oceans910,
I'll give you quite a bit to do here. You can handle it.
If any procedure step fails, make a note to tell me in the reply, and proceed to the next step. You may find it handy to print this out first.
Please read here first :
http://forum.malwareremoval.com/viewtopic.php?t=12
-----------------------------------------------------------
Please
Delete Your Temporary Files by deleting all files and subfolders that are in these folders (do not delete these folders themselves).
In Windows Explorer (My Computer), delete all the files in the following folders. Please do NOT delete the folders themselves, just all the contents.
C:\Windows\Prefetch\
C:\Windows\Temp\
C:\Documents and Settings\<Your Username>\Local Settings\Temp\
C:\Documents and Settings\<All other Usernames>\Local Settings\Temp\
C:\Documents and Settings\<Your Username>\Local Settings\Temporary Internet Files\
C:\Documents and Settings\<All other Usernames>\Local Settings\Temporary Internet Files\
-----------------------------------------------------------
Run an Online scan.
Go to
http://www.trendmicro.com and click
Personal. Under Trend Micro Housecall (upper right) Click
Scan now.
Click
Scan Now It's Free. Choose your location, then
Start Free Scan Now. Select Complete Scan. If it asks about installing an ActiveX control, allow it.
It'll take a few minutes to download, especially with a dialup connection, so be patient.
Check to Clean all drives and
Scan.
When it completes, copy the full name of any virus, trojan, or spyware that cannot be cleaned or deleted and post them along with your next log.
-----------------------------------------------------------
Download and RUN Spybot S&D from
here. Don't install the TeaTimer 'runtime' option until your machine is completely clean, as it may interfere with fixes.
Install Spybot, click
Search for Updates. Then download and install the updates.
Next click the button
Check for Problems.
When Spybot is complete, it will be showing
RED entries, bold
Black entries, and
GREEN entries in the window.
Make certain there is a check mark beside all of the
RED entries ONLY.
Choose
Fix Selected Problems and allow Spybot to fix the
RED entries.
REBOOT to complete the Spybot cleaning process.
------------------------------------------------------------
Download and Run Ad-Aware SE Personal from
here. If you are using the paid version, don't install the AdWatch feature.
Open adaware and Click the
Check for updates now line on the main screen. Click the
Connect button on the webupdate screen.
If an update is available download it and install it. Click the
Finish button to go back to the main screen.
Click on the
Settings button (the gear symbol in the upper part of screen) to open the General settings screen. Make sure the
Automatically quarantine objects prior to removal setting is checked
green and then click
Proceed to save your changes.
Click the
Scan now button in the main menu on the left side of the main status screen or use the
Start button in lower right corner. This will open the "Preparing System Scan" screen. Please Deselect
Search for negligible risk entries. Leave the Selection for
low-risk threats unchecked also. Then select
Use custom scanning options and click
Customize. This will open the "Scan Settings" Page. Make sure all of the following are listed with a
green checkmark:
* Scan within archives
Then click on the
Tweak Button to open up the tweak settings.
Open up the "Scanning Engine" section and make sure all of the following are On with a
green checkmark:
* Scan registry for all users instead of current user only
Make sure the following is unchecked with a
red X:
* Unload recognized processes & modules during scan.
Open up the "Cleaning Engine" section and make sure all of the following are On with a
green checkmark:
* Always try to unload modules before deletion
* During Removal, unload Explorer and IE if necessary
* Let Windows remove files in use at next reboot.
Click the
Proceed button to save settings. Click
Next to begin the scan. When the scan is completed, the "Performing System Scan" screen will change name to
Scan Complete.
Click the
Next button to get to the Scanning Results screens where more information about the objects detected during the scan is available. Click the
Critical Objects Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click on one of them to open up the selection screen. Click the
Select All button to select all entries. Then all are selected Click
Next and then
OK in the pop-up window to confirm the removal.
Run the scan, and then Reboot.
------------------------------------------------------------
Download HijackThis, Install it and Post a log
Create a folder for HijackThis. To make a new permanent folder:
- Go to My Computer, doubleclick C:
- Click File, New, Folder
- type in
HJT
You now have a new folder at
C:\HJT\
Download the
HijackThis self extracting file to your new HJT folder.
- Double click
HijackThis_sfx.exe, and select
Unzip. When done click
OK.
- Close the window.
If you have difficulty downloading and unzipping HJT, there is a different set of very detailed pictorial instructions here:
http://www.netstar.me.uk/hjt/hjt.html
------------------------------------------------------------
Start HijackThis. If the opening screen shows, choose
None of the above, just start the program.
Click
Do System Scan and Save a Log File. The log will open up in notepad. Use Ctrl-A to select the entire log, and Ctrl-C to Copy, Then go to Reply in this topic, and paste the contents of the log into the reply.
Please don't delete anything from the log before or after pasting it. You may add comments if you wish.
askey127