In my opinion, the main trick in finding and deleting malware is the use of Safe Mode With Networking. That sometimes keeps the malware from hiding or protecting itself.



Also, turn off System Restore to evict any copies of bad stuff that might be lurking there.



To get into Safe Mode with Networking:



1. Log out and reboot your machine.

2. When the machine starts the reboot sequence, press the F8 key repeatedly.

3. Select Safe Mode with Networking from the resulting menu.

4. Login. If the malware has changed your password, try logging in as Administrator. By default, Administrator has no password.

5. The machine will continue booting, but the Windows desktop will look different.

6. When you're finished doing what you need to do, log out and reboot back into normal mode.



Good luck.

2

Here is how you remove the browser hijacker,

it might clear the other problem too.



First

click on Start > Run. Type in the following into the open box.



devmgmt.msc



then Click on OK. This will run Device Manager. In Device Manager,

click on View > Show Hidden Devices.



expand all the devices by clicking on the "Plus" sign. Now try to find

TDSSserv.sys or clbdriver.sys or oUltraf or seneka.sys,

right click on whatever one you found and select Disable.

Please make sure that you do not select the Un-Install option

otherwise infection will be back once you reboot your computer.



if none of them are there do not worry,

it could be something simpler but follow what comes next.



you will have to enable view hidden folders in folder options > view.



Delete everything in the windows temp folder,

C > Windows > Temp



Delete all cookies,

Delete all temporary internet files(not to be confused with windows temp files)

these are best deleted via your internet browsers.

it will save you messing about in the the hidden system files



reset internet explorer,

tools > internet options > Advanced tab > reset .



Delete everything in the prefetch folder.

C > Windows > Prefetch



Delete the hosts file,

C > Windows > System32 > drivers > etc > HOSTS

A clean hosts file will be written by windows when you reboot later.

Note: if you were using a custom Hosts file

you will need to replace any of those entries yourself.





Delete the flash cookies found in the macromedia, #Shared Objects folder.

c > users > "your name" > App Data > Roaming > macromedia > Flash player > #Shared Objects

delete everything you find in the #Shared Objects folder





Run a full scan with this

Sophos Anti-Rootkit : http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

and remove everything suspicious it finds.



Sophos Anti-Rootkit DOWNLOAD : https://secure.sophos.com/support/cleaners/sar_15_sfx.exe



Then run a full scan with this and remove what it finds.

Super anti spyware Pro : http://www.superantispyware.com/



Super anti spyware Pro DOWNLOAD : http://downloads.superantispyware.com/downloads/SUPERAntiSpywarePro.exe

this has a tool built in that can reset the URL prefix's

USE IT.



reset your router to default.



your redirect virus should now be gone.



download then run,

tdss killer to double check.



tdss killer : http://support.kaspersky.com/downloads/utils/tdsskiller.exe











.

If it's that bad, reinstall the OS. If you can't do a system recovery, Just download an ISO off the internet of the same OS that you have now and you can use the product key found on the bottom of the laptop to activate it. Before doing that though, scan the ISO for viruses just in case and make sure you don't get a cracked version. Check the sources for some good ISOs.

Did you do a full update of malware bytes prior to scanning?



Just uninstall the spybot search and destroy then. If malware bytes doesnt find anything your system is clean. Also try booting into safe mode by tapping f8 as your system boots and then run a scan with malware bytes.



You can also just do a factory reset on the machine by tapping F8 as it boots and choose repair computer.



Vote best if it works:)

Apart from the good tips you allready been given from our friends remember that windows it created a windows system restore and a virtual memory this two has to be disable any time you whant to do a trough out cleanign, disable or delete those services then clean up, after you cleaning up you can restore these services and most system are in control panel,system.