Credits go to ditto from geekstogo.com
Geeks To Go _ Malware Removal - HiJackThis Logs Go Here _ You Must Read This Before Posting A Hijackthis Log
If it's your first time here, welcome to Geeks to Go! You must Registration Form and be logged in to access the download links provided below.
Malware (Spyware, Adware, Trojans, Viruses) are every increasing in their frequency, and ability to disguise themselves. This forum is a resource for removal of these unwanted pests. Following is a guide that will help you to remove many of the most common problems, and allow us to help you most efficiently. It may look daunting, but shouldn't take long to complete.
Please remember, people are helping you for FREE. Be patient, somebody will help you as soon as they become available. We all have REAL jobs, families, have other interests, and may live half way around the world. Plus, there may be people in front of you waiting for help. Following these steps will lighten our work load, and allow us to help more members.
The reality is that Hijack This logs are getting more complicated, require more time to analyze, and the infections are more difficult to remove -- often requiring a multi-step process. Anything that you can do to help us before posting a log is greatly appreciated. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here).
If your having trouble connecting to the Internet try running the WinSockFix utility to repair your connection:
CleanUp! - http://www.geekstogo.com/modules.php?modid...=download&id=49 - http://home.comcast.net/~sgould4567/softwa...anup/index.html
CleanUp!, is a quick and easy way to delete temporary files from your system. Simply deleting these temp files may clear some infections, and will make running the following scans faster.
-Install and run. Click on the button labeled CleanUp!.
-When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.
Step One: Scan for Spyware/Adware
Ad-aware SE - http://www.geekstogo.com/modules.php?modid...n=download&id=5 - Ad-Aware @ Lavasoft - The Original Anti-Spyware Company
-Install the program and launch it. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
-First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.
Next, we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the General window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)
Click the Scanning button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file
Please also click on Select drives & folders to scan and select your hard drive(s). Then click the Advanced button on the left-hand side and make sure all the options under Log-file Detail Level are selected. Next, click the Tweak button on the left-hand side. Click on Scanning Engine and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only
Click on Cleaning Engine and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring
Finally, click on Safety Settings and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)
-Click on Proceed to save the preferences. Then please click the Start button on the bottom right side to begin a scan. Select Use custom scanning options and then click Next. Ad-Aware will then scan for malware.
-Save the log file when it asks and then click Finish. Do not post the Ad-aware log in this forum unless requested.
-When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
-If you wish assistance with an Ad-Aware SE log file, please post your log http://www.geekstogo.com/forum/Lavasoft_Su..._aware-f62.html for analysis by Ad-Aware experts.
CWShredder - http://www.geekstogo.com/modules.php?modid...=download&id=17 - http://www.intermute.com/spysubtract/cwshr...r_download.html
CWShredder - http://www.geekstogo.com/modules.ph...=download&id=17 - http://www.intermute.com/spysubtrac...r_download.html
Run the program. Click the Fix button to remove any malicious programs found.