Hello,

I haven't installed anything new recently but started having problems with IE. Tabs were continually being opened up, usually were unable to connect to the web address, sometimes showing ads. I also began getting errors at start up regarding not being able to find certain dll files. Here are my "pre-work" logs. I would appreciate it if someone could comment on them.

Thanks!
Steve

**AVG log**

General propertiesReport nameComplete TestStart time4/9/2008 20:41End time4/9/2008 9:39:50 PM (total: 58:04.4 Min)Launch methodScanning launched manuallyScanning resultNo threats foundReport statusScanning completed successfullyObject summaryScanned93919Threats Found0Cleaned0Moved to vault0Deleted0Errors0C:\Windows\system32\kernel32.dllChangeChangedC:\Windows\system32\wsock32.dllChangeChangedC:\Windows\system32\user32.dllChangeChangedC:\Windows\system32\shell32.dllChangeChangedC:\Windows\system32\ntoskrnl.exeChangeChanged


**SuperAntiSpyward log"
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 04/08/2008 at 11:55 PM
Application Version : 4.0.1154
Core Rules Database Version : 3412
Trace Rules Database Version: 1404
Scan type : Complete Scan
Total Scan Time : 00:18:48
Memory items scanned : 226
Memory threats detected : 0
Registry items scanned : 6792
Registry threats detected : 0
File items scanned : 18959
File threats detected : 41
BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE
Adware.Vundo-Variant
C:\USERS\WOODY258\APPDATA\LOCAL\TEMP\KHFCURKJ.DLL
Adware.Tracking Cookie
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@adopt.euroclick[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@advertisersclearinghouse.aa value[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@doubleclick[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@media.adrevolver[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@stats.sphere[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@adlegend[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@tagiq.clickforensics[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@atdmt[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@linksynergy[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@interclick[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@apmebf[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@questionmarket[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@traffic.buyservices[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@richmedia.yahoo[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@2o7[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@burstnet[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@specificclick[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@enhance[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@mediaplex[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@casalemedia[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@ads.pointroll[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@fastclick[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@statsgod[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@precisionclick[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@silo.thefind[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@tribalfusion[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@www.burstnet[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@perf.overture[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@tacoda[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@statse.webtrendslive[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@findwhat[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@www.zanox-affiliate[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@zedo[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@ad.yieldmanager[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@tradedoubler[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@firstpremierbankcard.112.2o 7[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@www.ticketsnow2[1].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@advertising[2].txt
C:\Users\woody258\AppData\Roaming\Microsoft\Window s\Cookies\Low\woody258@msnportal.112.2o7[1].txt


**CCleaner log**

ANALYSIS COMPLETE - (0.198 secs)
------------------------------------------------------------------------------------------
0.38MB to be removed. (Approximate size)
------------------------------------------------------------------------------------------
Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
C:\Users\woody258\AppData\Local\Temp\Temp1_HiJackT his.zip\HijackThis.exe 0.38MB
------------------------------------------------------------------------------------------


**HiJack This log**

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:47 PM, on 4/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Users\woody258\AppData\Local\Temp\Temp1_HiJackT his.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1680x1050.cmd
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\woody258\AppData\Local\Temp\vtUnmLeF.dll, #1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [303ebcd9] rundll32.exe "C:\Users\woody258\AppData\Local\Temp\njbvfigc.dll ",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\woody258\AppData\Local\Temp\khfCuRkJ.dll, c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Security\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BM330d8f45] Rundll32.exe "C:\Users\woody258\AppData\Local\Temp\ijcjfcgh.dll ",s
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Qwest Live - {5B45AF55-C8E3-4291-8528-D34DCA012485} - Live Search (file missing) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb...LStreaming.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Security\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11993 bytes

Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a security analyst.
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Hello,

This thread has been moved into the Unfinished HJT forum due to inactivity. Please follow the procedure at the top of the forum if you still require assistance

Regards,
Crush
PCHF Security Team Leader