We should be able to help, but will need to look at your system to see what we are dealing with.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Exit Hijack This. Rename hijackthis.exe as that sometime helps locate the baddies. Go to start> search> files and folders> type in the top space "hijackthis.exe" without the quotes> click search> when it is found in the right pane (looks like a pile of dynamite)>right click on it> click rename> rename it "show.exe" without the quotes> click a blank space on the screen.
Run Hijack This again, click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
This looks for a particular baddie. !!!!! Only run option #1 as the other options will damage the desktop of an uninfected computer. !!!!!
Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
We will need the following tool for clean-up later.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install Ewido Security Suite We will need this later in safe mode
Be sure to update Ewido
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode
