Jump to content

hijack log (used combofix)


Recommended Posts

ComboFix 09-03-25.02 - Administrator 2009-03-25 22:50:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.503.250 [GMT -5:00]

Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

d:\windows\system32\_000007_.tmp.dll

d:\windows\system32\_003991_.tmp.dll

d:\windows\system32\_004148_.tmp.dll

d:\windows\system32\_004149_.tmp.dll

d:\windows\system32\_004150_.tmp.dll

d:\windows\system32\_004151_.tmp.dll

d:\windows\system32\_004158_.tmp.dll

d:\windows\system32\_004159_.tmp.dll

d:\windows\system32\_004160_.tmp.dll

d:\windows\system32\_004161_.tmp.dll

d:\windows\system32\_004163_.tmp.dll

d:\windows\system32\_004164_.tmp.dll

d:\windows\system32\_004167_.tmp.dll

d:\windows\system32\_004168_.tmp.dll

d:\windows\system32\_004170_.tmp.dll

d:\windows\system32\_004171_.tmp.dll

d:\windows\system32\_004172_.tmp.dll

d:\windows\system32\_004174_.tmp.dll

d:\windows\system32\_004175_.tmp.dll

d:\windows\system32\_004177_.tmp.dll

d:\windows\system32\_004181_.tmp.dll

d:\windows\system32\_004182_.tmp.dll

d:\windows\system32\_004184_.tmp.dll

d:\windows\system32\_004185_.tmp.dll

d:\windows\system32\_004187_.tmp.dll

d:\windows\system32\_004189_.tmp.dll

d:\windows\system32\_004190_.tmp.dll

d:\windows\system32\_004191_.tmp.dll

d:\windows\system32\_004192_.tmp.dll

d:\windows\system32\_004193_.tmp.dll

d:\windows\system32\_004196_.tmp.dll

d:\windows\system32\_004198_.tmp.dll

d:\windows\system32\_004199_.tmp.dll

d:\windows\system32\_004200_.tmp.dll

d:\windows\system32\_004204_.tmp.dll

d:\windows\system32\mfc45.dll

.

((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))

.

2009-03-25 17:32 . 2009-03-25 17:32 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware

2009-03-25 17:32 . 2009-03-25 17:32 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-25 17:32 . 2009-03-25 17:32 <DIR> d-------- d:\documents and settings\Administrator\Application Data\Malwarebytes

2009-03-25 17:32 . 2009-02-11 10:19 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys

2009-03-25 17:32 . 2009-02-11 10:19 15,504 --a------ d:\windows\system32\drivers\mbam.sys

2009-03-24 19:11 . 2008-10-16 14:06 268,648 --a------ d:\windows\system32\mucltui.dll

2009-03-24 19:11 . 2008-10-16 14:06 27,496 --a------ d:\windows\system32\mucltui.dll.mui

2009-03-24 19:07 . 2009-03-25 07:26 1,374 --a------ d:\windows\imsins.BAK

2009-03-23 14:44 . 2009-03-23 14:44 <DIR> d-------- d:\program files\Avira

2009-03-23 14:44 . 2009-03-23 14:44 <DIR> d-------- d:\documents and settings\All Users\Application Data\Avira

2009-03-23 14:28 . 2005-05-04 14:45 2,890,240 --a------ d:\windows\system32\msi.dll

2009-03-23 14:28 . 2005-05-04 14:45 2,890,240 -----c--- d:\windows\system32\dllcache\msi.dll

2009-03-23 14:28 . 2005-05-04 14:45 884,736 --a------ d:\windows\system32\msimsg.dll

2009-03-23 14:28 . 2005-05-04 14:45 884,736 -----c--- d:\windows\system32\dllcache\msimsg.dll

2009-03-23 14:28 . 2005-05-04 14:45 271,360 --a------ d:\windows\system32\msihnd.dll

2009-03-23 14:28 . 2005-05-04 14:45 271,360 -----c--- d:\windows\system32\dllcache\msihnd.dll

2009-03-23 14:28 . 2005-05-04 14:45 78,848 --a------ d:\windows\system32\msiexec.exe

