Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
1.
Print this post out, since you won't have an access to it, at some point.2. Close all windows, except for HijackThis.
3. Put a checkmark next to the following HijackThis entries (
some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- *O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
- *O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
- *O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
- *O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
- O4 - HKLM\..\Run: [EarthLink Installer] " /C
- *O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
- *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
- O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S
- *O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
- *O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
- *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
- O4 - HKCU\..\RunOnce: [SpybotDeletingB6312] command /c del "C:\Documents and Settings\Richard\Local Settings\Temp\laf1.exe_old"
- O4 - HKCU\..\RunOnce: [SpybotDeletingD8742] cmd /c del "C:\Documents and Settings\Richard\Local Settings\Temp\laf1.exe_old"
- O4 - HKCU\..\RunOnce: [SpybotDeletingB3511] command /c del "C:\Program Files\Online Add-on\ictun.exe"
- O4 - HKCU\..\RunOnce: [SpybotDeletingD1541] cmd /c del "C:\Program Files\Online Add-on\ictun.exe"
- O4 - HKCU\..\RunOnce: [SpybotDeletingB8255] command /c del "C:\Program Files\Online Add-on\ictmdl.dll_old"
- *O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
- *O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
- O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000- O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
4. Click on "Fix checked" button.
5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts)
6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders".
7. Delete following files/folders (
if present):
-
MyWebSearch folder from C:\Program Files
8. Turn off System Restore:
-
Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
-
Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. Restart in Normal Mode.
10. Turn System Restore on.
11. Post new HijackThis log.