src2206

Hello nightwish.

Before we start with your PC, please take a note not to attach report files with your post (unless you are compelled to do so because of the size of the reports- which was not applicable in your case). Use "copy-paste" to post your logs/reports as you did for your HJT log.

Secondly, follow the all instructions and in the exact given order. I have asked for a Fresh HJT Log which you have not provided.

You pointed out that you have used your own tool for cleaning. Please let me know me the name of the tool.

Next, you did not properly configure you Ewido to clean the problems which it could identify. So please follow the following instructions very carefully to update and configure Ewido.

• Launch Ewido.
• On the main screen select the icon "Update" then select the "Update now" link.
• Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
• Select "Automatically generate report after every scan"
• Un-Select "Only if threats were found"
• Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

We can see SpySweeper currently active in your running processes:

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Please explain the exact steps you've taken to remove Webroot SpySweeper, as well as what happens when you try to uninstall it via the Add/Remove programs.

_______________________________________________________________

Downloads

Please download the ISTBar removal tool from Symantec into it's own folder. Do not run it yet.
_____________________________________________________________


Fix

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

ISTBar

Delete the following Folder indicated in BLUE if it still exists.

C:\Program Files\Common Files\Totem Shared
_______________________________________________

Run the ISTBar removal Tool.
______________________________________________

Ewido

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Reboot your system in Normal Mode.
________________________________________________________________

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Please provide the following logs with your next post:

Ewido
Kaspersky Scan
HijackThis (A fresh one)

Do not attach these reports as files. Use copy-paste to post the logs here.
And do not miss any of the above. Please help us to help you better.