Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install Ewido Security Suite We will need this later in safe mode
Be sure to update Ewido
Download killbox to your desktop from this link Killbox We will need it later in safe mode
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [Win32 Security Protocol] secure32.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [Windows Update Manager] taskmgr32.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [Win32 Security Protocol] secure32.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] taskmgr32.exe
O4 - HKCU\..\Run: [Win32 Security Protocol] secure32.exe
Exit Hijack This but remain in safe mode.
Run Ewido from safe mode and let it delete all that it finds.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Reboot into normal mode.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Post a new Hijack This log.
