I need help removing viruses

I first thought I had a virus when I was on the internet and clicked a link and it redirected me to some random site. So I ran "Malwarebytes Anti-Malware" and "SUPERAntiSpyware Free Edition", they both said I had viruses. I removed all of them and restarted my PC. I was then notified by Microsoft Security Essentials that I had a "potential threat" on my computer. I selected remove, but it said I needed "Standalone System Sweeper" I clicked 'download now' and I was taken to a microsoft.com link telling me how to get "Windows Defender Offline Beta." (Notice that it's not the same program it said it was before). However, I still decided to download WDOB. I had to put it on a flash drive and boot the computer from the USB.

Upon restarting the computer from the flash drive, WDOB performed a scan for potential threats and found two items. I selected to remove them both, then continued with the restart of my computer and when I got to the desktop, MSE notified me again that I still had a virus. That's when I decided to post this.

Thanks for any help!!

EDIT: I remember some of the virus names: blacole and cleaman.g

First, Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Next, let's get rid of the Java script ... (temp cache)
download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

Now, I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push

It would be best to turn WD off it you can.

1. Open Windows Defender by clicking the Start button , clicking All Programs, and then clicking Windows Defender.
2. Click Tools, and then click Options.
3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

TrueBlue502 said:

Couldn't find WD under all programs

Look in the Control Panel or try this:

Click the “Start Orb” and type in defender into the text box. Select Windows Defender.
Select Tools from the main Windows Defender screen.
Select Options from the Settings section.
From the left navigation pane, select Administrator.
Now remove the check mark from the box labeled Use this program. Click the Save button in the bottom right corner.
Click Yes when prompted to make the change

If you can't find it go ahead with ESET.

You can also disable it in Services. Type services.msc in the start search box, click on the icon, scroll down to Windows Defender, right click > choose properties, then set it to disabled.

Now run ESET

Jacee said:

You can also disable it in Services. Type services.msc in the start search box, click on the icon, scroll down to Windows Defender, right click > choose properties, then set it to disabled.

Now run ESET

Here are the results:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Henry\AppData\Local\TempDIR\BetterInstaller.exe a variant of Win32/Adware.Somoto.A application cleaned by deleting - quarantined
C:\Users\Henry\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
C:\Windows.old\Documents and Settings\Henry\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined




My anti-virus is still giving me "Trojan Horse blocked" and "Malicious URL blocked" every minute when I'm not even opening a new page. I've had a total of 432 network connections blocked in the last ten and a half hours. Here's the initial alert of one of them:

and the details:

Those are just examples, they're different every time.

Let's flush the DNS cache and restore MS's Hosts file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Tell me if the problem is still there.