Pop up Virus

Acer / Aspire sa90
March 21, 2009 at 10:51:19
Specs: Microsoft Windows Vista Home Premium, 2.2 GHz / 1022 MB
After clearing the redirect google virus I had (thank you for all your help!) I now appear to have something else! The pop ups are still trying to open but i think the security i have is blocking them but now when i go into history there are loads of porn sites that look like they have been opened? I have run a kaspersky scan which hasn't found anything and I thought I was keeping on top of scanning for virus' etc and nothing has been found in the last couple of weeks. Ebay also appears on my list a lot when i know i haven't been on it? Any advice please?

See More: Pop up Virus

Report •

March 22, 2009 at 00:07:03
It is possible that you are either still infected or have gotten re-infected.

Please read through these instructions and print them out if needed. If you have any questions, please ask them before starting this procedure. Please do the steps in the order that they are listed for the best results. Also, although it may seem like the infection is cleaned after performing these steps, please stay with me until I let you know that your machine is "all-clear" for best results.

Here is what I need you to do. First of all, download DDS from here and save it to your desktop.

Next, download GMER from here. Be sure to click the button marked "Download EXE" to download GMER as a randomly named .exe file. This is needed as some rootkits look for and hide from GMER or prevent it from running.

Once you have both of those downloaded, please disable any script blocking program you might have and run DDS.scr. When it is done, DDS will open two (2) logs. They are named DDS.txt and Attach.txt. Please save both reports to your desktop.

Then run GMER. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked for you. Please Uncheck the following boxes: Sections, IAT/EAT, any Drives/Partitions other than the Systemdrive (typically C:\), and Show All (be sure not to miss this one!) Now click on the Scan button and wait for it to finish. Once it is done scanning, click the "Save..." button and in the file name area type in gmerscan.txt.

Please copy and paste the contents of the dds.txt log to this thread. As for the attach.txt log and gmerscan.txt logs, please send them as an attachment to the email address I have provided for you in the private message that I just sent you.

Once I have a chance to check these logs I will be able to better determine what our next steps should be.

If you have any questions, please let me know.

MOS Master Certified
MCP Certified
CCNA Certificate Pending
A+ Certificate Pending

"I have gone to find myself. If I get back before I return, please tell myself to wait." :

Report •

March 22, 2009 at 12:33:03

DDS (Ver_09-03-16.01) - NTFSx86
Run by tracy at 19:17:16.15 on 22/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1023.331 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.9.24.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Acer Tour Reminder]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [SMSTray] c:\program files\samsung\emodio\SMSTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send Image to Photo Library - file://c:\program files\mgi\mgi photosuite iii se\temp\MGI00000.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.9.24.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://sky.oberon-media.com/online2/sandscript/SandScript.
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-3-20 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-3-20 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-3-20 482352]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090310.003\IDSvix86.sys [2009-3-11 292912]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\\ccSvcHst.exe [2009-3-20 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2006-1-6 46592]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1005000.087\symndisv.sys [2009-3-20 39984]
S2 gupdate1c99f6b658a6cb4;Google Update Service (gupdate1c99f6b658a6cb4);c:\program files\google\update\GoogleUpdate.exe [2009-3-7 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-2-1 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-2-1 8320]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2006-1-6 432504]

=============== Created Last 30 ================

2009-03-21 22:04 <DIR> --d----- c:\windows\LastGood.Tmp
2009-03-21 20:24 <DIR> --d----- C:\toolbox
2009-03-12 23:45 <DIR> --d----- c:\program files\Microsoft
2009-03-11 16:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 16:58 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 16:58 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 16:58 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-11 16:58 268,288 a------- c:\windows\system32\schannel.dll
2009-03-11 16:58 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-07 21:25 <DIR> --d----- c:\programdata\Google Updater
2009-03-06 23:52 <DIR> --d----- c:\users\tracy\appdata\roaming\BrandX Games
2009-03-06 23:49 <DIR> --d----- c:\windows\Mae Q West and the Sign of the Stars
2009-03-06 23:49 <DIR> --d----- c:\program files\Mae Q West and the Sign of the Stars
2009-03-05 01:08 <DIR> --d----- C:\toolbox(14)
2009-03-05 01:01 <DIR> --d----- c:\users\tracy\CD95F661A5C444F5A6AAECDD91C240B7.TMP
2009-03-05 00:26 <DIR> --d----- c:\users\tracy\appdata\roaming\Uniblue
2009-03-05 00:25 <DIR> -cd-h--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-05 00:25 <DIR> -cd-h--- c:\progra~2\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-05 00:09 <DIR> --d----- c:\program files\Norton Support
2009-03-04 23:59 <DIR> --d----- C:\HiTRUSTDrive
2009-03-04 23:35 <DIR> --d----- c:\programdata\WinZipEC
2009-03-04 23:35 <DIR> --d----- c:\progra~2\WinZipEC
2009-03-01 23:01 <DIR> --d----- c:\program files\GameHouse
2009-03-01 18:36 <DIR> --d----- c:\programdata\Reflexive
2009-03-01 18:36 <DIR> --d----- c:\progra~2\Reflexive
2009-03-01 18:36 <DIR> --d----- c:\windows\The Wizards Pen
2009-03-01 18:36 <DIR> --d----- c:\program files\The Wizards Pen
2009-03-01 12:15 <DIR> --d----- c:\users\tracy\appdata\roaming\SerpentOfIsis
2009-02-24 21:38 <DIR> --d----- c:\users\tracy\appdata\roaming\AJ SQUARE INC
2009-02-21 16:44 <DIR> --d----- c:\program files\Cooking Quest

