# I have a hijackthis log if it will help?

Discussion in 'Virus & Other Malware Removal' started by elillo440, Jan 25, 2013.

Not open for further replies.

Joined:
Jan 25, 2013
Messages:
7
I have been having issues with an error message popping up when I start this computer in the office and I have run a scan with McAfee and Malwarebytes both found problems and fixed them but this still keeps coming up
RUNDLL
The specified module could not be found
then it just gives me the option to click ok, the computer doesn't seem to be having any other issues but I just cant figure out how to get rid of this error message can anyone help? ill attach a hijackthis log on here if anyone could take a look at that and tell me what it is that my need to delete/can delete? Any help would be GREATLY appreciated

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:33 AM, on 1/25/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Misys\apps\tig910\bin\MFLMWin.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Misys\apps\tig910\bin\mflmma.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\SecureLink\bin\Wrapper.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\SecureLink\java\bin\java.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe C:\WINDOWS\system32\lexpps.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 172.20.1.2 m6176 O1 - Hosts: 172.20.1.2 m6176 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120515112325.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\F3SCRCTR.DLL,LES O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZR O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com (HKLM) O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM) O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://access.midmichigan.net/dana...a/term/winlaunchterm.cgi?op=DownloadCitrixCab O16 - DPF: {30FE6A1F-2927-421A-AAAE-78C73ECF0100} (Fiserv BANKLINK Panini My Vision X30, X60 Scanner Control) - https://www.wolverinebank.blilk.com...erControl.Panini.MyVision.X30.X60.7.4.2.0.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147115489732 O16 - DPF: {C5667D43-B4EC-47FE-AE17-AF4223265B0B} (Fiserv BANKLINK Scanner Control Image Interface) - https://www.wolverinebank.blilk.com...erControl.Panini.MyVision.X30.X60.8.2.1.0.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = w6176dom.com O17 - HKLM\Software\..\Telephony: DomainName = w6176dom.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8D81B34E-4AC5-47FB-B338-959531399890}: NameServer = 172.20.1.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = w6176dom.com O17 - HKLM\System\CS1\Services\Tcpip\..\{8D81B34E-4AC5-47FB-B338-959531399890}: NameServer = 172.20.1.2 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = w6176dom.com O17 - HKLM\System\CS2\Services\Tcpip\..\{8D81B34E-4AC5-47FB-B338-959531399890}: NameServer = 172.20.1.2 O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O20 - Winlogon Notify: uvncnotify - uvncnotify.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Micro Focus License Manager - Micro Focus - C:\Misys\apps\tig910\bin\MFLMWin.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: RssUVNC - UltraVNC - C:\Program Files\SecureLink\bin\SLinkSW\rssuvnc.exe O23 - Service: RssVNC Server (RssVNC) - RealVNC Ltd. - C:\Program Files\SecureLink\bin\SLinkSW\rssvnc.exe O23 - Service: McAfee Peer Distribution Service (RumorServer) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: SecureLink Gatekeeper (slinksc) - Unknown owner - C:\Program Files\SecureLink\bin\Wrapper.exe -- End of file - 9864 bytes 2. ### Mark1956 Joined: May 7, 2011 Messages: 14,142 Please run these two scans and post the logs: SCAN 1 Click on this link to download : ADWCleaner and save it to your desktop. NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again. Close your browser and click on this icon on your desktop: You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post. SCAN 2 Download RogueKiller (by tigzy) and save direct to your Desktop. On the web page click on this: • Quit all running programs • Start RogueKiller.exe • Wait until Prescan has finished. • Ensure all boxes are ticked under "Report" tab. • Click on Scan. • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply. • NOTE: DO NOT attempt to remove anything that the scan detects. 3. ### elillo440Thread Starter Joined: Jan 25, 2013 Messages: 7 RogueKiller V8.4.3 [Jan 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : JeanB [Admin rights] Mode : Scan -- Date : 01/30/2013 10:19:37 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8D81B34E-4AC5-47FB-B338-959531399890} : NameServer (172.20.1.2) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{8D81B34E-4AC5-47FB-B338-959531399890} : NameServer (172.20.1.2) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 172.20.1.2 m6176 #Server #Server #Server ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD400BD-75JMC0 +++++ --- User --- [MBR] 3bd9e4b9cca7a1c4e03071510e798500 [BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 38091 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SMI USB DISK USB Device +++++ --- User --- [MBR] e4ddf119824ec11801c835c0bca8a524 [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 48 | Size: 3823 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_01302013_02d1019.txt >> RKreport[1]_S_01302013_02d1019.txt having trouble with the ADWCleaner though I cant get it to install onto the computer I either get a pop up window saying Opeing adwcleaner.exe C:\DOCUME~1\jeanb\LOCALS~1Temp\ee+VO5Va.exe.part could not be saved, because the source file could not be read. try again later, or contact the server administrator. then the option to click ok or I have also gotten a couple pages that went to Gateway Anti-virus Alert The request is blocked by the SonicWALL Gateway Anti-Virus Service. Name: KILLAV.NOP (Trojan) I have tried downloading this on a different computer and running it off a flash drive and I still can't get it to work if I try it off the flash drive i get a pop up window saying F:\adwcleaner.exe F:\adwcleaner.exe is not a valid Win32 Application then the option to click ok 4. ### Mark1956 Joined: May 7, 2011 Messages: 14,142 Sounds like ADWCleaner is being blocked by your Anti Virus, you will not get it to run off a Flash Drive by the method you are using. Try disabling your Anti Virus with the PC disconnected from the internet. The DLL error you are getting relates to a file belonging to MyWebSearch which is known Adware, ADWCleaner should find and remove it. Let me know how it goes, if it is still a problem we can try something else. 5. ### elillo440Thread Starter Joined: Jan 25, 2013 Messages: 7 yea I disabled the virus protection and all and it still wont install, I am having a hard time even getting it to download. 6. ### Mark1956 Joined: May 7, 2011 Messages: 14,142 Try this: Please download RKill There are three buttons to choose from with different names on, select the first one and save it to your desktop. • Double-click on the Rkill desktop icon to run the tool. • If using Vista or Windows 7, right-click on it and Run As Administrator. • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. • If not, delete the program, then download and use the second button in the download link. • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.You will find further links if you scroll down the page with other names, try them one at a time. • If the tool does not run from any of the links provided, please let me know. Once the tool has run DO NOT REBOOT try running ADWCleaner again. Let me know what happens. 7. ### elillo440Thread Starter Joined: Jan 25, 2013 Messages: 7 still a no go, I really appreciate all the help though. This is what I got from rkill Rkill 2.4.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/06/2013 04:45:18 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (PID: 1268) [FI] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * Security Center (wscsvc) is not Running. Startup Type set to: Automatic Searching for Missing Digital Signatures: * C:\WINDOWS\System32\drivers\mqac.sys [NoSig] +-> C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys : 72,960 : 07/06/2007 00:52 AM : d92fce6729ee150a15a7cdbc433f390e [Pos Repl] +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB937894$\mqac.sys : 72,960 : 08/04/2004 00:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB971032\$\mqac.sys : 72,960 : 07/06/2007 00:05 AM : 157a32ddc6a019a4e31b19d604d2f127 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\SYSTEM32\DLLCACHE\mqac.sys : 91,776 : 06/22/2009 02:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
172.20.1.2 m6176

