Boot in Safe Mode, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing
CTRL+ALT+DELETE.
Click the
Processes tab, select the process (if there) and click
End Process for:
taskcntr.exe
zrnsw.exe
PowerReg Scheduler.exe
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
Spyware Doctor, it's a rubbish program
Next, click Start/Run and type
services.msc and click OK. Look for the service:
taskcntr.exe
zrnsw.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O4 - HKLM\..\RunServices: [vqwa]
zrnsw.exe
O4 - Startup:
PowerReg Scheduler.exe
FIX all your O16 - DPF: entries
O23 - Service: TASKESV - Unknown - C:\WINNT\
taskcntr.exe
...................................................................................................
Now click on the
Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted
bold files.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on
Delete Cookies, and
Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal.
Rootkit:
http://www.trendmicro-middleeast.co...p?LYstr=VMAINDATA&vNav=1&VName=TROJ_ROOTKIT.N
