This is generally what I do:
As soon as the machine boots up, go to “Start/Run” and type “msconfig”.
On the “General” tab, select “Selective Startup” then unselect “Load Startup Items”, or just to be thorough, go to the “Startup” tab and deselect everything. But do note any startup items that have random letters in their names, that is usually a clue that is a rogue program.
Reboot in safe mode.
Usually if I know the virus was download that day, I will do a search of all files modified during the day, usually you will see a bunch of files with the same timestamp.
Make a note of any files that have the same timestamp. But unless you know what you’re doing, do not delete them, unless you are absolutely sure that none of those files are critical Windows System files. But just knowing where the files are could be important in solving where the virus came from.
Now even that won’t get rid of registry entries, so that’s especially where I would rely on Malwarebytes or Combo-Fix.
bump
As soon as the machine boots up, go to “Start/Run” and type “msconfig”.
On the “General” tab, select “Selective Startup” then unselect “Load Startup Items”, or just to be thorough, go to the “Startup” tab and deselect everything. But do note any startup items that have random letters in their names, that is usually a clue that is a rogue program.