Trojan.FakeAlert Virus - Search Engine Hijacked....

Sadly, this isn't my 1st time in this rodeo.  I had to fix my in-laws not once, but twice.  I eventually got them cleaned up using Combo and The Avenger.

 

So, now my system got it.  I am usually really good at spotting these, but this one happen to come from one of those flash gaming sites.  I was quite suprised.  Needless to say, the site admin got an earful.

 

So, ran Combofix to gain back control (task manager, regedit, desktop, etc).  So that's all done.  However, the browser is STILL hijacked.  I had this other program (might have been RootRepeal, small grey screen, ran really fast) that showed me ALL the .dll's and reg's that were possible malware/spyware/viruses.  Wish I could remember which one that was.  ANYWAY, I came across this Malwarebytes one.  It found these....................

 

 

Files Infected:
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP407\A0139405.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP407\A0139411.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP407\A0139472.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP407\A0139578.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP408\A0139762.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP408\A0139766.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP408\A0139814.dll (Trojan.Fakeinit) -> No action taken.
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP408\A0139943.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{6DC2F9DC-BDA2-4E30-AD02-C1E34FFB225C}\RP408\A0139944.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KS1H2JF\exe[1].exe (Trojan.FakeAlert) -> No action taken.

 

Did the quarantine then restart.  Still hijacked.  Deleted the files in the quarantine, restarted.  Still hijacked.  Banged out a bunch of reg's that looked suspicious, STILL hijacked.  Hijackthis and GMER show 0 issues. 

 

Any ideas on how to delete these mofos?  Next steps?

 

Like I said, I got my computer back in control and i'm not using the search engine, so i'm not panicing yet :-)

 

Thanks!