Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
Please download AdwCleaner
by Xplode onto your Desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Delete tab follow the prompts.
- A log file will automatically open after the scan has finished.
- Please post the content of that log file with your next answer.
- You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please downloadJunkware Removal Tool
to your Desktop.
- Please close your security software to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete, depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
- Please post the contents of JRT.txt into your reply.
Please download ComboFix from one of these locations:Link 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt
in your next reply.
Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlDo not mouse click ComboFix's window while it's running. That may cause it to stall
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion.
" when attempting to run a program all you need to do is restart the computer to reset the registry.
===Third party programs if not up to date can be the cause of infiltration an infection.
Please run this security check for my review.
Download Security Check
by screen317 from here
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.