Posts by jholland1964

Well you obviously have a hijacker on the computer for sure and likely other items. Obviously when Sygate alerts you to this access request be sure to block it.
Please TURN OFF ALL unnecessary programs for now until we get this thing or things off of there.
PunkBuster
Steam
Quicktime
iPod
Windows Media Player
Spybot - Search & Destroy
Acrobat Reader
Windows Live Messenger
Are the ones I see, any others you can think of do the same.

Please do the following:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Update your MBA-M program.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the …

To ALL EXCEPT original poster Inlovewithnight, you need to begin YOUR OWN threads and not hijack another person's thread. NO two computers are identical and even though problems may seem identical they rarely are. You can follow the instructions I give to Inlovewithnight but post the results on your OWN threads.

Inlovewithnight,
Please do the following:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

You have at least one trojan on the system, maybe more. MBA-M should have found those. Update the program and run it again, a Full system scan. Be sure that everything is checked, and click Remove Selected.
Reboot the computer.
Run HiJackThis again and place check marks next to the following if they remain,
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKCU\..\Run: [SystemManger] C:\Program Files\Internet Explorer\iexplorer.exe
O4 - HKUS\S-1-5-21-1935655697-1897051121-725345543-500\..\Run: [SystemManger] C:\Program Files\Internet Explorer\iexplorer.exe (User '?')
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

Click the Fix Checked button. Exit HJT.
Reboot the computer.
Run a new HJT scan and post that log.

You are certainly right about that! I would recommend either Avira Free or Avast Free. Both are excellent and highly recommended. Both often rank much higher than McAfee.

I use Avira Free and love it. Only annoyance is a large pop-up that comes up each day when the program auto updates, nagging you to purchase the Pro version. All you do is "X" out of it. There is a registry "tweak" you can use to get rid of that but I hate to mess with the registry and it is only a slight annoyance that I have learned to ignore.

I love the program, not intrusive, not filled with bloat like McAfee. Works great! I know others who use Avast and like it well also. I tried both and chose Avira

active x isn't working and i get blank page with yahoo messenger...and i can't download...i tried to download firefox and it wouldn't let me..

Try turning off McAfee and see what happens.

Is everything working now? If not, what ISN'T working? You have to keep me up to date, otherwise I have no way of knowing.

There are some programs you need to remove:
RegCure 1.5.2.7
AVS Registry Cleaner version 1.1
AML Free Registry Cleaner 4.18

Registry Cleaners are like playing with Fire. They are not needed. Remove these.

AIM 6-is this AOL Instant Messenger...did you download this yourself? If you didn't Uninstall this
Java(TM) 6 Update 6-old entry, remove it.
NetZero Internet and Voice Offer-do you use NetZero? If not uninstall it.

I would say probably all is good if none of those show anymore in the HJT logs.

No, no, not done yet, still some things to be done. You need to run HiJackThis again. Place a check mark next to the following entries:

O17 - HKLM\System\CCS\Services\Tcpip\..\{C9795B23-821A-4994-9D98-B77E1CB144B1}: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5851B7F-C77E-4796-9104-A12BA8788BDA}: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185

Once you have placed the check marks then click the Fix Checked button. Exit HJT and then Reboot the computer.

The reason I asked for your location was the O17 entries above correspond to a location in Odessa, Ukraine, rather than YOUR actual location in Crawley, England, meaning you had a Domain Hack on the computer. Domain hacks are when the Hijacker changes the DNS servers on your machine to point to their own server, where they can direct you to any site they want.
Now MBA-M removed the Trojans associated with the hack but these had to be removed also.
You also might tell your brother that by using Keygen.exe on YOUR computer it can open a "backdoor" to your computer, which you are unaware of, allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data.

While your MBA-M scan did remove a lot of items you didn't update it immediately before runnng it. The current database is 2252 while the database version in your log shows 2182. MBA-M updates frequently and should ALWAYS be updated before running scans. Please update and run it again, removing anything found. Then run another HJT scan. Post back with both new logs.
By the way, what country and city are you located in?

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

I have run a-squared and found nothing I think was worth looking at.

We NEED to see ALL logs, what may look innocent may be "guilty".
Please do the following:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the Computer.

Next run a NEW HJT scan and save the log. Copy/Paste both logs back here.

Yeah I see.
Well thanks for your help :P

By changing my password into a much stronger one, would that prevent that account for spending MSN spam to other people?

That was the point of the whole thread wasn't it, to stop this from happening? Your passwords were compromised if the account was sending spam even when you personally had not logged in...that means "somebody" was using the account because the password had been figured out.
Really the choice is yours and yours alone. You can do what you want to do, I was just giving the information it is up to you to decide what to do.

