SuperAntiSpyware portable ran, but did not detect the intrusion. I used Rkill and renamed the MB executable to stop it from intercepting Malwarebytes, and I thought it had been removed, but it has since come back twice. Both times there has been an executable in the C:/users/MyUserName/AppData/Local/ folder, a Windows Security icon in the taskbar, and popups (particularly when I try to run MalwareBytes or access windows security). It also blocked browsing of web sites in FireFox and IE with a "this page could be dangerous" page.
I have been attempting to follow the instructions at http://www.geekstogo...ity-2012-issue/ among other threads on this malware, but so far have been unsuccessful so I am hoping I can get some help removing this thing.
The initial rkill log terminated the processes iyq.exe (the executable from AppData/Local) and rundll. The more recent one doesn't show names, although it did allow me to access the internet and Malwarebytes. I am attaching logs from OTL, MBAM, TDSKiller, and MBRCheck. I also attempted to run aswMBR.exe, but it twice resulted in a BSOD, although at different points in the scanning process.
Thank you in advance for your help,
Garuga S. Monk