First of all ignore anything the antivirus finds in the M$ antio spyware folder, they are in it's quarantine folder
Download pocket killbox from Download pocket killbox from
http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily
Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
now run killbox and paste each of these lines into the box, select delete on reboot then press the red X button,say yes to the prompt then when it says reboot now, say no and continue to paste the lines in in turn and follow the above procedure every time, DO NOT let it reboot yet
C:\WINDOWS\services.exe
C:\WINDOWS\system32\fservice.exe
c:\windows\system\sservice
c:\windows\system32\incom
then Go to Start > Run and type %temp% in the Run box, press OK . The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of that Temp folder.
1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive
then
Reboot &
post a fresh log
You definitely need an antivirus urgently
With that prorat trojans I strongly suggest a good antivirus
I would use the trial version of Kapersky to clean up then if you like it buy the full version
This is the link to the downlaod of KAV personal
http://www.kaspersky.com/trials?chapter=146481750
or you could try AVG, but I am never sure about AVG with these really bad trojans
http://free.grisoft.com/freeweb.php/doc/2/
also an anti trojan might be a very good idea
I would strongly recommend downloading and running a specialised anti trojan
the antitrojan that I use for dealing with them is
TDS3 from
http://tds.diamondcs.com.au/
download & install the 30 day free trial, update it manually as described here
http://tds.diamondcs.com.au/index.php?page=update as the trial version doesn't have auto update enabled
then press scan control & tick all the little boxes in the bottom part of that window, press save configuration and then close that window by pressing the red X in top right corner, then select system testing and select full system scan
sit back with a cup of coffee and watch what it finds
NOTE:
Unlike set and forget av's TDS works with you, it doesn't auto delete anything but puts a list of found suspect files in the bottom window
right click any file it finds and it gives you options on dealing with it, the normal selection would be delete , but first select "save as text", that will create a logfile of all the found suspect files and put it in the TDS directory called scandump.txt.
post back with the tds log after running please, just copy & paste the entries from the scandump.txt
Pls. help me about this error "C:\WINDOWS\services.exe"
Posting Permissions