But I want MSN messenger to start automatically when I boot up my computer, so I can sign in using another msn account I have.

You certainly can do this, but why risk it?
Honestly, there is no reason for this. MSN Messenger can very easily be started manually with a click on the icon. Since you have all ready had this happen with one account, frankly I wouldn't risk it happening again. You have seen how easily this happens. But the choice is yours.

You didn't follow the instructions which clearly say:

* Be sure that everything is checked, and click Remove Selected.
Reboot the computer
Then run a new HJT scan. Post back with both logs.

Please update MBA-M again and follow the instructions.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer
Then run a new HJT scan. Post back with both logs.

not to sound dumb

Hey it is never "dumb" to ask a question to be sure before attempting something.
Go to Control Panel, Add/Remove, Internet Explorer8 and Uninstall. It should automatically roll you back to IE 7.

Many folks are having problems with IE 8. No two computers are exactly alike would be the reason why it works on one computer and not another.

If all this happened AFTER IE 8 was installed then roll back to IE7.

Is this the same computer in this thread?
Reason you may not have received a reply on that one is you have multiple other threads that you have begun and then have not returned to complete. There are only a few of us here who work on these, we generally stick with those we know who are completing steps requested and return.
If you are going to stick with this until the very end then help is offered, but if you disappear again that probably will be it.
How long has this been going on? Did this happen PRIOR to the install of IE 8 or after? Have you checked to be certain that ActiveX IS enabled in Tools, Internet Options? What are the settings in the Security Tab of IE? Too high and ActiveX will not work. Have you run a Full Scan with the anti-virus program? Have you run a Full Scan with MBA-M?

Ok this clarifies things, this is NOT only email spam but also Messenger Spam. If it is being sent even if you are not logged on this means that your password has been compromised on BOTH your MSN Messenger account and your Hotmail Account. You need to change BOTH passwords along with your security questions for both following the instructions below.
You also need to do the following:
Visit the Windows Live ID sign in website.
Enter your Windows Live ID credentials, and then click Sign in.
Go to Password, click Change.
Follow the on-screen instructions. Make sure you use a strong password, one that nobody can figure out but that you can easily remember. Also when you do this, make most of the letters small letters but have one of the middle letters be a capital letter so if it were your user name here it would read like pinKdiva and then add a number at the end...don't make it an easy number to figure out either...your birth year, your graduation year, an old house address number...something that cannot be easily figured out. Don't use the same password for any of them, be sure to write them down however since you want to make them not easy to crack.
You also need to be absolutely certain that MSN Messenger/ Windows Live Messenger DOES NOT START AUTOMATICALLY when you start the computer. You say it doesn't but according to your HJT log it clearly …

Friends of mine and my dad who have this email address receives this popups sometimes when they sign in on msn. My msn (address) pop ups and sends this message now and then.

I am somewhat confused here, you didn't say before it was a pop up you said it was spam email. There is a BIG difference between spam...which is an email message and a pop-up which is something that generally pops up in front of the browser...like an advertisement.
What IS the exact email message that is sent? Can you get a print screen of this pop-up? To do this, when it pops up hit the print screen key, generally on the top row of the keyboard to the right of the F12 key. Then open a photo editing program, place the cursor in there and go to Edit, Paste. The print screen or picture of the pop-up will then be placed on the photo program. Save it as a .jpg and attach it here.
There are two things I see in your HJT log #1 is you DON'T have an anti-virus program active on your computer...an absolute MUST and #2...I DO see an MSN Messenger program which auto starts when you turn on the computer. So you say you are not on MSN, you are on MSN from the minute the computer boots up.
The other thing I don't understand is you say....

Friends of mine and my dad who have this email address

do …

Is your computer still sending spam mail? What email program do you use?

Ok, you did the actions backwards. MBA-M should have been run FIRST and after that HJT. I need to seen another log from HJT which was run AFTER MBA-M

Those were the only instructions I found. What are these files actually, do you know?

1 - Open a Windows Explorer... You can do so by opening "My Computer"
2- in the menu bar at the top of the windows explorer you will find a "Tools" option.
3- In the tools option click "Folder Options"
4- click on the second tab "View"
5- Select the choice "Show hidden files and folders"
6- Click "Apply", then "Ok"

First of all, update your anti-virus program. Don't run it yet.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

AFTER the update is complete. Close the program, shut down the computer completely. Then UNPLUG the Internet Cable from the computer entirely. This way it won't be able to go online by itself.
Then reboot the computer.
First do a Full System Scan with your anti-virus program and remove all that is found.