2009-03-23 14:28 . 2005-05-04 14:45 78,848 -----c--- d:\windows\system32\dllcache\msiexec.exe

2009-03-23 14:28 . 2005-05-04 14:45 15,360 --a------ d:\windows\system32\msisip.dll

2009-03-23 14:28 . 2005-05-04 14:45 15,360 -----c--- d:\windows\system32\dllcache\msisip.dll

2009-03-23 13:27 . 2005-07-05 12:55 124,752 --a------ d:\windows\system32\xpacket.sys

2009-03-23 13:26 . 2009-03-23 13:26 <DIR> d-------- d:\program files\Filseclab

2009-03-23 13:26 . 2009-03-23 13:27 <DIR> d-------- d:\program files\Common Files\Filseclab

2009-03-23 12:45 . 2003-03-31 07:00 29,696 --a------ d:\windows\system32\asr_pfu.exe

2009-03-23 12:45 . 2002-08-29 00:32 17,792 --a------ d:\windows\system32\drivers\irbus.sys

2009-03-23 12:45 . 2003-03-31 07:00 10,752 --a------ d:\windows\system32\spiisupd.exe

2009-03-23 12:45 . 2001-08-17 21:36 9,728 --a------ d:\windows\system32\smtpapi.dll

2009-03-23 12:45 . 2001-08-17 21:36 9,216 --a------ d:\windows\system32\rwnh.dll

2009-03-23 12:43 . 2006-06-30 10:28 2,703,872 -----c--- d:\windows\system32\dllcache\MSHTML.DLL

2009-03-23 12:42 . 2003-03-31 07:00 2,049,999 --------- d:\windows\system32\dllcache\nt5.cat

2009-03-23 11:58 . 2008-10-16 14:12 213,528 --a------ d:\windows\system32\wuaucpl.cpl

2009-03-22 19:40 . 2005-06-21 16:43 163,840 --a------ d:\windows\system32\igfxres.dll

2009-03-22 19:33 . 2003-03-31 07:00 1,875,968 --a--c--- d:\windows\system32\dllcache\msir3jp.lex

2009-03-22 19:32 . 2003-03-31 07:00 13,463,552 --a--c--- d:\windows\system32\dllcache\hwxjpn.dll

2009-03-22 19:31 . 2003-03-31 07:00 169,984 --a--c--- d:\windows\system32\dllcache\iisui.dll

2009-03-22 19:31 . 2003-03-31 07:00 94,720 --a--c--- d:\windows\system32\dllcache\certmap.ocx

2009-03-22 19:31 . 2003-03-31 07:00 49,664 --a--c--- d:\windows\system32\dllcache\adrot.dll

2009-03-22 19:31 . 2003-03-31 07:00 19,968 --a--c--- d:\windows\system32\dllcache\inetsloc.dll

2009-03-22 19:31 . 2003-03-31 07:00 14,336 --a--c--- d:\windows\system32\dllcache\iisreset.exe

2009-03-22 19:31 . 2003-03-31 07:00 7,680 --a--c--- d:\windows\system32\dllcache\inetmgr.exe

2009-03-22 19:31 . 2003-03-31 07:00 7,168 --a--c--- d:\windows\system32\dllcache\wamregps.dll

2009-03-22 19:31 . 2003-03-31 07:00 6,144 --a--c--- d:\windows\system32\dllcache\ftpsapi2.dll

2009-03-22 19:31 . 2003-03-31 07:00 6,144 --a--c--- d:\windows\system32\dllcache\admxprox.dll

2009-03-22 19:31 . 2003-03-31 07:00 5,632 --a--c--- d:\windows\system32\dllcache\iisrstap.dll

2009-03-22 19:31 . 2001-08-17 21:36 5,632 --a--c--- d:\windows\system32\dllcache\EXCH_adsiisex.dll

2009-03-22 19:30 . 2009-03-22 19:30 749 -rah----- d:\windows\WindowsShell.Manifest

2009-03-22 19:30 . 2009-03-22 19:30 749 -rah----- d:\windows\system32\wuaucpl.cpl.manifest