==================== Find3M ====================

2009-03-21 22:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-21 22:06 51,200 a------- c:\windows\inf\infpub.dat
2009-03-21 22:06 86,016 a------- c:\windows\inf\infstor.dat
2009-03-20 23:29 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-20 23:29 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-20 23:29 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-12 09:03 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-03-08 10:38 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-04 07:29 4,303,360 a------- c:\windows\system32\drivers\atikmdag.sys
2009-02-04 05:02 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-04 05:00 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-02-04 05:00 348,160 a------- c:\windows\system32\atipdlxx.dll
2009-02-04 05:00 274,432 a------- c:\windows\system32\Oemdspif.dll
2009-02-04 05:00 11,264 a------- c:\windows\system32\atimuixx.dll
2009-02-04 05:00 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-04 04:59 286,720 a------- c:\windows\system32\Ati2evxx.dll
2009-02-04 04:58 729,088 a------- c:\windows\system32\Ati2evxx.exe
2009-02-04 04:43 3,903,488 a------- c:\windows\system32\atiumdag.dll
2009-02-04 04:22 4,905,472 a------- c:\windows\system32\atiumdva.dll
2009-02-04 04:11 11,366,400 a------- c:\windows\system32\atioglxx.dll
2009-02-04 04:07 51,712 a------- c:\windows\system32\amdpcom32.dll
2009-02-04 04:07 131,072 a------- c:\windows\system32\atiadlxx.dll
2009-02-04 03:54 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:01 57,344 a------- c:\windows\system32\aticalrt.dll
2009-02-04 03:01 53,248 a------- c:\windows\system32\aticalcl.dll
2009-02-04 02:58 3,252,224 a------- c:\windows\system32\aticaldd.dll
2009-02-01 14:59 92,849,434 a------- c:\windows\system32\xa21622456.exe
2009-02-01 14:59 92,849,434 a------- c:\windows\system32\xa21618041.exe
2009-01-15 06:11 827,392 a------- c:\windows\system32\wininet.dll
2008-12-02 18:09 638 a------- c:\users\tracy\appdata\roaming\wklnhst.dat
2008-06-14 17:52 174 a--sh--- c:\program files\desktop.ini
2008-06-14 17:39 665,600 a------- c:\windows\inf\drvindex.dat
2007-11-29 04:12 182,002,016 a------- c:\users\tracy\Nero-
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:19:16.24 ===============

Report •

March 23, 2009 at 00:04:09
did you use a removal tool to remove google search redirect hijacker? if so than use this manual guide http://darfuns.com/remove-google-se...
it seems your pc is infected by a spyware now, spywares,adwares are used to spy and spam and these virues show unwanted popup adverts on your pc when your pc gets infected by spywares. you should run this free spyware program to get ride of popups http://darfuns.com/download-super-a...

Report •

Related Solutions

March 23, 2009 at 08:22:02
Without seeing the other 2 logs, I am not completely sure what you may have.

To be safe, please download Malwarebytes Anti-Malware from one of the following sites:

Malwarebytes Download Link 1

Malwarebytes Download Link 2

Please rename the setup file, mbam-setup.exe, before you download it. To do this simply change the name in the file name box from mbam-setup.exe to MB-tool.exe when the "enter name of file to save to" box appears after you click on the download link. Make sure to save the file to your desktop or some other easily accessible location, then click Save.

Now, double click on MB-tool.exe to install the program.

Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program finds an update, it will download and install the latest version.

Once the program has loaded, check to make sure that the option "Perform Quick Scan" is selected, then click Scan.

The scan may a while to finish, so please be patient.

When the scan is complete, click OK to the message, then click Show Results to view the results.


Make sure that everything found is checked, and click the button marked Remove Selected.

When the program is done performing the removal process, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts. Make sure that ALL NO OTHER PROGRAMS ARE RUNNING AND ALL OTHER WINDOWS ARE CLOSED, then click OK to either and let MBAM proceed with the cleaning process, if asked to restart the computer,please do so immediately.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Please Copy&Paste the entire report in your next reply.

If you have any questions, please ask me.

MOS Master Certified
MCP Certified
CCNA Certificate Pending
A+ Certificate Pending

"I have gone to find myself. If I get back before I return, please tell myself to wait." :

Report •

Ask Question