Next Open MBA-M.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Once the scan and removal are finished again Shut Down the computer.
Re-attach the internet cable and reboot the computer. Then download HiJackThis and run a Full Scan with it, save the log.
Post back …

For one thing, you didn't update MBA-M. New version came out before I asked you to run it. Newest version is 1.37 and current database is 2184.
Please update the program and run it again.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Run a new HJT scan and save the log. Post back here with the MBA-M log and the HJT log.
Judy

I update manually.
I installed Avast which can be updated manually.
That day i found a malware though i have no internet connection.
Who said without internet connection ur computer is safe.
I usally go Cybercafe and bring some files using pen drive.
Don't u think my pen drive may have some vruses.
Anyway thank you.

You never stated this before. Of course files on a pen drive can contain viruses, but they should scanned BEFORE they are put onto the computer? They can be scanned ON the pen drive and if they are found infected then is when they should be removed not after installed on the computer. You have much less risk to key files on the computer if you do it this way. Set the pen drive so that it doesn't auto run and then use the Avast to scan the pen drive itself. That way you won't be introducing infection onto the computer.
The KEY is when you download something be sure you are using the legitimate download site to do so but I would also be very wary of using a public computer to get downloads, sounds to me like the computers there are infected. If by Cybercafe you mean an actual business with computers for public use.

We cannot offer any suggestions until we see some logs. Post a MBA-M log.

Hi jholland1964,
Thanx for knowing me about SpywareBlaster.
But .When i scanned using it found malware type virus named some WIN32.

Now i am using only Avst Home 4.8 and daily i update it manually.
I am shocked how Avast found this Malware virus though i don't have any internet connections.Ya i agree it's a good Anti-virus.Still do i need Some special AntiMalware S/W for detecting any malware or am i fine with my Avst as it can detect.If fine then does it conflicts with malware ?

Win32 files are USUALLY key system files. How do you KNOW it was malware?
You must have the wrong program because SpywareBlaster is NOT a scanner and doesn't even have a scanning capability. It is a protection program ONLY.
I really cannot understand this however...you say you DON'T have internet? How did you put these programs ON the computer? How can you update without internet? How can you get infected with something without internet?
Please Explain

Couple of questions here, did you personally add all those addresses to Trusted Sites? Is your ISP lisney.com? Have you done a general clean up....temp files, cookies, etc? Have you done a disk defrag lately? Is the computer only slow when online or all the time?

Two things for sure I would get rid of, Spyware Terminator, not highly recommended really. Malwarebytes' is a much better program, updates sometimes multiplte times a day and pretty much the Top of the Line today. Use the Quick Scan option at least a couple times a week, always updating first. Then if the Quick Scan finds something then remove it of course, update the program and do an immediate Full Scan. This way you can be sure whatever it was on there didn't bring along some hidden friends.

Also get rid of AdAware. It just isn't what it used to be. For one thing there is no reason under the sun an AdAware scan should take 4 hours, that alone would do it for me.
Add SpywareBlaster. A FREE, MUST have program. Great thing about it is it doesn't run in the background but it blocks, tracking cookies, unwanted activex installs and has a great Restricted Sites portion so you cannot stumble in some place you don't want to be.
Download it, install, update and Enable All Protection. Close it.
Check manually for updates weekly and enable all protection again when new updates have been downloaded.

Now you need to uninstall, in addition to the Spyware Terminator and AdAware, AskBar. This is looked upon by most sites as adware because if often is installed without your permission and can bring in some things you really don't want. Look in Add/Remove and see …

I have Desktop(installed XP Professional) with no internet connection.Which anti virus i installed i download it's updated virus database and update it.Peronally i use AVAST 4.8 HOME Edition.Yesterday i installed Avast then Malwarebyte's Anti-Malware and then Spyware Teminator then Threat Fire.

When i scanned using Avast it found Malware win32 virus.
I am confused After installing Avast Home Edition which can detect malware so why iam going to install Malwarebyte's Anti-Malware
If No then Any need to install S/W like Spyware Teminator or Spyware Doctor and Threat fire thereafrer ?

