Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
Screensavers.com
Delete the following folder:
C:\Program Files\Screensavers.com
HijackThis!
Open Hijack This and click on Scan. Check the following entries
(make sure you do not miss any)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe"
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [defender] C:\\defender23a.exe
O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\System32\dxvwgqyt.exe
O4 - HKLM\..\Run: [0PaAbB9] C:\WINDOWS\rkncx.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKCU\..\Run: [2a0c93d9.exe] C:\Documents and Settings\DAWN\Local Settings\Application Data\2a0c93d9.exe
Please remember to close all other windows, including browsers then click Fix checked.
Start HiJackThis & go to Config>Misc.Tools>
Delete a file on reboot- In the popup box that appears, type in C:\WINDOWS\hostsmgr.exe
- Click the Open button.
- Click YES when prompted to restart your computer.
Run a new scan with Hijackthis and post the log here. If they come back again we'll have to attack them another way