Hi cjtferris,
Please subscribe to this thread so that you are notified when you receive a reply. To do this click
Thread Tools, then click
Subscribe to this Thread. Make sure it is set to
Instant Notification, then click
Add Subscription.
--------------------------------------------------------------
Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
--------------------------------------------------------------
- Please download SmitfraudFix to your Desktop. Do not run it yet. We will shortly
--------------------------------------------------------------
Download AVG Anti Spyware
Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows Installation Files"
- Install AVG Anti Spyware
- Double-click the icon on Desktop to launch AVG
- On the main Status screen, under Your Computer's Security, click Resident Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
- Then click on Start Update. The update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Do Not Automatically generate report after every scan"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.
--------------------------------------------------------------
- Restart your computer in Safe Mode
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8
- Instead of Windows loading as normal, a menu should appear
- Use the up arrow key to highlight Safe Mode and press Enter.
- Login with your usual account
- Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment
Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.
- Double-click on SmitfraudFix.exe to start the tool.
- Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
- You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Safe Mode.
- The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
--------------------------------------------------------------
Run AVG Anti-Spyware
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
- If you have any infections you will prompted, then select "Apply all actions"
- Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
--------------------------------------------------------------
- Next, go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"
Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.
- Restart your computer in Normal Mode
--------------------------------------------------------------
- Double-click on SmitfraudFix.exe to start the tool.
- Select option #3 - Delete Trusted zone by typing 3 and press Enter
- Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Note: if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
--------------------------------------------------------------
Download
combofix from
here
**Save it directly to your desktop**- Go to
-> Run -> paste in the following single line command & click OK
"%userprofile%\desktop\combofix.exe" /killall
A log will be produced that will ultimately be named
C:\ComboFix.txt I'll need that in your next reply.
Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
--------------------------------------------------------------
Please reply back with the following logs:
C:\rapport.txt
AVG Anti-Spyware
C:\ComboFix.txt