Hello again
Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.
======================================================
Please download
SmitfraudFix (by
S!Ri) to your Desktop.
Do Not run a scan just yet, we will shortly.
======================================================
Open notepad and copy/paste the text in the quotebox below into it:
Quote:
KillAll::
File::
C:\WINDOWS\system32\rwfiwahl.ini
C:\WINDOWS\system32\vnijgntm.ini
C:\WINDOWS\system32\nqtss.ini
C:\Program Files\Common Files\rteqe.html
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
|
Save this as
CFscript
Refering to the picture above, drag CFscript into ComboFix.exe
Follow the prompts, and post the resulting log,
C:\ComboFix.txt
Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
======================================================
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
______________________________
Double-click on
SmitfraudFix.exe to start the tool.
Select option
#2 - Clean by typing
2 and press
Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "
Registry cleaning - Do you want to clean the registry?" answer
Yes by typing
Y and hit
Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer
Yes to the question "
Replace infected file?" by typing
Y and hit
Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Reboot back into Safe Mode.
The tool will create a log named
rapport.txt in the root of your drive, eg: Local Disk C:
(C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
__
Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
• "Security Info"
• "Warning Message"
• "Security Desktop"
• "Warning Homepage"
• "Desktop Uninstall"
Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.
====================================================
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries
(If they still exist, make sure you do not miss any)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
Please remember to close all other windows, including browsers then click Fix checked.
====================================================
Reboot into normal mode
====================================================
Double-click on
SmitfraudFix.exe to start the tool.
Select option
#3 - Delete Trusted zone by typing
3 and press
Enter
Answer
Yes to the question "Restore Trusted Zone ?" by typing
Y and hit
Enter.
Note, if you use
SpywareBlaster and/or
IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
=====================================================
Perform an online scan with Internet Explorer with
Panda ActiveScan- Click on
located at the bottom of the page.
- A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on
then click 
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Paste the Panda Scan report into your next reply.
=====================================================
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
=======================================================
Logs Required
C:\Combofix.txt
C:rapport.txt
Panda scan report
Hijackthis log
Let us know how your system is behaving,thanks.