Hi,
Download
CWShredder.
Download
SpSeHjFix.zip. Save it to the Desktop, and then right-click in a blank area of Desktop, select "New Folder", and name it
spfix, unzip the file into that folder.
Download
CleanUp and install it.
Run
SpSeHjfix, click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.
Note:- If it doesn't find any of the SE files or any hidden reinstallers, it will say System clean and not go on to next stage.
Make Windows to show all files:-
Go to Start > My Computer.
Go to
Tools menu, click
Folder Options.
Uncheck
Hide protected operating system files.
Then, click to select the option
Show hidden files and folders.
Click Apply and then click OK to exit.
Reboot in
Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose
Safe Mode and press Enter.
Run
CWShredder and click "Fix->".
Run HijackThis and click
Do only a System scan.
Then put a check mark infront of below listed entries:-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B7AB7AD2-46BB-CA24-9B31-457CF005AB51} - C:\WINNT\system32\apihb.dll
O4 - HKLM\..\Run: [FE.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FE.tmp.exe
O4 - HKLM\..\Run: [FE.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FE.tmp.exe
O4 - HKCU\..\Run: [Unbc] C:\Program Files\rewu\hcup.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTick...cab?refid=4897
Close
all other open programs except Hijackthis and click the button
Fix Checked in HijackThis.
Exit from HijackThis. Delete this file:-
C:\
winstall.exe
and delete this folder:-
C:\Program Files\
rewu
Run
CleanUp! and click "Options.." button. Here move the "Quick Setup" slider to "Thorough Cleanup" position.
Uncheck the option
"Delete Favorites Palces/Bookmarks", if you have any bookmarks. Click "OK" to return to main window, and click "CleanUp!" to start cleaning. After it completes, click "Close" and click "No" to avoid logging off.
Reboot to
Normal Mode. Perform an online virus scan at
Panda ActiveScan with the "Disinfection" option enabled.
Save the log it gives after the scan.
Run HijackThis again, click
Do a System scan and save log, and post the
fresh log along with the
Panda ActiveScan log. 
Unsolved 
Offline 
But, there are two files to delete. You have to enable the option to show hidden files and folders to delete these files. 
