Not Happy!!!

Status
Not open for further replies.
cohen

cohen

New Member
I just installed vista and already got a virus.

I ran combo fix twice to get rid of XP Antivirus! and i have pops ups, but they still continue to come up.

That is good.

Below are the logs.

Pros only pls.

I did combo fix, then hijackthis.
 
Last edited:
Combo Fix 1!!!

ComboFix 08-08-21.02 - Cohen 2008-08-23 14:02:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.937 [GMT 10:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\edwa.exe
C:\Windows\rafbsvnx.dll
C:\Windows\System32\AHOYJRqr.ini
C:\Windows\System32\AHOYJRqr.ini2
C:\Windows\system32\blphc1p8j0ep57.scr
C:\Windows\system32\byXQJcYs.dll
C:\Windows\System32\ghlkahkv.ini
C:\Windows\system32\ljJDVNHA.dll
C:\Windows\system32\lphc1p8j0ep57.exe
C:\Windows\system32\oajaugxa.dll
C:\Windows\system32\phc1p8j0ep57.bmp
C:\Windows\system32\vkhaklhg.dll
C:\Windows\system32\ztexjq.dll
C:\Windows\tsxngabr.dll
C:\Windows\twmxbsqrbtv.dll
C:\Windows\vtqnxfko.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 22:08 86,016 ----a-w C:\Windows\tqwolser.exe
2008-08-22 21:30 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-22 21:12 --------- d-----w C:\Program Files\BitComet
2008-08-22 07:58 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-22 07:33 --------- d-----w C:\Program Files\Creative
2008-08-22 07:31 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 07:28 --------- d-----w C:\Users\Cohen\AppData\Roaming\Apple Computer
2008-08-22 07:28 --------- d-----w C:\ProgramData\Apple Computer
2008-08-22 07:28 --------- d-----w C:\Program Files\iTunes
2008-08-22 07:28 --------- d-----w C:\Program Files\iPod
2008-08-22 07:00 --------- d-----w C:\Program Files\Windows Live
2008-08-22 06:58 --------- d-----w C:\ProgramData\WLInstaller
2008-08-22 06:57 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-22 06:57 --------- d-----w C:\Program Files\QuickTime
2008-08-22 06:57 --------- d-----w C:\Program Files\Bonjour
2008-08-22 06:56 --------- d-----w C:\ProgramData\Apple
2008-08-22 06:56 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-22 06:56 --------- d-----w C:\Program Files\Apple Software Update
2008-08-22 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 06:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C412CBE8-2BC7-4D04-B6D5-D87A27FA1511}]
2008-08-23 12:07 323328 --a------ C:\Windows\system32\rqRJYOHA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 12:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 12:23 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"P17Helper"="P17.dll" [2005-05-03 21:38 64512 C:\Windows\System32\P17.DLL]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ztexjq.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DD8B644A-A708-4E8F-A163-5E93E214E1BA}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{ADA45045-FFCF-420F-BFB2-5FF1A0C43BC2}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F3761A41-5D8F-460B-BF9C-50EABB3A65B2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DF9E7B81-D159-4456-A40E-886C4FA0C3E6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5D2A619F-C6E8-4295-829E-3F7E23F7B1DB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{280B77D6-04C3-4AF5-9F38-1BB72A5B615A}"= UDP:27436:BitComet 27436 TCP
"{1BB98518-A5EB-4A76-8F4D-7981C1B40D73}"= TCP:27436:BitComet 27436 UDP
"TCP Query User{2048ACB0-A6FE-4CFC-9BC5-8F45ACDA4DA0}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7DCA6049-E95B-4E07-941B-F8125BB58775}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 12:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 12:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9be5b6f9-7012-11dd-9a9a-806e6f6e6963}]
\shell\AutoRun\command - D:\Setup.exe
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{B36B25DB-E0B4-4058-BEBF-DB0C12B38C89} - C:\Windows\rafbsvnx.dll
HKLM-Run-MSServer - C:\Windows\system32\byXQJcYs.dll
HKLM-Run-lphc1p8j0ep57 - C:\Windows\system32\lphc1p8j0ep57.exe
HKLM-Run-8c4c8f2e - C:\Windows\system32\vkhaklhg.dll
ShellExecuteHooks-{0C5C4DB4-6C62-49ED-8343-62B9AE7ADF6A} - C:\Windows\system32\byXQJcYs.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Cohen\AppData\Roaming\Mozilla\Firefox\Profiles\llyr1hwj.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 14:06:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
.
**************************************************************************
.
Completion time: 2008-08-23 14:08:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 04:08:26

