Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature.
Make sure you run each of those. Do so in safe mode if they freeze in normal windows. We also need to look a little deeper..
Download
Silent runners.Vbs http://www.silentrunners.org/
1. Make sure you have any script blocking software disabled
2. Run the program. It will take a few minutes to complete.
3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post.
Please empty any Quarantine folder in your antivirus, empty your recycle bin and purge/delete all recovery items in the spybot program if you use it…BEFORE!!! running this tool.
Download this virus checker and tool from eScan
Mwav.exe (Use Link 3)
1. Save it to a folder.
2. Reboot into safe mode
3. Double click the
Mwav.exe file.
(This is a stand alone tool and NOT just a virus checker......so it won't install anything)
4. Select
all local drives, scan
all files, press
SCAN and when it is completed, anything found will be displayed in the lower pane.
5. In the
Virus Log Information Pane (Bottom Window)
Left click and
Highlight all the info in the Lower pane--- Use
"CTRL C" on your Keyboard to copy all found in the lower pane and save it to a notepad file.
DO NOT post the log from the “View Log” button as that log does NOT contain the info we are after.
*Note* If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning.
We are not going to use this to remove anything..but to ID the bad guys.
Once you copy that to a notepad file...highlight the text and copy it here.