2009-03-22 19:30 . 2009-03-22 19:30 749 -rah----- d:\windows\system32\sapi.cpl.manifest

2009-03-22 19:30 . 2009-03-22 19:30 749 -rah----- d:\windows\system32\nwc.cpl.manifest

2009-03-22 19:30 . 2009-03-22 19:30 749 -rah----- d:\windows\system32\ncpa.cpl.manifest

2009-03-22 19:30 . 2009-03-22 19:30 488 -rah----- d:\windows\system32\logonui.exe.manifest

2009-03-22 19:29 . 2003-03-31 07:00 73,728 --a--c--- d:\windows\system32\dllcache\icwtutor.exe

2009-03-22 19:29 . 2003-03-31 07:00 61,440 --a--c--- d:\windows\system32\dllcache\icwres.dll

2009-03-22 19:29 . 2003-03-31 07:00 40,960 --a--c--- d:\windows\system32\dllcache\trialoc.dll

2009-03-22 19:29 . 2003-03-31 07:00 28,160 --a--c--- d:\windows\system32\dllcache\msoobe.exe

2009-03-22 19:29 . 2003-03-31 07:00 16,384 --a--c--- d:\windows\system32\dllcache\isignup.exe

2009-03-22 19:16 . 2003-03-31 07:00 797,189 --a--c--- d:\windows\system32\dllcache\NT5IIS.CAT

2009-03-22 19:15 . 2003-03-31 07:00 1,086,182 -ra------ d:\windows\SET62.tmp

2009-03-22 15:07 . 2009-03-22 15:07 <DIR> d-------- d:\windows\java

2009-03-16 16:51 . 2009-03-16 16:51 2,472 --a------ D:\clean.bat

2009-03-14 10:11 . 2009-03-14 18:42 <DIR> d-------- d:\program files\Arovax AntiSpyware

2009-03-13 08:30 . 2008-07-14 04:09 212,728 --a------ d:\windows\CMDLIC.DLL

2009-03-13 08:30 . 2008-07-14 04:09 205,560 --a------ d:\windows\UNBOC.EXE

2009-03-13 08:30 . 2008-04-13 19:12 22,528 --a------ d:\windows\system32\wsock32.dlb

2009-03-13 08:29 . 2009-03-23 19:04 416 --a------ d:\windows\system32\BIN_STRSBW.SPT

2009-03-13 07:24 . 2009-03-23 12:02 <DIR> d-------- d:\program files\COMODO

2009-03-13 00:50 . 2009-03-16 12:31 <DIR> d-------- d:\documents and settings\Administrator\Application Data\Webroot

2009-03-12 20:02 . 2009-03-23 19:29 <DIR> d-------- d:\program files\Arovax Shield

2009-03-11 09:33 . 2009-03-11 09:33 406 --a------ d:\windows\system32\ioloBootDefrag.cfg

2009-03-11 09:29 . 2009-03-11 09:32 <DIR> d-------- d:\documents and settings\All Users\Application Data\iolo

2009-03-11 09:29 . 2009-03-11 10:22 <DIR> d-------- d:\documents and settings\Administrator\Application Data\iolo

2009-03-10 18:57 . 2009-03-10 18:57 2,560 --a------ d:\windows\_MSRSTRT.EXE

2009-03-10 09:18 . 2009-03-10 09:18 144 --a------ d:\windows\system32\lkfl.dat

2009-03-10 09:18 . 2009-03-10 12:53 96 --a------ d:\windows\system32\pdfl.dat

2009-03-10 09:18 . 2009-03-10 09:18 80 --a------ d:\windows\system32\ibfl.dat

2009-03-09 19:56 . 2009-03-12 10:03 1,445,888 --a------ d:\documents and settings\Administrator\DesktopWinsockxpFix.exe

2009-03-09 19:56 . 2009-03-12 10:02 186,368 --a------ d:\documents and settings\Administrator\DesktopLSPFix.exe

