Hello. Lets look at the system and run 2 more scans.
Are you runnnings SpyBots Teatimer?
Please download MiniToolBox
, save it to your desktop and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size.
- List Minidump Files
and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note:
When using "Reset FF Proxy Settings" option Firefox should be closed.
Please download the TDSS Rootkit Removing Tool
) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (126.96.36.199) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 188.8.131.52 of the tool.
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.184.108.40.206_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe
, select Rename
and give it a random name with the .com
file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions
. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before
downloading and saving to the computer.
Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/
Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- Super should automatically update the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
- Close SUPERAntiSpyware.
Post SUPERAntiSpyware log.
- Open SUPERAntiSpyware.
- Click on "Preferences" button.
- Click the "Scanning Control" tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Click the "Home" button to leave the control center screen.
- Back on the main screen checkmark "Complete scan" and click "Scan your computer".
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Copy and paste the Scan Log results in your next reply with a new HijackThis log.
- Click Close to exit the program.