Hi Jooools,
You are still running HijackThis.exe from the desktop. The backups will be all over your desktop. Please put it in a folder of its own.
Can you do me a favor please. Click on
Start>Run and type or copy/paste the following text:
c:\fixwareout\findt\findt.bat Press
Enter. Save the text to be posted here later.
===================================
Please open
HijackThis.
Click on Open
Misc Tools Section
Make sure that both boxes beside "
Generate StartupList Log" are checked:
- List all minor sections(Full)
- List Empty Sections(Complete)
Click
Generate StartupList Log.
Click
Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here
===================================
Download
WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
- Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
- Keep the standard settings.
- In the AddOn-Options group click the checkboxes for
- HKCU_IEDesktop.def
- Jobs.def
- Policies.def
- SID_Run_Policies.def
to select them.
- Now click the Run All Scans button on the toolbar.
- When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Copy and paste the contents of the report please.
=====================================
Reboot your computer and post
a fresh HijackThis log along with the
find.bat text,
StartupListLog and the
WinPFind log, please. You may need to make several posts if too long. Is your browser still being redirected?