Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Important: Restart the computer before continuing. ========== Download the following GMER Rootkit Scanner from here Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named. Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run It may take a minute to load and become available. If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan.. In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED Sections IAT/EAT Drives/Partition other than Systemdrive (typically only C:\ should be checked) Show All (don't miss this one) [*]Then click the Scan button & wait for it to finish. [*]Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop [*]**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries [*]Click OK and quit the GMER program. [*]Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop. ========== Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are 4 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr rkill.pif After; Launch MBAM. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the Perform Quick Scan option is selected. Then click on the Scan button. [*]The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. ========== Logs to post: GMER log MBAM log This topic is for the use of water55 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new topic in our Malware Removal - HijackThis Logs forum.