Rolls, when you run Malwarebytes, there is a line you are suppose to check to remove what is found. you didn't check that so all of the entries show "No Action Taken." Usually I would have you update the program and run it again with this checked. But in this case, it doesn't matter because all of the adware is in
System Volume which is the system restore points. I will have you drop those when we're finished. but for now, understand that you should not use the system restore feature as you could reinfect the machine.
=========================
Custom CFScript
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe
Folder::
c:\program files\iNetFormFiller Trial
c:\documents and settings\Administrator\Application Data\iNetFormFiller
Registry::
RegLock::
[HKEY_USERS\S-1-5-21-790525478-152049171-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
Driver::
FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Then
Run Eset NOD32 Online AntiVirus Scanner HERE
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Leave new Combofix report and Eset log in next reply/.
Did you do the DNS Flush and the router reset? Have you noticed any difference in the system?