• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

Toscane

Helper
  • Content count

    341
  • Joined

  • Last visited

About Toscane

  • Rank
    Malware warrior
  • Birthday

Contact Methods

  • Website URL
    http://nucia.eu
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    The Netherlands
  1. Hello and welcome to SpywareInfo forums, I notice that you're running two antivirus programs at the same time (Sophos Anti-Virus and Avast) which is not recommended. Please decide on one and remove the other via Add/Remove Programs in Control Panel. Download ATF-Cleaner by Atribune to your desktop and please be ware that this program is for XP and Windows 2000 only. Double-click ATF-Cleaner.exe to run the program. *Under Main choose: Select All *Click the Empty Selected button. If you use Firefox browser: *Click Firefox at the top and choose: Select All *Click the Empty Selectedbutton. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser : *Click Opera at the top and choose: Select All *Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Did you try it in safe mode: Safe mode for Windows XP *Restart the computer. *just before Windows starts to load begin tapping the F8 (or F5) key until the Advanced Options menu appears. *Use the arrow keys to select the Safe mode menu item *press Enter. Please download Combofix to your desktop. Doubleclick combo.exe and follow the prompts. Type Y and click “enter”. Don't click on the window while the fix is running, because that will cause your system to hang! Reboot the computer after the fix is done Automaticle a log should open named combofix.txt. (location: C:\combofix.txt) Post this log in your next reply together with a new HijackThis log
  2. Your HJT-log looks good Only ATF-Cleaner by Atribune should be used on a regular base. Fixwareout is a special tool (regularly updated) for certain infections and can be deleted after using it. I do not prefer this registry cleaners at all. I do recommend this Scanner: Download, install, and update AVG anti-spyware 7.5 (This is a 30 days trial) Install AVG anti-spyware. Start the program but don't scan for virus at this moment. On the main screen select the icon "Update" then select the "Update now" link. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Start AVG anti-spyware. Click on Scanner Click on Complete System Scan Let the program scan your pc, be patient this may take a little time. If you have any infections you will prompted, click “set all elements to: recommended action” and choose Quarantine Click "Apply all actions" Next select the button "Save Report". Click the "Save report as" button and save the report to your desktop. Close AVG and reboot your system back into Normal Mode. Post the results of the AVG report scan along with a new HijackThis log.
  3. Hello and welcome to SpywareInfo forums, 1. Please download Brute Force Uninstaller to your desktop. Right click the BFU folder on your desktop, and choose Extract All Click "Next" In the box to choose where to extract the files to, Click "Browse" Click on the + sign next to "My Computer" Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder" Type in BFU Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish". 2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU). 3. Then, please go to Start > My Computer and navigate to the C:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.) Wait for the complete script execution box to pop up and press OK. Press exit to terminate the BFU program. Click Copy and paste the logfile in your next reply. If you have any questions about the use of BFU please read here: http://metallica.geekstogo.com/BFUinstructions.html Download HijackThis! Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and click “Do a systemscan and save a logfile”. Press that, save the log, Ctrl-A to Select All, and copy its contents here.
  4. Spywarebot is a bad copy of Spybot Search & Destroy. When you scan the computer, you will see a few warnings of spyware, but that isn't in the registry. See also: Spywarewarrior Go to Start -> (Settings) -> Control Panel -> Add/Remove programs (Software) Remove the next program: Spywarebot Please move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm Print out these instructions because you have to restart your computer into Safe Mode without internet connection later on in the fix.Copy/Paste to Word and then print Please download FixWareout from one of these sites: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click "Next", then "Install", then make sure "Run fixit" is checked and click "Finish". The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Run Hijackthis, click on 'Do a system scan only' check only the items listed below: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {C397700A-95DC-A3C2-F453-9C9333EEFD5A} - runload32.dll (file missing) R3 - URLSearchHook: (no name) - {E83C8884-4F58-44DA-1EF1-2EB5F1A9ACAC} - uio.dll (file missing) O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot O17 - HKLM\System\CCS\Services\Tcpip\..\{94731CB2-F41F-44F0-BAAC-DBB1428ED5BA}: NameServer = 85.255.113.148,85.255.112.86 O17 - HKLM\System\CCS\Services\Tcpip\..\{EDB3972B-1A7B-47F0-8770-F52F0904B05A}: NameServer = 85.255.113.148,85.255.112.86 Click on 'Fix checked' and close the program. Make sure your explorer is set to show hidden and system files and folders: Open Explorer or "My Computer" and click Tools -> Folder Options... and then select the View tab and check the next settings: Uncheck: Hide protected operating system files Uncheck: Hide file extensions for known file types Select: Display the contents of system folders (Windows XP) Select: Show hidden files and folders Remove the next folders: C:\Program Files\SpywareBot\ If you have internet connect problems, your Internet Setting (DNS) has to be configured: (For XP/W2K) Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer. Download ATF-Cleaner by Atribune to your desktop and please be ware that this program is for XP and Windows 2000 only. Double-click ATF-Cleaner.exe to run the program. *Under Main choose: Select All *Click the Empty Selected button. If you use Firefox browser: *Click Firefox at the top and choose: Select All *Click the Empty Selectedbutton. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser : *Click Opera at the top and choose: Select All *Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
  5. Download and install CCleaner (you don't have to install the CCleaner Yahoo Toolbar) Don't use the program at this moment. Print out these instructions because you have to restart your computer into Safe Mode without internet connection later on in the fix.Copy/Paste to Word and then print Uninstall your prepvious version of Ewido! Download, install, and update Ewido Anti-spyware AVG (This is a 30 day trial) Install ewido anti-spyware. Start the program but don't scan for virus at this moment. On the main screen select the icon "Update" then select the "Update now" link. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Close ewido anti-spyware, Do Not run a scan at this moment. Please download SmitfraudFix (by S!Ri) Extract the content, a folder named SmitfraudFix is created on your Desktop. Restart your computer into SAFE mode Run Hijackthis, click on 'Do a system scan only' check only the items listed below: O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignalevents.webex.com/client/v_my...bex/ieatgpc.cab Close all other windows except Hijackthis Click on 'Fix checked Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process. This info is also saved in C:\rapport.txt Start Ccleaner. Select in "Windows" only the next items: Internet Explorer: - Temporary Internet Files System: - Empty Recycle bin - Temporary Files Click in Ccleaner on "Run Cleaner". Start Ewido Anti-spyware. Click on Scanner Click on Complete System Scan Let the program scan your pc, be patient this may take a little time. If you have any infections you will prompted, select "Apply all actions" Next select the button "Save Report". Click the "Save report as" button and save the report to your desktop. Close Ewido and reboot your system back into Normal Mode. Post the C:\rapport.txt, a new HijackThis Log and the Ewido Log. Let us know if any problems persist. Start Ccleaner. Select in "Windows" only the next items: Internet Explorer: - Temporary Internet Files System: - Empty Recycle bin - Temporary Files Click in Ccleaner on "Run Cleaner". Reboot the computer and post back with 3 logs: HJT Ewido-AVG and Smitfraudtext
  6. Welcome at SWI, there are several infections on your computer. Lets start with this advice: Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Print this advice and/or save it as a text file with Notepad to your desktop for in safe mode there is no internet connection Please download FixWareout from one of these sites: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click "Next", then "Install", then make sure "Run fixit" is checked and click "Finish". The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Once the desktop loads post the text that will open (C:\fixwareout\report.txt) Note: If there are problems with the internetconnnection please follow this advice: Go to Start > Run Type: ipconfig /flushdns Click “OK”. Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer. Run Hijackthis, click on 'Do a system scan only' check only the items listed below: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file) O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file) O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file) O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file) O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file) O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file) O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file) O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file) O2 - BHO: ASGP32.ASGP - {89923A78-1DEA-41DC-A323-88DA2DE7B5AE} - C:\WINDOWS\System32\asgp32.dll O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file) O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file) O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file) O2 - BHO: (no name) - {B53455DB-5527-4041-AC41-F86E6947AA47} - (no file) O2 - BHO: (no name) - {CA536228-5961-D1A0-FEFF-CF26224A6BFA} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file) O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file) O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file) O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file) O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file) O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file) O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file) O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file) O4 - HKLM\..\Run: [updateService] C:\WINDOWS\System32\wservice.exe O4 - HKCU\..\Run: [updateService] C:\WINDOWS\System32\wservice.exe O15 - Trusted IP range: 206.161.125.149 O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab O16 - DPF: {B4F32846-56DD-4CF5-94FD-17DE1A12E9EB} (CounterX Class) - http://t058.com/cabtest/counter.cab Close all other windows except Hijackthis Click on 'Fix checked Open Explorer or "My Computer" and click Tools -> Folder Options... and then select the View tab and check the next settings: Uncheck: Hide protected operating system files Uncheck: Hide file extensions for known file types Select: Display the contents of system folders Select: Show hidden files and folders You can use Windows Explorer to find and delete this file: C:\WINDOWS\System32\wservice.exe Click Start ->Run and type msconfig. When the System Configuration Utility opens use the general page and put a check mark in normal startup. Restart your computer and post a new log from HijackThis together with the Smitfraudreport and the Fixwareout report
  7. Sorry for the delay in responding, it's been pretty busy here and not all logs get answered as quickly as we'd like. Download HijackThis! Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and click “Do a systemscan and save a logfile”. Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
  8. "Drie keer is scheepsrecht" we say in Holland Your HijackThis log looks fine to me When AVG AS (the "new Ewido") has expired there are no Antispyware scanners on your computer, so please take a look at this: You can look at this general article for prevention.
  9. Download Ccleaner Install it to your desktop. Next run CCleaner 1. Open CCleaner. 2. Place a check by everything in the Applications tab. 3. Place a check by Internet Explorer, Windows explorer, and System in the Windows tab (take care that Windows logfiles is unchecked). 4. Hit the button that says Run CCleaner 5. Reboot to remove index.dat files. C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER) The computer may start up a little slow a couple of times, but that will pass. You should delete the contents of the prefetch folder not to often. Prefetch info: http://www.windowsnetworking.com/articles_...refetch-XP.html Please post back with a fresh HijackThis logfile Edit: You did right! I just ment that you should copy/paste the first line of the bold text on top of the blanc notepadfile
  10. We will see if this dll was just mentioned in the registry. Please go to: start-->run and type this in: notepad click OK Open notepad Copy and past below bold text in the window (Be sure the first line is on top!) regedit /e running.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Save this file as: lookrunnings.bat at your desktop. Make sure you choose to save as *all files Now double click on lookrunnings.bat and A file named “running.txt” now appears on your desktop Dubbelclick this file ‘running.txt” Notepad will open. Select all (ctr+A), copy and past it in your next post.
  11. ....tnx Beamerke Please go to: start-->run and type this in: regedit Then click on the FILE menu and select export Save the file as backup. Save the file somewhere you will remember and not delete. (It takes abt 60 MB) IMPORTANT: make sure to set the export range to ALL Please go to: start-->run and type this in: notepad click OK Copy/paste this bold text: (Ensure there is no space above REGEDIT4) REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ryfrmz.dll"=- Then click on the FILE menu and select save as Save the file as fix.reg to the desktop. IMPORTANT: make sure to save the file as "all types" and NOT as a text file Reboot your pc into safe mode Safe mode for Windows XP Restart the computer. As soon as BIOS is loaded and before Windows is loaded, begin tapping the F8 (or F5) key until the Advanced Options menu appears. Use the arrow keys to select the Safe mode menu item Press Enter. Double click on fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok. Reboot the computer in normal mode 1) Please download Killbox. Unzip it to the desktop and run it. 2) Select "Delete on Reboot". 3) Copy the file name below to the clipboard by highlighting it and pressing Control-C: C:\WINDOWS\system32\ryfrmz.dll 4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard". 5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the Single File button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click Yes to allow the reboot. Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES If you don't get that message, reboot manually. Please post back with a fresh HijackThis log.