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 293,196,955,648 bytes free

136 --- E O F --- 2008-08-22 21:30:31
 
Won't fit, to many characters, download here - log 1.txt

and hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:02 PM, on 23/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
E:\USB\Computer Stuff\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8c4c8f2e] rundll32.exe "C:\Windows\system32\cfhkymdt.dll",b
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: ztexjq.dll ditdhs.dll zipmpf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4110 bytes
 
what have you gone to. i have had vista for 3 ish years with no antivirus or anything and i just installed avg and i had nothing
 
brian said:
what have you gone to. i have had vista for 3 ish years with no antivirus or anything and i just installed avg and i had nothing
Click to expand...

Nothing! That is what i can't work out!

i don't know, i know my grandfather (on the same network) had the XP thing, he told me today,

maybe it went over the network???
 
This thing is taking over my system!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:45 PM, on 23/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\Setup_ver1.1394.0.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Users\Cohen\AppData\Local\Temp\b.exe
C:\Windows\Setup_ver1.1394.0.exe
C:\Users\Cohen\AppData\Local\Temp\A6C.tmp
C:\Windows\Setup_ver1.1394.0.exe
C:\Windows\system32\cmd.exe
C:\Users\Cohen\AppData\Local\Temp\sfsrv.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
E:\USB\Computer Stuff\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: rafbsvnx - {2F398AF7-F1A1-4D9E-92E9-36A94898D559} - C:\Windows\rafbsvnx.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8c4c8f2e] rundll32.exe "C:\Windows\system32\cfhkymdt.dll",b
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [lphc1p8j0ep57] C:\Windows\system32\lphc1p8j0ep57.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Somefox] C:\Users\Cohen\AppData\Local\Temp\A6C.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: ztexjq.dll ditdhs.dll zipmpf.dll
O21 - SSODL: tsxngabr - {9EF375A9-34D0-40BB-BF59-7ACF1B16FA2C} - C:\Windows\tsxngabr.dll
O21 - SSODL: vtqnxfko - {FD88644F-7D96-4AE9-8264-4BA34C1DA0FC} - C:\Windows\vtqnxfko.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4989 bytes
 
I got a virus from an e-mail my wife opened, it almost destroyed my computer. What I did was

- Turned on windows defender and did a complete scan
- Downloaded Spybot and did a complete scan
- Bought McAfee antivirus and did a complete scan

McAfee was the only one that picked it up. When I went to remove it through McAfee it could not do it because it was "In Use" and I got a system file error when I tried. I did some research and found the solution to the problem.

- I found out what windows file it goes into and had to find that file and manually remove it. (that only took about 2 hours of looking)
- Then it also puts itself into the system restore feature. I had to turn off system restore and dump all my restore points to fully remove it.
- I also found out what registry file it was and had to remove that.

* It was running through my system restore and registry! Smart little sucker:( Some A**hole MIT nerd is bored sitting in his dorm room and decides to see just how good his skills are and makes these things!

That's just my experience with a Vista Virus anyway, maybe it will help....Good Luck Bro! :)
 
Last edited:
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • You can also access the log in the Logs tab of Malwarebytes' Anti-Malware.

Please delete the version of ComboFix you have and download a new one from http://download.bleepingcomputer.com/sUBs/ComboFix.exe. Please run it again and post the log it generates.

Please post
  • The Malwarebytes Anti-Malware log
  • The new ComboFix log
  • A new HijackThis log
 
Hi ceewi1,

It was getting annoying, so i reinstalled, i didn't have much on the PC.

Sorry for wasting your time.

Can you pls close / delete this thread.

Thanks

Cohen
 
Status
Not open for further replies.
Back
Top