Trojan.Vundo.H

[Murraym33]

Hi there, I've had this Trojan.Vundo.H for a little while, not sure why I haven't seeked help sooner but even with Malwarebytes I run the scan and remove it and as soon as I boot up again its back.

Here is my Hijack This Log, it says MSIE: Internet Explorer, but I use Firefox?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:37:41, on 03/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

H:\Program Files\Belkin\F5D7051\WLService.exe

H:\Program Files\Belkin\F5D7051\WLanCfgG.exe

H:\Program Files\Bonjour\mDNSResponder.exe

H:\Program Files\Kontiki\KService.exe

H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

H:\WINDOWS\system32\tcpsvcs.exe

H:\WINDOWS\system32\slserv.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\SOUNDMAN.EXE

H:\WINDOWS\system32\VTTimer.exe

H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

H:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

H:\WINDOWS\system32\RunDll32.exe

H:\Program Files\iTunes\iTunesHelper.exe

H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

H:\WINDOWS\system32\rundll32.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Messenger\msmsgs.exe

H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

H:\Program Files\uTorrent\uTorrent.exe

H:\Program Files\TomTom HOME 2\HOMERunner.exe

H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

H:\WINDOWS\System32\svchost.exe

H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

H:\Program Files\iPod\bin\iPodService.exe

H:\Program Files\Common Files\Teleca Shared\Generic.exe

H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\Program Files\Windows Live\Messenger\usnsvc.exe

H:\Documents and Settings\Murray\My Documents\Firefox Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {0cade8a3-23d7-44ec-b3d8-100087c8789e} - H:\WINDOWS\system32\yatehaje.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: {b2688f73-0d69-32aa-dac4-42c19be25e9b} - {b9e52eb9-1c24-4cad-aa23-96d037f8862b} - H:\WINDOWS\system32\kczilb.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - H:\Program Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [4oD] "H:\Program Files\Kontiki\KHost.exe" -all

O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [REGSHAVE] H:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [RemoteControl] H:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe

O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor

O4 - HKLM\..\Run: [updReg] H:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [kehuvugevo] Rundll32.exe "H:\WINDOWS\system32\hayeluze.dll",s

O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\sufokiyu.dll",b

O4 - HKLM\..\Run: [CPM37b6f935] Rundll32.exe "h:\windows\system32\niwofuzu.dll",a

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [RssReader] "H:\Program Files\RssReader\RssReader.exe"

O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "H:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [iMC] H:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe

O4 - HKCU\..\Run: [kdx] H:\Program Files\Kontiki\KHost.exe -all

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [kehuvugevo] Rundll32.exe "H:\WINDOWS\system32\hayeluze.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: ASUS

O4 - Global Startup: ExifLauncher2.lnk = H:\Program Files\FinePixViewer\QuickDCF2.exe

O8 - Extra context menu item: &Download by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.antimalwareguard.com

O15 - Trusted Zone: *.antispyexpert.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.imageservr.com

O15 - Trusted Zone: *.imagesrvr.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.spyguardpro.com

O15 - Trusted Zone: *.storageguardsoft.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusremover2008.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)

O15 - Trusted Zone: *.antispyexpert.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.spyguardpro.com (HKLM)

O15 - Trusted Zone: *.storageguardsoft.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusremover2008.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195659070936

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: lmmmtc.dll kczilb.dll h:\windows\system32\kewevuro.dll H:\WINDOWS\system32\lipoyiya.dll H:\WINDOWS\system32\loviheti.dll h:\windows\system32\botajida.dll h:\windows\system32\niwofuzu.dll h:\windows\system32\yegusaso.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - h:\windows\system32\niwofuzu.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - h:\windows\system32\niwofuzu.dll

O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - H:\Program Files\Belkin\F5D7051\WLService.exe

O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - H:\Program Files\Kontiki\KService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - H:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - H:\WINDOWS\SYSTEM32\slserv.exe

--

End of file - 13319 bytes

[AdvancedSetup]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location.
  

Update Java Runtime

The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 11.

• Go to http://java.sun.com/javase/downloads/index.jsp
• Go to Java Runtime Environment (JRE) 6 Update 11 about half way down the page and click on the Download button.
  
• In Platform box choose Windows.
  
• Check the box to Accept License Agreement and click Continue.
  
• Click on Windows Offline Installation, click on the link under it which says jre-6u11-windows-i586-p.exe and save the downloaded file to your desktop.
  
• Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
  
• Uncheck the Toolbar button (unless you want the toolbar)
  

Please run the following

Start HJT and do a Scan Only and place a check mark on the following entries

O2 - BHO: (no name) - {0cade8a3-23d7-44ec-b3d8-100087c8789e} - H:\WINDOWS\system32\yatehaje.dll (file missing)

O2 - BHO: {b2688f73-0d69-32aa-dac4-42c19be25e9b} - {b9e52eb9-1c24-4cad-aa23-96d037f8862b} - H:\WINDOWS\system32\kczilb.dll

O4 - HKLM\..\Run: [kehuvugevo] Rundll32.exe "H:\WINDOWS\system32\hayeluze.dll",s

O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\sufokiyu.dll",b

O4 - HKLM\..\Run: [CPM37b6f935] Rundll32.exe "h:\windows\system32\niwofuzu.dll",a

O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [kehuvugevo] Rundll32.exe "H:\WINDOWS\system32\hayeluze.dll",s (User 'LOCAL SERVICE')

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.antimalwareguard.com

O15 - Trusted Zone: *.antispyexpert.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.imageservr.com

O15 - Trusted Zone: *.imagesrvr.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.spyguardpro.com

O15 - Trusted Zone: *.storageguardsoft.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusremover2008.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)

O15 - Trusted Zone: *.antispyexpert.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.spyguardpro.com (HKLM)

O15 - Trusted Zone: *.storageguardsoft.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusremover2008.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O20 - AppInit_DLLs: lmmmtc.dll kczilb.dll h:\windows\system32\kewevuro.dll H:\WINDOWS\system32\lipoyiya.dll H:\WINDOWS\system32\loviheti.dll h:\windows\system32\botajida.dll h:\windows\system32\niwofuzu.dll h:\windows\system32\yegusaso.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - h:\windows\system32\niwofuzu.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - h:\windows\system32\niwofuzu.dll

Then click on Fix checked then quit HJT

Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
    
  • Click Update
    

  [*]When the update is complete, select the Scanner tab

  [*]Select Perform quick scan, then click Scan.

  [*]When the scan is complete, click OK, then Show Results to view the results.

  [*]Be sure that everything is checked, and click Remove Selected.

  [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

Then RESTART the computer again and AFTER the restart run HJT Scan and save log

Post back the NEW MBAM and HJT logs