You've got a number of problems there. If you want to try it my way, print out these instructions, and don't do anything without fully understanding how to step through this procedure. If anything is unclear, ask. When you're ready to go, and have completed the downloads, updates, configurations, and online scans, follow the steps in order.
First, update your own resident anitvirus and run a full system scan. If you have an expired subscription to a paid antivirus, either renew your subscription, or uninstall the expired version and acquire an antivirus which can be updated to current engine and pattern files. Any of the major name brand applications will work fine. If for some reason you don't wish to pay for a subscription, the following are downloadable free antivirus applications from reputable vendors. The free versions offer adequate basic protection, but will lack certain configuration and convenience features common to paid antivirus apps. Your choice, but whatever, get and maintain a current antivirus before going any further, and have it run a full system scan.
AntiVir Free Personal Edition
Avast! 4 Free Home Edition
AVG Free Personal Edition
If you have Ad-Aware, Microsoft AntiSpyware, Spybot S&D, or SpywareBlaster installed, I suggest you uninstall them via their own uninstall utilities, and redowbload the latest versions. If you are sure you have the latest versions, you can just update them if you wish, and configure them as detailed in their respective sections below ... your call, but I do recommend starting fresh. As for the other tools linked here, if you have any version of them installed, it really is best to uninstall your copy and start fresh, to be sure of having the latest version.
Go to
Windows Update and check to make certain there are no outstanding high-priority updates for your system.
Run the
Microsoft Windows Malicious Software Removal Tool.
Download, install, and update
Microsoft AntiSpyware Beta. Just install it and update it (when the program has installed, select "File" at the top left-hand side of the page, and click "Search for updates ... "), don't run it yet. When the update has been completed, just close the application without running a scan yet.
Download
LSP-Fix. Just download it to a convenient to find place on your machine; it may or may not be needed, but if it is needed, you'll want to find it easily. Sometimes removal of yuckware will result in your not being able to connect to the internet. If this happens, LSP-Fix should take care of the problem. Be sure to read and understand (good idea to print out) the application's
DOCUMENTATION so you know what to do if it becomes necessary.
Download
STINGER. Again, just download it right now; we'll use it later. See this
TUTORIAL.
Download, install, and update
Ad-Aware SE Personal. Just install and update it (when the program has installed, click the blue-green "Planet" icon, second from the right at the top of the screen, to run the auto-update function, and follow the prompts to update the application); don't run a scan yet.
When it has updated, click on the Orange-ish "Gear Icon" (second-from the left at the top righ-hand side of the window) to open the Ad-Aware configuration utility.
Under the "General" tab, all radio buttons should be green; if not, click to activate them.
Click the "Scanning" bar at the left of the page. Under "Drivers, Folders & Files", only the "Scan within archives" button should be green. Under "Memory & Registry", all buttons should be green.
Click the "Advanced" bar. Under "Shell Integration", "Move deleted files to Recycle Bin" should be green, and its your call whether you want to add "Scan with Ad-Aware to Explorer".
Under "Logfile Detail Level", all 3 buttons should be green.
Under "Alternate Data Streams", both buttons should be red.
Skip the "Startup", "Default", and "Interface" bars for now.
Click the "Tweak" bar. Click the plus-sign to open "Scanning Engine". "Unload recognized processes ... ", "Obtain command line ... ", and ""Scan registry for all users ... " should be green, "Run scan as background ...", "Ignore spanned files ...", and "Use permanent ... " may be left red.
Click to open "Cleaning Engine". The first 5 buttons should be green ("Automatically check ...", "Always try ...", "During removal ... ", "Let Windows remove ... ", and "Delete quarantined ..."} should be green, the remaining 3 ("Suppress warning ...", "Suppress progress ..." and "Disable manual ...") should be red.
Skip the remaining bars, click "Proceed", then close Ad-Aware
WITHOUT RUNNING A SCAN.
With Ad-Aware closed, download Ad-Aware's
VX2 Cleaner Plugin, and install it per instructions found on the download page. read the instructions carewfully so you'll know how to run the plugin when required. Do not run it, or Ad-Aware, yet; just exit back to your desktop.
Download, install, and update
Spybot S&D. Just install and update it (when it installs, the program will give you the option to "Download all updates" - let it do so), don't run it yet.
READ THE TUTORIAL. When the program has been installed and updated, select "Immunize", click the green
+ symbol at the top of the page to install Spybot's immunization, and follow any prompts. On that same page, click to place a checkmark in the "Browser Helper to block bad downloads ... " button, then, from the dropdown below that, select "Block all bad pages silently". While you have Spybot open it would be a good time to read the tutorial available under the Help file at the top left-hand corner of the page. When done, don't run a scan yet, just close the application.
Download and install the trial version of
EWIDO Security Suite. Again, just install and update it (when it installs, it will ask to be updated - let it. If for some reason you miss the opportunity, select "Update" from the program's start page and manually update it). Do not scan yet.
Download
CWShredder, and unzip it to your desktop, but don't run it yet.
Download
NAILFIX. Just download it and unzip it to a folder on your desktop; don't do anything with it right now.
Download
AboutBuster 5.0, unzip it to a folder on your desktop, and read the accompanying text file. Launch and update the application, but don't run it yet; when the update has completed simply close the application and exit to your desktop.
Download
CCleaner[/i][/u]. Just download it to a convenient-to-locate spot (your desktop is fine for now), don't do anything with it yet; we'll be using it a a few times later in this process.