8. ### Mark1956

Joined:
May 7, 2011
Messages:
14,142
Just before we move on, you stated in your opening post "when I start this computer in the office" is this a business owned PC?

Joined:
Jan 25, 2013
Messages:
7
yea its at the office my mom works at, just a couple computers in there. why?

10. ### Mark1956

Joined:
May 7, 2011
Messages:
14,142
Sorry for he delay. PC's used by businesses often have policies put in place by the IT department which our tools may remove so we do not offer help with any PC that is the direct responsibility of an IT department.

Please can you confirm that the business does not have an IT department.

Policies put in place by the company could be the reason why ADWCleaner will not run.

Joined:
Jan 25, 2013
Messages:
7
ill make some phone calles and let you know, thank you

12. ### Mark1956

Joined:
May 7, 2011
Messages:
14,142
You're welcome, I'll wait to hear from you.

Joined:
Jan 25, 2013
Messages:
7
They said when they first got the computers, many years ago they had an IT number to call for support but that has long expired and its just up to the people in the office to keep the computers running which none of them have a clue when it comes to computers haha

14. ### Mark1956

Joined:
May 7, 2011
Messages:
14,142
Ok, thanks for the confirmation.

STEP 1

• Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
• Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
• Malwarebytes will automatically check for updates as soon as it is launched.
• If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Double click on the Malwarebytes icon on your desktop to launch the program
• Under the Scanner tab, make sure the Perform Quick Scan option is selected.
• Click on the Scan button.
• When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
• NOTE: If no detections are found a log will automatically open in Notepad, please copy and paste the log back here and close all windows, in this case you do not need to continue.
• Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked and then click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
• Exit Malwarebytes when done.

If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

STEP 2

• Shutdown your antivirus to avoid any conflicts.
• Double click on JRT.exe.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

As Seen On