2009-03-09 19:56 . 2009-03-12 10:02 36,864 --a------ d:\documents and settings\Administrator\DesktopSafeMSI.exe

2009-03-09 18:19 . 2009-03-09 19:07 <DIR> d-------- d:\program files\RegScrubXP

2009-03-05 23:17 . 2009-03-23 15:25 <DIR> d-------- d:\documents and settings\All Users\Application Data\CA-SupportBridge

2009-03-05 22:58 . 2009-03-05 22:58 <DIR> d-------- d:\program files\Common Files\Scanner

2009-03-04 12:12 . 2009-03-05 22:59 <DIR> d-------- d:\program files\Common Files\Adobe

2009-03-02 22:13 . 2009-03-23 17:54 <DIR> d----c--- d:\windows\system32\DRVSTORE

2009-03-02 19:24 . 2009-03-25 19:04 <DIR> d-------- d:\program files\IObit

2009-03-02 16:45 . 2009-03-02 18:34 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-02 00:23 . 2009-03-02 00:23 <DIR> d-------- d:\program files\Cookie Monster II

2009-03-02 00:23 . 2009-03-02 00:23 286,720 --a------ d:\windows\iun506.exe

2009-03-01 19:17 . 2009-03-12 22:41 <DIR> d-------- d:\documents and settings\All Users\Application Data\Arovax

2009-03-01 16:52 . 2009-03-01 16:52 <DIR> d-------- d:\documents and settings\All Users\Application Data\ESET

2009-02-28 02:02 . 2009-02-28 02:02 249,592 --a------ d:\windows\system32\cssdll32.dll

2009-02-27 14:35 . 2009-02-27 14:35 <DIR> d-------- d:\documents and settings\All Users\Application Data\scar5

2009-02-27 14:34 . 2009-02-27 14:34 <DIR> d-------- d:\documents and settings\Administrator\Application Data\scar5

2009-02-27 00:26 . 2009-03-06 01:32 <DIR> d-------- d:\program files\Java

2009-02-27 00:26 . 2009-02-27 00:26 <DIR> d-------- d:\program files\Common Files\Java

2009-02-26 18:16 . 2007-08-20 13:37 99,592 --a------ d:\windows\system32\isafeif(2).dll

2009-02-26 18:16 . 2007-08-20 13:26 79,424 --a------ d:\windows\system32\vetredir(2).dll

2009-02-26 15:45 . 2009-02-26 16:57 95 --a------ d:\windows\system32\productregistry

2009-02-26 10:20 . 2009-02-26 10:20 <DIR> d-------- d:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2009-02-26 09:51 . 2009-03-06 00:30 <DIR> d-------- d:\program files\CA(2)

2009-02-26 01:15 . 2009-02-27 00:56 36 -r-h----- d:\windows\sued.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-23 18:26 --------- d--h--w d:\program files\InstallShield Installation Information

2009-03-10 18:18 --------- d-----w d:\documents and settings\Administrator\Application Data\WinPatrol

2009-03-06 06:26 --------- d-----w d:\documents and settings\All Users\Application Data\CA

2009-02-27 06:39 --------- d-----w d:\program files\MSECache

2009-02-27 03:35 --------- d-----w d:\program files\Unlocker

2009-02-27 00:08 --------- d-----w d:\program files\HP

2009-02-26 00:55 --------- d-----w d:\documents and settings\Administrator\Application Data\FrostWire

2009-02-26 00:54 --------- d-----w d:\documents and settings\Administrator\Application Data\LimeWire

2009-02-25 22:36 --------- d-----w d:\documents and settings\Administrator\Application Data\IObit

2009-02-25 03:42 --------- d-----w d:\program files\CCleaner

2009-02-23 20:34 --------- d-----w d:\program files\MSBuild

2009-02-23 20:33 --------- d-----w d:\program files\Reference Assemblies

2009-02-23 19:44 --------- d-----w d:\program files\Microsoft Works

2009-02-23 19:44 --------- d-----w d:\program files\Microsoft ActiveSync

2009-02-23 19:44 --------- d-----w d:\program files\Common Files\L&H

2009-02-23 15:35 --------- d-----w d:\program files\Common Files\HP

2009-02-23 15:32 --------- d-----w d:\program files\Hewlett-Packard

2009-02-23 15:30 --------- d-----w d:\program files\Common Files\Hewlett-Packard

2009-02-23 06:30 --------- d-----w d:\program files\Windows Media Connect 2

2009-02-23 00:59 --------- d-----w d:\documents and settings\Administrator\Application Data\GlarySoft