First of all, how did you get a virus on the computer if it has not internet hook up?
Because none of the programs look for the same things. All are specialized as to what they can look for and what they can remove.
Personally, if it were MY computer, I would get rid of Spyware Terminator, it never ranks with the best. The VERY best at this time is Malwarebytes' Anti-malware. Avast is an EXCELLENT anti-virus program. Spybot is also excellent.
Add to the list of MUST HAVES, SpywareBlaster. It is superb in its ability to block bad items BEFORE they get onto the computer. No, it is not a firewall. It is a specialized program that, when installed, updated and enabled and then CLOSED, will protect the computer from unwanted active x programs, tracking cookies and the like AND it has an excellent Restricted Sites portion which will stop the user …

Just posting the log, while it may reveal "something" tells us nothing about what problems you are having and WHEN? We need more than just

Please see all the details from hijackthis:

We don't KNOW the other necessary details unless you tell us.

Im having the same problem. Did you ever resolve???

dtapster, you need to begin your OWN thread. This thread you posted in is 3 years old.
We need more information on YOUR problem, what steps you have taken, what operating system, anti-virus, etc...AND if you note the original poster was running IE7 BETA version, this was a test version of IE7. IE7 has been out a very long time now. Are you having problems with IE7 or another version of IE?

Not sure what to advise here, but if it were MY computer since there is definitely malware showing there and the fact that you are fairly certain this back up DVD you have used has infection on it I think I would wipe EVERYTHING and begin at the beginning only this time follow correct procedure, ME, XP Upgrade, XP Updates, All Driver updates and THEN install programs you want, but sorry to say, NOT using that infected DVD.
This way you will know the computer is clean and updated fully. Leaving that ME on there and just redoing XP doesn't assure that the infection also isn't there. I would hate to get clear to the end and find out that the system is fully infected and I have to start over again.
One of the main requirements for upgrading and then updating the newly upgraded system is absolute assurance the computer is fully clean and has NO infection anywhere. I cannot say positively there is or is not infection on there but I CAN say positively there IS malware showing in your HJT log.

You asked earlier about installing MBA-M in safe mode, this really isn't recommended unless there are absolutely no other options. Honestly don't know the reason for asking this, unless it wouldn't download. I is supposed to be run in NORMAL as that is the way the program is configured. In and "emergency" it can be run in safe mode but because of it's …

Is this a FULL LEGAL copy of XP or is it an Upgrade?

As you see I have plenty of steps to do without putting back the programs on the computer.

Sorry, but this doesn't appear to be the case. You have installed XP but NOT updated it. You should FULLY update XP before putting anything else, including the printer on the computer but I see many programs running on the machine which have nothing to do with Windows, so this tells me you HAVE installed other programs...and you say so pretty much by saying this:

I made a s master dvd with all the programs and made it easier to put it all back on--There must be a virus on that disk.

In addition to the printer and all of it's software I see the following:
QuickTime
iTunes
Real Player
iPod (and all of it's software)
Southwest Airlines\Ding (whatever that is)
Nero Burning Software
Adobe Reader
and at least a portion of a Norton Anti-virus program.
NONE of those should be on the computer until the computer is fully updated to XP SP3. Then ALL drivers should be updated also.
AFTER the computer is Fully Up to Date THEN is when you would install additional programs and items like printers, iPods, burning software, etc.

If you KNOW this DVD is infected then throw it away. You shouldn't take a chance with it.
But one reason for easy infection is the fact that the os is not updated and therefore very …

Go to your original thread I posted to you there.

If all is well you can mark this one solved.
Judy

SORRY, lost my connection here before I could edit my post, what I meant was run a new HJT scan and post the log.

Now run MBA-M

I recommended removing it because many times this is indicative of browser hijacking. If you personally have set this yourself leave it alone.

Do as crunchie said and re-enable your start up for your digital camera if you want it to auto run. It can be run manually of course but no problem if you prefer it autorun.

Now run HJT again and put a check mark next to this one;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Then click the Fix Checked button and Exit HJT.

Your Java is way out of date so you do need to update that.
First go HERE and download the offline install and save it to the desktop.
Once that has downloaded close ALL browsers and go to Add/Remove and UNINSTALL ALL old versions of Java you find there.
Once the uninstalls are finished then double click that new java install icon on the desktop to install the newest version. Once the new install is complete go back to the download page and on the right side you will see Verify Now. Click that to go to the verification page to verify that the install was successful.

You should remove HiJackThis, you don't need it any more.

You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it …

BTW Trend keeps finding the virus in the SYSTEM VOLUME\Restore files

We will take care of that shortly. It isn't a problem.
I am going through your logs and will get back with you ASAP.
How is the computer working now? Other than the finding by Trend are you having other problems?

Please give me a new HJT scan.

Download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, …

I didn't miss anything in your post. What does that have to do with what I asked you to do?
You will find the log Malwarebytes' Anti-Malware > Logs > log-date.txt.