Download HijackThis. Extract it to its own folder. Then run it and select. Do system scan and save log. Post the contents of the log that pops up.
That should get us going.
Also, go ahead and do this.
Download smitRem.exe (http://www.bleepingcomputer.com/resources/link240.html), saving the file to your desktop. Double click it to extract the contents to a folder of it's own. Restart your computer in safe mode, logon to the user account that is infected, open the smitRem folder and double click the RunThis.bat file to start the tool. Follow the prompts on screen and allow disk cleanup to complete. Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.
Please include the C:\smitfiles.txt contents in your next post :).
And in case you dont know how to get into safe mode.
1. If the computer is running, shut down Windows, and then turn off the power
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
5. Press Enter. The computer then begins to start in Safe mode.
Following the recent ransomware attacks that leveraged the WannaCrypt0r malware and NSA-developed EternalBlue vulnerability exploit, there was plenty of advice that backup, backup, backup was the best mitigation. Data backups ...