2009-02-23 00:55 --------- d-----w d:\program files\Glary Utilities

2009-02-22 21:58 --------- d-----w d:\program files\CyberLink

2009-02-22 21:58 --------- d-----w d:\documents and settings\All Users\Application Data\CyberLink

2009-02-22 21:30 --------- d-----w d:\program files\Common Files\InstallShield

2009-02-22 21:08 --------- d-----w d:\program files\Intel

2009-02-22 20:11 --------- d-----w d:\program files\microsoft frontpage

.

------- Sigcheck -------

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 d:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys

2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 d:\windows\system32\drivers\ip6fw.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="d:\windows\System32\ctfmon.exe" [2003-03-31 13312]

"Arovax Shield"="d:\program files\Arovax Shield\ArovaxShield.exe" [2007-04-26 1214576]

"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="d:\windows\System32\igfxtray.exe" [2005-01-23 155648]

"HotKeysCmds"="d:\windows\System32\hkcmd.exe" [2005-01-23 126976]

"XFILTER"="d:\program files\Filseclab\xfilter\xfilter.exe" [2005-07-27 897284]

"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 d:\windows\ALCXMNTR.EXE]

d:\documents and settings\All Users\Start Menu\Programs\Startup\

Filseclab Messenger.lnk - d:\program files\Common Files\Filseclab\FilMsg.exe [2009-03-23 315652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0siE\0SsiEfr.exsprestrt

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

backup=d:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

--a------ 2009-02-22 14:45 2272592 d:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 19:12 1695232 d:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"vsmon"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:DCOM(135)

R0 avgntmgr;avgntmgr;d:\windows\system32\drivers\avgntmgr.sys [2009-03-23 22360]

R0 XPacket;Filseclab Packet Filter;d:\windows\system32\xpacket.sys [2009-03-23 124752]

R1 avgntdd;avgntdd;d:\windows\system32\drivers\avgntdd.sys [2009-03-23 45416]

R1 dtd;dtd;d:\program files\Arovax Shield\dtd.sys [2007-04-24 42112]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-23 108289]

S0 Lbd;Lbd;d:\windows\System32\DRIVERS\Lbd.sys --> d:\windows\System32\DRIVERS\Lbd.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2009-03-23 d:\windows\Tasks\Ad-Aware Update (Weekly).job

- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rr.com/

IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

LSP: d:\program files\Filseclab\xfilter\XFILTER.DLL

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 22:55:23

Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

d:\windows\System32\ODBC32.dll

d:\windows\System32\msctfime.ime

- - - - - - - > 'lsass.exe'(692)

d:\program files\Filseclab\xfilter\XFILTER.DLL

d:\windows\System32\dssenh.dll

.

------------------------ Other Running Processes ------------------------

.

d:\windows\system32\WgaTray.exe

d:\program files\Avira\AntiVir Desktop\avguard.exe

d:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

d:\windows\system32\HPZipm12.exe

.

**************************************************************************

.

Completion time: 2009-03-25 22:58:07 - machine was rebooted [Administrator]

ComboFix-quarantined-files.txt 2009-03-26 03:58:03

Pre-Run: 82,750,623,744 bytes free

Post-Run: 82,673,278,976 bytes free

270 --- E O F --- 2009-03-25 12:28:59

log_1.txt

log_1.txt

Link to post
Share on other sites

  • Staff

Hi,

First of all, is there any reason why your Windows is outdated?

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Also, not sure what steps you've done previously, but it looks like... Or you are dealing with a Fileinfector, or you've done a Windows repair install (I think it's the second one), so please let me know in your next reply as well, because it's confusing otherwise.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.