 | Moderator & Malware Removal Specialist with 27,367 posts. | | Join Date: Mar 2001 Location: Bradford, England | |
Hiya
Are you still having this problem? If so, do the following:
Download TFC by OldTimer to your desktop - Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application. - Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Download and scan with SUPERAntiSpyware Free for Home Users - Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
================
Download RootRepeal from one of the following locations and save it to your desktop: - Double click
 to start the program - Click on the Report tab at the bottom of the program window
- Click the
 button - In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
- Click the OK button
- In the next dialog, select all drives showing
- Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running - When the scan is complete, click the
 button and save the report to your Desktop as RootRepeal.txt - Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.
Click on the Go Advanced button for the uploading options at the bottom of this page (in the picture below  )[/list]  - In there, at the bottom, click on the button Manage Attachments (in the picture below .
- A window will appear, and then Browse to RootRepeal.txt on your Desktop.
- Click Upload, and when uploaded click Close this Window
- Then, in the previous window, click on Add Reply
=============== Click here to download HJTInstall.exe- Save HJTInstall.exe to your desktop.
- Doubleclick on the HJTInstall.exe icon on your desktop.
- By default it will install to C:\Program Files\Trend Micro\HijackThis .
- Click on Install.
- It will create a HijackThis icon on the desktop.
- Once installed, it will launch Hijackthis.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and Paste the log in your next reply.
- DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
=============
Please include the MBAM log, SAS log, RootRepeal.txt and a fresh HijackThis log in your next reply
Regards
eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream
MVP in Consumer Security
Last edited by eddie5659; 12-Feb-2010 at 05:46 AM..
|