  12. Make sure your explorer is set to show hidden and system files and folders: Show hidden and system files and folders Please go to Jotti virusscan On top you'll find "File to upload and scan". Browse to the next file, submit it on that site and let it scan: C:\WINDOWS\system32\ryfrmz.dll,cdtogtd Post the results in your next reply. If the server is to busey submit and scan the file here: Kaspersky filescanner Edit....If you can not find this file try in safe mode: Reboot your pc into safe mode Safe mode for Windows XP *Restart the computer. *just before Windows starts to load begin tapping the F8 (or F5) key until the Advanced Options menu appears. *Use the arrow keys to select the Safe mode menu item *press Enter. Download Panda activescan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country > Enter your State/Province >Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on Local Disks to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Reboot the computer Please post this report in together with a fresh HijackThis log in your next reply.
  13. Do you have the exact name of that missing dll? Don't you have Java installed? I see you are using Mozilla Firefox. Especially when surfing with other browsers then IE (which have the Java built-in) it is very important to update your Java software. Sun's Java is updated in order to eliminate the exploitation of vulnerabilities. For this reason, it's extremely important that you remove the older more vulnerable versions from your system. Edit: this is the most proper downloadlocation: Go here and click on the Download button to the right of Java Runtime Environment (JRE) 5.0 Update 9. Accept the license agreement by clicking the radio button. Under Windows Platform - J2SE Runtime Enviroment 5.0 Update 9 click the Windows Offline Installation, Multi-language link. Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Enviroment ...and then reboot your PC. Navigate to and delete the following folder, if it exists: C:\Program Files\Java. Finally double click the installation file that you downloaded earlier. Once installed you can test to see that it is in fact installed: Sun Java Test Furthermore... I want to look closer to the SharedTaskScheduler key amongst other things, so please follow this advice: Download Combofix to your desktop. Doubleclick combo.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang and even can give you a blank desktop. When finished and after reboot, it should open a log, combofix.txt. Post this log in your next reply together with a new Hijackthis log.
  14. Hello and welcome to SpywareInfo forums, You have two Antivirusprograms running and that is definitely not good, so please disable one of them. Open HijackThis > click "Do a system scan only" Place a checkmark next to the entries below. After you have done that close all browsers and windows except HijackThis, and have HijackThis fix them by clicking Fix Checked: O2 - BHO: (no name) - {439B2483-461D-0911-3F1C-0AFCE388F1BA} - C:\WINDOWS\system32\shkhdtg.dll (file missing) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing) Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot. Download, install, and update AVG anti-spyware 7.5 (This is a 30 days trial) Install AVG anti-spyware. Start the program but don't scan for virus at this moment. On the main screen select the icon "Update" then select the "Update now" link. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Close AVG anti-spyware, Do Not run a scan at this moment. Reboot your pc into safe mode Safe mode for Windows XP Restart the computer. As soon as BIOS is loaded and before Windows is loaded, begin tapping the F8 (or F5) key until the Advanced Options menu appears. Use the arrow keys to select the Safe mode menu item Press Enter. To clean temporary files: Go > start > run and type cleanmgr and click OK Scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked. Click OK to remove those files. Click Yes to confirm deletion. Start AVG anti-spyware. Click on Scanner Click on Complete System Scan Let the program scan your pc, be patient this may take a little time. If you have any infections you will prompted, click “set all elements to: recommended action” and choose Quarantine Click "Apply all actions" Next select the button "Save Report". Click the "Save report as" button and save the report to your desktop. Close AVG and reboot your system back into Normal Mode. Post the results of the AVG report scan along with a new HijackThis log and the contents of C:\vundofix.txt