Hello and welcome to Techspot.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.>
http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.>
http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.>
http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Remind_XP.exe
Build Grey.exe
ford four first.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Title vc time for] C:\Documents and Settings\All Users\Application Data\SoftwareJunkTitleVc\Build Grey.exe
O4 - HKCU\..\Run: [Amen store] C:\DOCUME~1\Mikkel\APPLIC~1\STYLEK~1\ford four first.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following
bold files and/or directories(if there).
C:\DOCUME~1\Mikkel\APPLIC~1\
STYLEK~1\ford four first.exe
C:\Documents and Settings\All Users\Application Data\
SoftwareJunkTitleVc\Build Grey.exe
C:\Windows\
CREATOR\Remind_XP.exe
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Rename HijackThis.exe to HijackThis1991.exe and post a fresh HJT log as an attachment. See
HERE.
Regards Howard :wave: :wave:
This thread is for the use of DVDsnak only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.