Try this
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O18 - Filter hijack: text/html - {ae357988-a36a-4bc9-bf56-47f98402f8d0} - (no file)
Now
close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
Please
download the
OTMoveIt3 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
pQr3gSU4.exe
:Files
C:\WINDOWS\system32\pQr3gSU4.exe
:Commands
[purity]
[emptytemp]
- Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter
*.log and press the Enter key, navigate to the
C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
THENTo ensure that I get all the information this log will need to be uploaded to
Mediafire and post the sharing link.
Download
OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named
OTScanIt on your desktop.
- Close ALL OTHER PROGRAMS.
- Open the OTScanit folder and double-click on OTScanit.exe to start the program.
- Check the box that says Scan All User Accounts
- Check the Radio button for Rootkit check YES
- Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
- Under Additional Scans check the following:
- Reg - BotCheck
- File - Additional Folder Scans
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.