1.) Locate your HJT folder in C:\Temp
2.) Click the HJT folder and drag it to C:
If you have any problems doing it this way, please refer to my previous post on making a permanent folder for HiJackThis.
Next, download CWShredder and save it to your desktop. After downloading it, extract it and run it. Click on the ‘Fix’ button. Follow the prompts, and press OK. Make sure you let it fix all CWS Remnants.
Make sure you are disconnected from the Internet and all programs and Windows are closed. Run HiJackThis. Please place a checkmark next to the entries listed below (make sure these are the only things checked!), if they are found. These are MANDATORY. After these entries have a checkmark next to them, click "FIX CHECKED".
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 195.190.118.157 (HKLM)
Close HiJackThis.
Be sure you're able to VIEW HIDDEN FILES
Reboot your computer into Safe Mode. You can do this by restarting your computer and continuously tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Use Windows Explorer and delete the following folder, in bold (if found).
FOLDERS to delete:
C:\WINDOWS\isrvs
Reboot your computer in normal mode and post a new HiJackThis log.
Michelle