Enable Viewing Of Hidden System Files & Folders1. Right Click
Start.2. Select
Control Panel.3. Select the
Tools menu and click
Folder Options.4. Select the
View Tab.5. Under the Hidden files and folders heading select
Show hidden files and folders.6.
Uncheck the Hide extensions for known file types option.
7.
Uncheck the Hide protected operating system files (recommended) option.
8. Click
Apply.9. Click
OK.--------------------
Open HijackThis and select
Do a system scan only and place a check mark next to:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HQ.AUTOCAB.COM
O17 - HKLM\Software\..\Telephony: DomainName = HQ.AUTOCAB.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HQ.AUTOCAB.COM
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dllClose all windows except for HijackThis and click
Fix checked--------------------
Restart the computer in Safe Mode.
*
Restart the computer.
* Before Windows loads start tapping the
F8 key.
* When you get to the boot menu, use the arrow keys to select
Safe mode* Then Press
Enter* The computer restarts in Safe mode.
Locate this file and delete it. (in bold)
C:\WINDOWS\system32\
secpol.exeRestart in normal mode.
-------------------
Please download ATF Cleaner by Atribune.
ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.
NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose:
Select All* Click the
Empty Selected button.
If you use
Firefox browser
* Click Firefox at the top and choose:
Select All* Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use
Opera browser
* Click
Opera at the top and choose:
Select All* Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
Click
Exit on the Main ATF Cleaner menu to close the program.
-------------------
Use the
Trend Micro Housecall Scan1. Click
Scan Now. It's Free2. Read and put a Check next to
Yes, I accept the Terms of Use3. Then click
Launch HouseCall Wait for the Java-Based Housecall Kernel Test
4. Click
Starting Housecall and wait for the updates to finish.
5. Under
Scan complete computer for malware, grayware, and vulnerabilities click the
Next>> button.
* It will download the latest scan engine and pattern files. When the definitions have been downloaded, the scan will start.
* Please wait while HouseCall scans your system…
* Once the scan is complete, it will take you to the summary page.
6. Under
Cleanup options choose
Clean all detected infections automatically7. Click the
Clean now>> button.
8. When presented with a notification
According to your instructions, all detected infections were cleaned..., click
OK* The Housecall log is saved to C:\Documents and Settings\UserName\
.housecall\log\-------------------
Next post please attach
Housecall scan log.
New HijackThis log.Please attach the logs as separate attachments and in Text (.txt) format