Hi Stargeneral,
Let's make sure everything is clean on this system. First, boot from the drive that we've been calling Infected. Going forward let's call it C: and the Slave drive D:. So, boot from C: and everything in this post will be directed to the C: drive. (We'll clean D, when we're done with C)
Run OTL (not OTLPE)
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[createrestorepoint]
:OTL
SRV - [2008/06/13 23:55:31 | 000,028,739 | ---- | M] (MyWebSearch.com) [Auto] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra Button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - Reg Error: Value error. File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2014/06/20 14:52:30 | 000,000,000 | -HSD | C] -- C:\found.001
:Files
C:\Program Files\MyWebSearch
:Commands
[resethosts]
[emptytemp]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
THEN
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next, download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).
- Close any open browsers.
- Temporarily disable your AntiVirus program. (If necessary)
- Double click on zoek.exe to run.
- Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
- Click Options button below the large panel and check the box:
Auto Clean - Click on Run script button
- Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
- Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
Security Check
Download Security Check from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Last, rerun OTL as you did previously, but this time just press the Quick Scan button. When OTL completes you will find one log, OTL.TXT. Please post that with the adwCleaner log, the Junkware log, the ZOEK, Security Check Log. the OTL Fix log, located here->C:\_OTL\Moved Files