Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Google links redirect virus victim needs help


  • Please log in to reply
5 replies to this topic

#1 mel_t

mel_t

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 14 August 2009 - 11:11 PM

I have been browsing the threads with regard to this and it looks like this is my problem. If I do a google search, either in Firefox or in IE, I get redirected to unrelated sites. I have to go back and click the link about 4 times before I actually get to the site on the link.

I tried running Malwarebytes, and it did find quite a few infections which I cleaned, but the problem persists. I also ran it again in safe mode, but it didn't pick up any further infections.

I usually solve my own computer issues through info I find thru google, but I am out of my depth here, and I don't want to make it worse by going any further on my own. I would appreciate it if someone could guide me in resolving this problem

Thanks!

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:49 AM

Posted 14 August 2009 - 11:13 PM

Hello mel_t and :thumbsup: to BleepingComputer!

Can you please post the Malwarebytes log in which infections were found?

Also, Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."
  • Go HERE, HERE, or HERE and download RootRepeal.zip to your Desktop.
Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
Old Malwarebytes log
RootRepeal log

Edited by Blade Zephon, 14 August 2009 - 11:14 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 mel_t

mel_t
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 August 2009 - 09:34 PM

Hi Blade,

Thanks for helping! I hope it won't be too difficult a fix.

Here are the requested logs:

Malwarebytes:

Malwarebytes' Anti-Malware 1.40
Database version: 2618
Windows 5.1.2600 Service Pack 3

8/13/2009 9:58:44 PM
mbam-log-2009-08-13 (21-58-44).txt

Scan type: Quick Scan
Objects scanned: 109308
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{876dc38b-e22b-414a-a383-c6d291378b09} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{67bbd79a-d57b-435b-82ca-158bb87ce963} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{935cbbae-7ab0-40c3-ba07-bab8089f438e} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e67d5bc7-7129-493e-9281-f47bdaface4f} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57cadc46-58ff-4105-b733-5a9f3fc9783c} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.ietoolbar.1 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb09835.tbsb09835.3 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb09835.1 (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runit (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\runit (Adware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\IEToolbar\Bullseye Tool Bar (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\basis.xml (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\date2.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\icons.bmp (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\info.txt (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.crc (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\lwpopper.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popper3.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popup1.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popup2.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\tbhelper.dll (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\uninstall.exe (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\version.txt (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\your_logo.png (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Melanie\Start Menu\Programs\Startup\runit_32.lnk (Rogue.Link) -> Quarantined and deleted successfully.


Root Repeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/15 22:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE107000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF6603000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETmxfetqgo.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETmxfetqgo.sys
Address: 0xEE433000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF71DB000 Size: 81920 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\SKYNETdvpwvvie.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETheoypplw.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETnapqcjnb.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETvgruafpy.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETmxfetqgo.sys
Status: Invisible to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: winlogon.exe (PID: 744) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: services.exe (PID: 792) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: lsass.exe (PID: 804) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: Ati2evxx.exe (PID: 968) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETdvpwvvie.dll]
Process: svchost.exe (PID: 988) Address: 0x00900000 Size: 53248

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: svchost.exe (PID: 988) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: svchost.exe (PID: 1120) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: svchost.exe (PID: 1188) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: svchost.exe (PID: 1296) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: svchost.exe (PID: 1372) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: Ati2evxx.exe (PID: 1884) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: Explorer.EXE (PID: 1968) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: spoolsv.exe (PID: 444) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: svchost.exe (PID: 536) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: avgwdsvc.exe (PID: 608) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: jqs.exe (PID: 692) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: svchost.exe (PID: 1360) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: wdfmgr.exe (PID: 1556) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: CALMAIN.exe (PID: 1812) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: avgrsx.exe (PID: 1924) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: wmiprvse.exe (PID: 2560) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: alg.exe (PID: 2616) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: SynTPLpr.exe (PID: 3032) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: SynTPEnh.exe (PID: 3040) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: atiptaxx.exe (PID: 3076) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: EabServr.exe (PID: 3100) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: HP Wireless Assistant.exe (PID: 3120) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: HPWuSchd2.exe (PID: 3148) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: jusched.exe (PID: 3260) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: ctfmon.exe (PID: 3284) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: hpqwmi.exe (PID: 3460) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: wuauclt.exe (PID: 864) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: svchost.exe (PID: 3884) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: avgnsx.exe (PID: 2540) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: RootRepeal.exe (PID: 4728) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: wscntfy.exe (PID: 7040) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETvgruafpy.dll]
Process: AskService.exe (PID: 6220) Address: 0x10000000 Size: 32768

Hidden Services
-------------------
Service Name: SKYNETqiopxuwo
Image Path: C:\WINDOWS\system32\drivers\SKYNETmxfetqgo.sys

==EOF==



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:49 AM

Posted 15 August 2009 - 09:55 PM

let me help you along till Blade comes back.
Now the next step...

Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\WINDOWS\system32\drivers\SKYNETmxfetqgo.sys
C:\WINDOWS\system32\SKYNETvgruafpy.dll
C:\WINDOWS\system32\SKYNETdvpwvvie.dll


Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.



Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mel_t

mel_t
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 16 August 2009 - 08:43 AM

I think that did it, boopme. My links are going straight to the proper location now. Is there anything else I should run or check?

Thanks for your help, both boopme and blade.

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.40
Database version: 2633
Windows 5.1.2600 Service Pack 3

8/16/2009 12:02:59 AM
mbam-log-2009-08-16 (00-02-59).txt

Scan type: Quick Scan
Objects scanned: 117856
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netskt (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\netskt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETheoypplw.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETnapqcjnb.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETdvpwvvie.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETvgruafpy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\SKYNETmxfetqgo.sys (Trojan.Agent) -> Quarantined and deleted successfully.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:49 AM

Posted 16 August 2009 - 11:13 AM

Hi,that's great news. Please run these next as we do not want any traces of this left behind.

Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users