Hello and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the
shift key down while inserting the USB storage device for about
10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The log shows that you have two AV programs on your computer; Lavasoft Ad-Watch Live! Anti-Virus and avast! Antivirus. Please make sure that only one AV is enabled at any time on your computer. SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!Download
SuperAntispyware Free Edition (SAS)* Double-click the icon on your desktop to run the installer.
* When asked to
Update the program definitions, click
Yes* If you encounter any problems while downloading the updates, manually download and unzip them from
here* Next click the
Preferences button.
•Under
Start-Up Options uncheck
Start SUPERAntiSpyware when Windows starts
* Click the
Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•
Please leave the others unchecked•Click the
Close button to leave the control center screen.
* On the main screen click
Scan your computer* On the left check the box for the drive you are scanning.
* On the right choose
Perform Complete Scan* Click
Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click
OK* Make sure everything in the white box has a
check next to it, then click
Next* It will quarantine what it found and if it asks if you want to reboot, click
Yes•To retrieve the removal information please do the following:
•After
reboot, double-click the
SUPERAntiSpyware icon on your desktop.
•Click
Preferences. Click the
Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably
Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*
Copy and Paste the log in your post.
*********************************************
Download
Combofix from any of the links below, and save it to your
desktop.
Link 1Link 2Link 3To prevent your anti-virus application interfering with ComboFix we need to disable it. See
here for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
Click
I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
As part of it's process, ComboFix will check to see if the
Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's
strongly recommended to have this pre-installed on your machine before doing any malware removal.
This will not occur in Windows Vista and 7It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose
YES.
Follow the prompts to
allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted,
agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on
Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (
C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Note: Please Do
NOT mouseclick combofix's window while its running because it may cause it to stall.
