Huge problem!

Most of the threats were already in AdwCleaner's quarantine folder, but ESET picked up a few AdwCleaner didn't find.

Run one more to triple check your system. This is a scan only. Please post the scan results as you have been doing with the other scanners - thanks.

Download the Farbar Recovery Scan Tool (FRST) Click here

1. Select the version that applies to your system: 32-bit OR 64-bit
   .
2. Click the Save button
   Default save location is your Downloads folder
   If the SmartFilter bar is presented, click the Actions button and click Don't Run (saves FRST but does not run it)
   .
3. Double-click FRST or FRST64 to launch the utility
   FRST is the 32-bit version / FRST64 is the 64-bit version
   
   1. Click the Yes button to confirm UAC
      .
   2. Click the Yes button on the Warranty disclaimer window.
      .
   3. Tick [a] all Whitelist checkboxes
      .
   4. Tick [a] Addition.txt in the Optional scan list
      .
4. Click the Scan button to begin scanning.
   .
5. FRST creates two logs when the scan has finished, they are located in the same folder where FRST was launched
   
   • FRST.txt and
   • Addition.txt
   • Attach both logs to a post on your thread and a SevenForums member will analyze the output.
     See: Screenshots and Files - Upload and Post in Seven Forums

Thanks

Hmmm, looks like a few more utilities then a call for more eyes.

Kaspersky Labs: TDSSKiller

1. Download the EXE Version, not the zip version

2. Select Save on the "Do you want to run or save ..." action bar
The default save location is your Downloads folder

3. Select Run on the "... download completed." action bar

4. Click Change parameters

Additional Options
Tick [a] Detect TDLFS File System
Tick [a] Use KSN to scan objects



Click: OK

5. Press: Start Scan

6 ... Next
6. Scan result actions:

a. TDSSKiller determines the best action for a threat and marks it in the Threats Detected window.

For this exercise, you want only CURE or SKIP as an action. Kaspersky TDSSKiller is very good at determining what action should be taken, but it's better to err on the side of caution. Let a member review the output and then advise you.

b.Skip any Suspicious object, confirm the action and then press Continue

c. Cure any Malicious object, confirm the action and then press Continue
Select Skip if Cure is not available. Do NOT select Delete as the object might be a system file.

d. Restart your machine to complete the TDSSKiller malware removal process.

The log file is placed on the homedrive (normally C:\) with the file naming convention:
TDSSKiller.Maj#. Min#. Bld#.Rev#_MM.DD.YYYY_HH.MM.SS_log.txt
Ex: C:\TDSSKiller.3.0.0.17_03.15.2014_12.03.49_log.txt

7. Attach the TDSSKiller log to a new post on your thread
See: Screenshots and Files - Upload and Post in Seven Forums

Thanks!

Please revisit post# 34

The FRST log shows many things that should have been cleaned up by following the recommendations in that post. Specifically, uninstalling applications with little or no value add (auto-updaters, Chrome, Google apps, SkypeclickToCall, Lightshot & Puush). All of these items can be reinstalled if you really need them later (any program you paid for might require a ley to reinstall - make sure you have that key before uninstalling).

SaveShare is still hanging in there even after the scan and cleans. I saw at least one 'version' (saaveeshaaree) of it, so it might be a real tricky bugger. The tools you have already used should have mitigated that threat. I'll suggest another utility after I see the TDSSKiller log.

FRST also shows remnant pieces of threats removed, this is where I'll need another pair of eyes - to completely clean up the pieces and to make sure I didn't miss something.

Bill
.

A factory reset or clean install is another way to clean up malware - glad that your system is better.

Thank you for marking the thread solved.

Bill
.