Please understand that the people who help you here are all volunteers. Most of us try to provide you with information you need to resolve your problem. That information will include directions about running a program if one is suggested.
You're changing your focus so let's try to get back on track. If you are willing to do that, I will help you. I'm hoping you'll get rid of the edge you seem to have.
My logs are in the attachments, make sure you read them.
hmmm, how come Malwarebytes didn't manage to pick up those infected files with Rogue.Crusader?
The malware on the first Mbam log was found. Here's the description of it::
http://remove-malware.net/how-to-remove-crusader-antivirus-rogue-anti-spyware/
When you ran Malwarebytes the first time, you did not do this:
Make sure that everything is checked, and click Remove Selected.
So all of the entries for the malware show
No Action Taken or more simply put, the malware was found and was still on your system.
c:\program files\game folder\nodtronics pty ltd\50 Blockbuster Games (Volume 1)\Games\Crusaders Of Space\Cos.exe (Rogue.Crusader) -> No action taken.
I don't know where you downloaded Malwarebytes or why you decided to run only it, instead of following the steps we ask you to. Had you done that- even if you chose only to run Malwarebytes, you would have seen this line in the instructions: More simply put, you did not read the directions- so forget coming down on Malwarebytes!
As for this:
huh? so now you want to compare Avast with AVG now eh?
Get rid of that attitude, okay? You want help? Follow what we ask you to do, taking care tor read the directions carefully.
I'm ignoring all those other links you threw in.
Please print out the directions I give you so you can follow them as you go along.
You're behind in updates: This leaves your system more vulnerable: Platform: Windows Vista SP1.So somewhere along the line you should do this:
Visit the
Microsoft Download Sitefrequently.
You should get
All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista>
SP2
It also looks like the AVG is outdated. You should be running v9.
Please reopen the HijackThis log to
'do system scan only'.. Check each of the following if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = currently used by Eih_TCSN (I cannot identify this entry- can you?)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)> IOBit
R3 - URLSearchHook: (no name) - *{707db484-2428-402d-afb5-d85b387544c7} - (no file)> Mario
O1 - Hosts: ::1 localhost
O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - (no file)
Are you aware or did you set a restriction in the Control Panel? IF you did or are aware of it, leave it. If you did not, check for removal:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Close all Windows except HijackThis and click on
"Fix Checked."
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
Important! Save the renamed download to your desktop.
- Double click on the setup file on the desktop to run
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
- Query- Recovery Console image
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Eset NOD32 Online AntiVirus Scanner HERE
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Plase leave the Combofix report, the Eset scan log and a new HijackThis log after a rescan in your next reply.