Hi,
I’ll give you future malware removal instructions.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
HKU\S-1-5-21-887285577-1908728387-2409366433-1001\...\Run: [SSync] - C:\Users\Lindy\AppData\Roaming\SSync\SSync.exe [41984 2012-12-19] ()
HKU\S-1-5-21-887285577-1908728387-2409366433-1001\...\Run: [DataMgr] - C:\Users\Lindy\AppData\Roaming\DataMgr\DataMgr.exe [168776 2013-02-19] (HTTO Group, Ltd.)
HKU\S-1-5-21-887285577-1908728387-2409366433-1001\...\Run: [OMESupervisor] - C:\Users\Lindy\AppData\Local\omesuperv.exe [2239264 2013-12-24] ()
HKU\S-1-5-21-887285577-1908728387-2409366433-1001\...\Run: [SCheck] - C:\Users\Lindy\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-887285577-1908728387-2409366433-1001\...\Run: [Snoozer] - C:\Users\Lindy\AppData\Roaming\Snz\Snz.exe [1209628 2013-12-24] ()
HKU\S-1-5-21-887285577-1908728387-2409366433-1001\...\Run: [Intermediate] - C:\Users\Lindy\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
BHO-x32: No Name - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
C:\Users\Lindy\AppData\Local\Temp\msvcr71.dll
C:\Users\Lindy\AppData\Local\Temp\Scrivener-1570-update.exe
C:\Users\Lindy\AppData\Local\Temp\Scrivener-1600-update.exe
C:\Users\Lindy\AppData\Local\Temp\Scrivener-1610-update.exe
C:\Users\Lindy\AppData\Local\Temp\SkypeSetup.exe
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.
************* Next *************
Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
[i]For full instructions how MBAR works, read this article
> Doubleclick on the MBAR file (
http://www.mcshield.net/personal/magna86/Images/mbar.png
) and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.
• On the Update Database screen, click on the Update button. Once you see ‘Success: Database was successfully updated’ click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.
Notice: with some infections, you may see two messages boxes:
- ‘Could not load protection driver’. Click ‘OK’.
- ‘Could not load DDA driver’. Click ‘Yes’ to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.
>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.
>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution …
- When you see “press any key to exit” fix is completed, press any key to close the window. Reboot the system.
> The following reports will be created in mbar folder:
- mbar-log-year-month-day (hour-minute-second).txt
- system-log.txt
Please post both logs in your next reply.