Does it say C:\WINDOWS\system or C:\WINDOWS\system
32 folder? There is a difference and it could mean a lot if it's in the wrong one.
Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Otherwise, it will auto-close after it's done.
Run the below two scans and post there logs here:
Perform an online scan with Internet Explorer at Panda ActiveScan
http://www.pandasoft.../activescan.htm* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.
Download Deckard's System Scanner at
http://deckard.geekstogo.com/dss.exe to your desktop.
- Close all applications and windows.
- Double-click on DSS.exe to run it, and follow the prompts.
- The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt
Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. In this case, it may be better to temporary disable your Antivirus.
Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.
Get HijackThis and run a scan. Save the log and post it here.