It's been almost a month since we started this cleaning process. We need to update and run some more scans.SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to uninstall it and get the newest version!Download
SuperAntispyware Free Edition (SAS)* Double-click the icon on your desktop to run the installer.
* When asked to
Update the program definitions, click
Yes* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the
Preferences button.
•Under
Start-Up Options uncheck
Start SUPERAntiSpyware when Windows starts
* Click the
Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•
Please leave the others unchecked•Click the
Close button to leave the control center screen.
* On the main screen click
Scan your computer* On the left check the box for the drive you are scanning.
* On the right choose
Perform Complete Scan* Click
Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click
OK* Make sure everything in the white box has a
check next to it, then click
Next* It will quarantine what it found and if it asks if you want to reboot, click
Yes•To retrieve the removal information please do the following:
•After
reboot, double-click the
SUPERAntiSpyware icon on your desktop.
•Click
Preferences. Click the
Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably
Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*
Copy and Paste the log in your post
=============================
Please uninstall your version of MBAM and download and update the newest version. Please download Malwarebytes Anti-Malware from
here.
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.===============================
Download
OTM by OldTimer to your desktop.
Note: If you are running on
Vista, right-click on
OTM.exe and choose
Run As Administrator.* Save it to your Desktop.
* Double-click
OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting
ALL of them and pressing
CTRL + C (or, after highlighting, right-click and choose
Copy)
:Processes
explorer.exe
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456cb445-3046-11df-b8c6-00226865bee9}]
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
* Return to
OTM, right click in the
"Paste Instructions for Items to be Moved" window (
under the yellow bar) and choose
Paste.* Click the red
Moveit! button.
* Copy everything in the
Results window (
under the green bar) to the clipboard by highlighting
ALL of them and pressing
CTRL + C (or, after highlighting, right-click and choose
copy), and paste it in your next reply.
Close
OTMNote: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose
Yes. If not,
reboot anyway.
===============================
Please download
RootRepeal from
GooglePages.com.
- Extract the program file to your Desktop.
- Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
- Select ALL of the checkboxes and then click OK and it will start scanning your system.
- If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
- When done, click on Save Report
- Save it to the Desktop.
- Please copy/paste the contents of the report in your next reply.
Please
remove any e-mail address in the RootRepeal report (if present).
=================================
ESET Online ScanScan your computer with the
ESET FREE Online Virus Scan* Click the
ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the
esetsmartinstaller_enu.exe to download the ESET Smart Installer.
Save it to your desktop* Double click on the
esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to
YES, I accept the Terms of Use.
* Click the
Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to
Remove found threats and place a check next to
Scan archives.
* Click the
Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click
List of found threats.
* Next click
Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the
Back button then click
Finish.
In your next reply please include the ESET Online Scan Log==============================
Your flashdrive may be infected also, so please do this.Panda USB and AutoRun VaccineInsert your flash drive before we begin.
Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.
Download
Panda USB and AutoRun Vaccine and save it to your desktop.
* Extract (unzip) the file to your desktop and a folder named
USBVaccine will be created.
* Open that folder and double-click on
USBVaccine.exe to start the program.
* Click
Run* Click the button to
Vaccinate computer.
* Insert your
USB flash drive.
* When the name of the drive appears in the dialog box, click the button to
Vaccinate USB drive(s).* Exit
Panda USB and
AutoRun Vaccine when done.
Note: Computer AutoRun Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The
Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
===================================================