Welcome aboard
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
===================================
Never play around with such powerful tools like FRST or Combofix!
Download attached
fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run
FRST/FRST64 and press the
Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Next....
Restart normally.
=====================================
Download
TDSSKiller and save it to your
desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
====================================
- Download RogueKiller on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
==================================
Download
Malwarebytes' Anti-Malware (MBAM):
http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download:
http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.
* Double-click
mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware, then click
Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select
Perform quick scan, then click
Scan.
* When the scan is complete, click OK, then
Show Results to view the results.
* Be sure that everything is checked, and click
Remove Selected.
* When completed, a log will open in Notepad.
*
Post the log back here.
Be sure to restart the computer IF MBAM asks you to do so.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\
log-date.txt
===================================
Download
aswMBR to your desktop.
Double click the
aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "
Scan" button to start scan.
On completion of the scan click "
Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create
MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.