embedded images are not appearing at all in Explorer. I don't use Explorer anyway, but that's probably not normal, huh?

I'm running the requested (above) scans again, and I'll post the logs shortly...

Enter the Fixes folder and attach the bfu.log.

Mike

Here are the three logs asked for above.

BFU.exe (the "Brute Force Uninstaller") did run when I extracted the FixIt folder and followed Fixit.cmd, but no such bfu.log appears in here now. The BFU restarted Windows when it was through, and when I returned to my desktop, it had on it the two logs and the two shortcuts I mentioned above. That's it, though (unless this bfu.log could be elsewhere, but I ran a search for it with no results).

Sorry this is turning out to be so complex. For what it's worth, images are still not appearing in Explorer, though other browsers seem to be having no trouble.

Attached Files

	SUPERAntiSpyware Scan Log - 12-03-2008 - 19-48-07.log (995 Bytes, 1 views)
	mbam-log-2008-12-03 (20-43-22).txt (840 Bytes, 2 views)
	hijackthis.log (6.8 KB, 0 views)

For what it's worth, I just ran another SAS --- just for fun --- and found another handful of infections. So here's that log, too.

Attached Files

SUPERAntiSpyware Scan Log - 12-03-2008 - 21-36-53.log (1.3 KB, 2 views)

Hi Brian

OK you are getting some where at least.

Do the below steps and post the logs, if one don't run and the other does then after the one that does go back to the first after a reboot.
----------------------------------------------------------------------------------------------------------------------------------
ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall
----------------------------------------------------------------------------------------------------------------------------------

When above is complete

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/R...ools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Mike

Thanks Mike, et al. Here are some logs.

I checked in on Internet Explorer, and for what it's worth, it's displaying images again. I've decided that's probably a good thing.

Attached Files

	combo fix log.txt (11.2 KB, 1 views)
	SDFixreport.txt (7.0 KB, 1 views)
	hijackthis12-4.log (6.3 KB, 1 views)

OK run HJT Scan Only select and remove the below entries

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: anfhoa.dll

Then Combofix again to confirm clean. Post that log then.....

UPDATE SAS and run it again. It should be clean this time! Post me a clean log!

Mike

>> Post me a clean log!

I'm trying, brother, I'm trying. So close. SAS found two tracking cookies, but no more rootkits.

Attached Files

	Combo Fix log new.txt (11.6 KB, 1 views)
	SUPERAntiSpyware Scan Log - 12-04-2008 - 13-05-19.log (634 Bytes, 1 views)