To start with I would like you to do this
Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\
username\Local Settings\Temp\
Also delete your
Temporary Internet Files, be sure to also select delete all offline content.
Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT
First is Spybot S & D available from
here.
1. Downloaded and Install Spybot S&D, accepting the Default Settings
2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
3. Close ALL windows except Spybot S&D
4. Click the button to ‘Search for Updates’ then download and install the Updates.
5. Next click the button ‘Check for Problems'
6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window
7. Make certain there is a check mark beside all of the RED entries ONLY.
8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
9. REBOOT to complete the scan and clear memory.
Download Ad-aware Second Edition
here and install it. If you already have Ad-aware Second Edition skip to the next step.
Open adaware and Click the "Check for updates now" line on the main screen. CLick the "Connect" button on the webupdate screen.
If an update is available download it and install it. Click the "Finish" button to go back to the main screen.
Click on the "Settings" button (gear symbol in the upper right corner of the main status screen) in the quick launch toolbar to open the General settings screen. Make sure the "Automatically quarantine objects prior to removal" setting is checked
green and then click "Proceed" to save your changes.
Click the "Scan now" button in the main menu on the left side of the main status screen or use the "Start" button in lower right corner. This will open the Preparing System Scan screen. Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. Leave the option for low-risk threats unchecked also. Then select "Use custom scanning options" and click "CUstomize". This will open the "Scan Settings Page. Make sure all of the following are On with a
green checkmark:
Then click on the "Tweak" Button to open up the tweak settings.
Open up the Scanning Engine section and make sure all of the following are On with a
green checkmark:
- Scan registry for all users instead of current user only
Make sure the following is unchecked with a
red X:
- Unload recognized processes & modules during scan.
Open up the Cleaning Engine section and make sure all of the following are On with a
green checkmark:
- Always try to unload modules before deletion
- During Removal, unload Explorer and IE if necessary
- Let Windows remove files in use at next reboot.
Click the "Proceed" button to save settings. Click next to begin the scan. When the scan is completed, the Performing System Scan screen will change name to "Scan Complete".
Click the "Next" button to get to the Scanning Results screens where more information about the objects detected during the scan is available. Click the Critical Objects Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click on one of them to open up the selection screen. Click the "Select All" button to select all entries. Then all are selected Click "Next" and then "OK" in the pop-up window to confirm the removal.
Run the scan, and then reboot.
Then please download the latest version of HijackThis from the following link:
HijackThis Download Site
Once it is downloaded, extract the zip file to
c:\hjt and navigate to the c:\hjt folder.
DO NOT FORGETto unzip the folder and do not leave hijackthis in a temp folder.
Now double-click on
hijackthis.exe and when the window opens, Press the
Scan now and save a logfile button and then when it is done, copy and paste the contents of the notepad it opens as a reply to this post.
wng