Generic.Malware.SPN!!.5B931E8D

Make sure Spybot's TeaTimer has been disabled so it does not interfere with removals.

What was the message that Malwarebytes gave you regarding not being able to remove it?

Malwarebytes would not remove it so I had to run it in safe mode. In safe mode it did find it and said it would remove it but had to restart to remove it. So I restarted the computer and it is still there. I will try Spybot again with TeaTimer off (not sure what teatimer is but I am sure I can find it). Will run it and see what happens and report back.

Mike 

To completely stop TeaTimer via Spybot: <-- You will need to do this so it is not enabled at the reboot, thus enabling MBAM to finish removals.

Go to Start>Run. Type Msconfig > OK. On the next window that opens > Startup tab UNcheck the entry for TeaTimer
1. Open Spybot
2. Click Mode > Advanced Mode
3. Click Yes
4. Click Tools (located in the bottom left corner) > Resident
5. Uncheck 'Resident "TeaTimer" (Protection of over-all system settings) active'
6. Then close Spybot.
Reboot.
Verify that TeaTimer is not running.

What was the reason for removing BitDefender and installing AVG instead?

Please update MBAM and run a new scan. Please post the ENTIRE log produced. Thanks.

Malwarebytes Anti-Malware did delete 4 files. However, the one I am trying to get rid of is still here (the title of this thread). Here is what MBAM deleted:

Files Infected:
C:\Users\Mike\AppData\Local\Temp\Low\win7A8D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winB2CD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winD5E5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winEB1D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Someone also suggested I dump Defender Pro & SpyBot and try AVG with MBAM. I may do this but it will have to wait until tomorrow. Thanks for the suggestions but as of right now the Generic.Malware is still there.

Mike

Defender Pro 5 in 1 is still there. I have not uninstalled it as I really didn't want to do it any way. Here is the latests Log I ran about a half hour ago in safe mode It did not find anything but my Generic.Malware is still on the computer.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4171

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

6/5/2010 8:05:21 PM
mbam-log-2010-06-05 (20-05-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 250852
Time elapsed: 33 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

According to the log that you posted, Malwarebytes' Anti-malware did not find Generic.Malware.SPN!!.5B931E8D. It does not remove files that it cannot find.

Update BitDefender. Reboot into Safemode. Run Defender Pro in Safemode and see if it finds and deletes that file.

OK will update now but the last time I  tried to run it in safe mode it would not run. I know Vista has several "safe mode" options but I always pick the first (the one that just says "safe mode"). Will try again and see what happens and let you know. Thanks for your help.

I wasn't sure what BitDefender really was but upon further inspection I see that it is part of Defender Pro and it will not run in safe mode. I do not know why. However, after updating I went ahead and run MBAM in safe mode and came up with some interesting stuff which I will post here. When I rebooted normally Windows Updates still can;t check for updates and another box popped up that said I have blocked start up programs. When I went to look at them I was unable to tell which ones they were and decided not to just select "run blocked program". here is the MBAM log I ran a few min ago (and even after all of this the computer is still not running like it should. I still get redirected to bogus web domains that are for sale):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4171

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

6/6/2010 8:39:45 AM
mbam-log-2010-06-06 (08-39-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 251245
Time elapsed: 33 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Mike\AppData\Local\Temp\Low\win1DD4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win1FFB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win37B9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win39FF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win3FF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win519E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win5403.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win616.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win6B64.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win6DC9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win8286.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win8558.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win9C6B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\win9F2E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winA1A2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winB650.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winB913.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winBAEB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winD035.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winD26B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winEA2A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winEC31.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\Low\winEE48.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

One last thign I just discovered. It says IE is not running under Administrator but I AM the Admin. I checked my accounts my wife and I are both Admin. Wonder why it would be telling me this now?

Defender Pro found it but could not delete it. S

One of the trained helpers has replied to your post on the MR forum, so please continue working with him over there.

Ok, thanks. I will head over there in a minute and check out that thread. My computer runs in normal mode, however MBAM detects files only in safe mode for some reason. Defender Pro does find the files in normal mode but cannot delete them.