RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications. These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.
When RKill is run it will display a console screen similar to the one below:
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
At this time you need to run your security applications. In this instance I would suggest running Malwarebytes and a online scan by ESET.
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected. This is the malware trying to protect itself. Two methods that you can try to get past this and allow RKill to run are:
1) Rename Rkill so that it has a .com extension.
2) Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page
contains individual links to renamed versions.
After the application has run succefully you should reboot the computer to restore the processes and Windows Registry entries.
1) Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
2) When the installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click on Finish.
3) MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
4) Click on perform Quick Scan, then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
5) The scan will now begin, this may take some time to complete so please be patient.
6) When the scan is finished click on Show Results to display all objects found.
7) Click OK to close the message box and continue with the removal process.
8) Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that every item shown in the results has a check mark in the box next to it, then click on Remove Selected.
9) When removal is completed, a log will open in Notepad.
This log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of the log in your next post, then exit MBAM.
Important: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Please copy the Malwarebytes log and paste it in your next post.
To locate this file right click on the Start orb and choose Open Windows Explorer, then click on C: drive.
When the C: drive opens click on the following: ProgramData, Malwarebytes, Malwarebytes' Anti-Malware, Logs.
If there is more than one log, choose the log with the date that you ran scan that I requested.
If there are a large number of items found you can go into Settings and click on Scanner Settings to change the setting in Action for potentially unwanted programs (PUP) to Show in results list and check for removal.
Please scan your machine with ESET OnlineScan
Hold down Control and click on the following link to open ESET Online Scan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives"and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
I would also suggest running two other scans.
Please download AdwCleaner and run it.
An image like the one below will open, click on Scan.
Once the search is complete a list of the pending items will be displayed. If you see any which you do not want removed, remove the check mark next to it.
Click on Clean to remove the selected items.
You will receive a message telling you that all programs will be close so that the infections can be removed. Click on Ok.
When cleaning process is complete a log of what was removed will be presented. Please copy and the paste this log in your next post.
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.
Click on Run to initiate the installation.
To avoid potential conflicts, temporarily disable your antivirus and firewall. You will want to be offline when you do this.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Copy and this and then post this in your topic.