Download
DelDomains.inf. When it has downloaded (should take just a few seconds), click on the file to run it. If the link above displays text instead of downloading the file, then copy & paste the text into notepad and save the file as DelDomains.inf. To use it, right-click and select "Install". Note: This will remove all entries in your "Trusted Zone" and "Ranges".
Download, install, and
update Javacool Software's
SpyWareBlaster. When the update has completed, select "Enable all protection", and exit back to your desktop. SpaywareBlaster does not need to be running for its protection to be active, but you should should launch it at least weekly to check for updates. Read the FAQ
HERE
Make sure your Windows and your programs other than your browser are operating properly, then
DISABLE SYSTEM RESTORE. Again, be sure everything else works as it should before you do this, as you will remove your previous restore points.
Next, configure Windows Explorer to
Show All Files
Perform at least 2 of the following free online virus scans (with your resident antivirus disabled):
Panda ActiveScan
Trend Micro Housecall
McAfee FreeScan
Symantec Security Check
BitDefender Online Scanner
OK - we're ready to go to work. Click Start > Run, then type, without the quotes, "msconfig" and click "OK" to bring up the System Configuration Utility. Click the 4th tab, "BOOT.INI", and click to place a checkmark in the box labled "/SAFEBOOT", then click "OK". When prompted, reboot. See this
Tutorial. Note - remember this process; when we're done, reverse it to restore your machine to normal booting).
Once booted into safemode, locate Stinger and run it, selecting "Fix". The process may take a fair while to complete - be patient, let it run to the end.
Run HiJackThis, with no other windows open or applications running, and place a checkmark next to the following, if found (some may already have been fixed), then click "Fix Checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {64D8342B-9B67-0294-DB59-6C5509AC2B49} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [gtuiwwa] c:\windows\system32\gtuiwwa.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) -
http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c356.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) -
https://learconnect.lear.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/083ad8eaf57bb8de7b06/netzip/RdxIE601.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -
http://cabs.media-motor.net/cabs/diamond.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
When HiJackThis completes,
IMMEDIATELY reboot into safe mode.
Locate "NAILFIX", and click on "Nailfix.cmd". Your desktop and icons will disappear and reappear, and a window should open and close very quickly.
When NAILFIX has run, locate and run AboutBuster 5.0; if either app prompts you to reboot, do so, then go on to the next step, otherwise, don't reboot.
When AboutBuster 5.0 has completed, locate and run CWShredder, selecting the "Fix" option. Don't rebooit unless prompted to do so.
Locate EWIDO, run a full system scan (which might take an hour or more), allow EWIDO to fix whatever it can, and save the log to post back here. When EWIDO has completed, reboot (still into safe mode).
Click Start > Search to open Windows Explorer. Search-for-and-delete-if-found the following:
gtuiwwa.exe
accwiz.exe
ceres.dll
gtuiwwa.exe
nail.exe
Locate and run CCleaner. When it opens, select "Analyze", let it scan through your system (should be just a couple minutes), then select "Run Cleaner", confirm you wish to delete files, and follow nay onscreen prompts. When that cleabup is complete, click on the 3rd tab , "Issues", and select "Analyze". When the analysis has completed, select "Fix selected issues .... ", and confirm when prompted. The application will offer to write a registry backup - let it do so. It will offer to place the backup in your "My Documents" folder - select "New Folder", name the folder "CCleaner Backups", and click "Save". Reboot.
Locate Microsoft AntiSpyware Beta, and launch it. At the top of the screen, select "Tools", then select "Advanced Tools" and select "Browser Hijack Settings Restore". At tbe bottom right of the list, click "Check All", then click "Restore". When the restore has completed, select "Spyware Scan" from the top right of the page, then select "Scan Options, and make sure "Full System Scan" and all 3 of its boxes are checked, then click "Run Scan Now". This shouldn't take very long, but 15 minutes to half an hour would be common. When the scan and repair have completed, reboot.
Locate Ad-Aware SE, and launch it. Click the "Add-ons" bar, locate, and run the VX2 Cleaner plugin. When that has been completed, close then relaunch Ad-Aware SE, select "Scan Now", select "Use custom scanning options", select "Next", and allow the scan to complete - which could take a good long while. When it has completed, have it fix all it has found, then close the application. If it requests permission to run again on reboot, permit it and reboot.
Locate and launch Spybot S&D, click "Check for problems", and be patient while it scans. Allow it to fix anything it finds that it lists in red. If it requests permission to run again on reboot, permit it and reboot.
When Spybot S&D has finished, run CCleaner once more. When CCleaner has finished, click Start > Run, type, without the quotes, "msconfig", click the BOOT.INI tab, and unclick "Safeboot" Click "apply", then check the "General" tab to be sure normal boot is selected. Click "OK". Reboot when prompted, this time into normal Windows. Do not connect to the internet yet.
Disable your resident antivirus if not still disabled, , then run full system scans with EWIDO, Microsoft AntiSpyware, Ad-Aware, and Spybot S&D, allowing each to fix whatever, if anything, needs fixing. Save the EWIDO logfile.
Close all running applications, and run HiJackThis once more, fixing nothing, just saving the log. Now, re-enable your resident antivirus and reconnect to the internet (use LSP-Fix per its instructions if you cannot connect). Once connected to the internet, navigate back to this thread, paste both EWIDO logs and the latest HiJackThis log here. Do not re-enable System Restore yet; we may not be done.
Stumble It!
Tweet This
Bookmark on Delicious
Share on Facebook
Share on MySpace