You may wish to
Subscribe to this thread so that you are notified when you receive a reply. To do this click
Thread Tools (above the first post), then click
Subscribe to this Thread. Make sure it is set to
Instant Notification, then click
Subscribe.
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.
Download ComboFix
Please download
ComboFix to your Desktop. Highlight and copy the following:
"%userprofile%\desktop\combofix.exe" /v req st3 admparsek fontextb
Then go to
Start > Run, paste it into the text field, and then click
OK.
While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as
C:\ComboFix.txt. Post that log in your next reply.
Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.
HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist
(make sure you do not miss any):
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [links] links.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
Please remember to close all other windows, including browsers then click
Fix checked. Close HijackThis.
Deletions
Delete the following Files indicated in
RED if they still exist.
C:\WINDOWS\alt.exe
C:\WINDOWS\netdde.dll
C:\WINDOWS\prflbmsgp32.dll
links.exe << Find via Start>Search
Reboot
Reboot your system to Normal Mode.
With Your Next Post...
Please paste the following with your next reply (
in this order please):
- The content of C:\ComboFix.txt,
- a new HiJackThis log taken after ComboFix finishes.
Let me know how the system is behaving now. Hopefully it's acting a little better.