It appears that Killbox was able to take out all the WinDelf files with no problem and Ewido seems to have taken care fo the reg keys. To make sure I am going to have you run Win32Delfkil one more time to make sure it is completely removed from your system.
Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
- Close all windows and open the win32delfkil folder and double click on fix.bat.
- Once the tool has finished the computer will reboot automatically. If it does not reboot...please do so manually.
- Include the contents of the logfile c:\windelf.txt in your next reply.
Next, please reboot your computer in SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
HijackThis!
Open Hijack This and click on Scan. Check the following entries
(make sure you do not miss any)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4289
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
Please remember to close all other windows, including browsers then click Fix checked.
File and Folder Deletions
Delete the following Files indicated in
RED and Folders indicated in
BLUE if they still exist.
ShowWnd.exe<<<Find via Start>Search
Reboot your system in Normal Mode.
Post a new Hijackthis log along with the Windelf log in your next reply.