I reckon it's time to clean your PC!
===========
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should
not have any open browsers when you are following the procedures below.
You have an outdated version of HijackThis. Click here to get the latest version of HijackThis and run it.
Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version.
1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get
HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in
y if you agree. The
result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.
Go to
My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).
Download
AboutBuster and unzip it to a folder on your the Desktop. Do not run it yet.
The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download
CleanUp! (
Alternate Link if main link don't work) and install it. Run CleanUp! and click on
CleanUp! button. When it asks you if you want to logoff, click on Yes.
Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: Name - {DA5C2020-8424-11D9-9411-0090D05F7CED} - C:\WINDOWS\SYSTEM\MSILY.DLL
Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:
C:\WINDOWS\SYSTEM\MSILY.DLL
Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run
KRC HijackThis Analyzer in the same folder to get the
result.txt log. Just post the contents of the result.txt file in the forum.