http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm#cleanup Cleaning procedure Below a combat proven cleaning procedure for removing stubborn malware. ( All steps are not necessarily needed.) 1. AV boot cd - Kaspersky/Avira (How to enter BIOS How to set BIOS to boot from the CD) 2. UBCD4Win + DrWeb Cureit/Emsisoft Emergency* 3. If system becomes unbootable try repairing Windows with the XP recovery console or Vista/7 system recovery options menu. (These may be found in the boot menu, but if they have not been installed, you can use them with original Windows install cd or with a specially made recovery cd. (Look also here.) 4. Repair possibly corrupted .exe association made by malware. 5. Repair internet connection, if it was lost during cleaning. 6. COMODO Firewall with Defence+ *** 7. You can try to perform the next two steps in Safe Mode** with networking 8. Hitman Pro**** 9. Malwarebytes antimalware/Superantispyware 10. Prevx free + manual cleaning 11. Winpatrol (For manual analysis: HOSTS-file, startups etc.) 12. Remove with CCleaner temp-files and clean registry. (Take registry snapshot before cleaning.) 13. Clean Alternate Data Streams (ADS) 14. Verify the Integrity of Windows system files (sfc /scannow) 15. Check DNS-settings. Here more info. 16. Switch Windows firewall on. 17. Uninstall old (possibly corrupted) AV. Install new AV and scan with it. 18. Check for Windows/Microsoft updates. 19. Check updates of other programs with Secunia sofware inspector 20. Repair system modifications made by malware. 21. Empty the system restore and create a new restore point. (XP, Vista/7) 22. run chkdsk /r 23. If you suspect you've had MBR-rootkit you can repair MBR with the XP recovery console or Vista/7 system recovery menu. (Look also here.) *) Notice, that all these portable antimalware can be used with UBCD4Win boot cd. You can copy them to hard disk, USB stick or CD. Run always "full scan". **) Some malware does not run in safe mode. ***) Use paranoid settings and prevent anything unknown from running. Check these. ****) If you meet a malware that still blocks executables, try a "Force Breach" start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). If you get UAC prompt you need to keep holding ctrl while you acknowledge the message. In case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal: 1) The use of a local proxy server (an indication of malware redirecting or sniffing your web activity). 2) Check and fix an invalid Winsock stack. 3) Detect problems with NDIS (Network Driver Interface). 4) Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).