Yes, it helped...on with the fix now.
Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Please download the trial version of
Ewido anti-malware from here:
http://www.ewido.net/en/download/- Install Ewido anti-malware.
- When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
- When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
- The program will prompt you to update. Click the Ok button.
- The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
- On the left-hand side of the main screen click the Update Button.
- Click on Start.
- The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
---------------------------------------------------------------------------------------------
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O20 - Winlogon Notify: ddabc - ddabc.dll (file missing)
---------------------------------------------------------------------------------------------
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
---------------------------------------------------------------------------------------------
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
p2pnetworks
---------------------------------------------------------------------------------------------
Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.
Delete the following if they exist:
C:\Program Files\p2pnetworks
C:\WINDOWS\system32\ddabc.dll
---------------------------------------------------------------------------------------------
Open the SmitfraudFix Folder, then double-click
smitfraudfix.cmd file to start the tool.
Select option
#2 - Clean by typing
2 and press
Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "
Registry cleaning - Do you want to clean the registry ?" answer
Yes by typing
Y and hit
Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer
Yes to the question "
Replace infected file ?" by typing
Y and hit
Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Reboot in Safe Mode.
The tool will create a log named
rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your
Temporary Internet files. Proceed like this:
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
Next go to
Control Panel click Display>Desktop>Customize Desktop>Web> Now,
Uncheck Everything and delete if present:
- "Security Info"
- "Warning Message"
- "Security Desktop"
- "Warning Homepage"
- "Desktop Uninstall"(or similar)
Also make sure the
'Lock desktop items' box is
unticked. Click
OK, and then Click
Apply, then
OK.
Empty the Recycle Bin by right-clicking the
Recycle Bin icon on your Desktop, and then clicking
Empty Recycle Bin.
______________________________
Close
ALL open Windows / Programs / Folders. Please start
Ewido, and run a full scan.
- Click on Scanner
- Click on Settings
- Under How to scan all boxes should be checked
- Under Unwanted Software all boxes should be checked
- Under What to scan select Scan every file
- Click on Ok
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says
Perform action on all infections and put a checkmark in the box next to
Create encrypted backup, then choose clean and click Ok.
Once the scan has completed, there will be a button located on the bottom of the screen named
Save Report.
- Click Save Report button
- Save the report to your Desktop
Close Ewido and Reboot in Normal Mode.
______________________________
Open the SmitfraudFix folder and double-click
smitfraudfix.cmd
Select option
#3 - Delete Trusted zone by typing
3 and press
Enter
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________
We need to update your Java as it is out of date. The older version has security holes that malware writers exploit.
Updating Java:
- Go to Start > Control Panel double-click on the Software icon > add/remove programs.
- Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
- Select it and click Remove.
- Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp
---------------------------------------------------------------------------------------------
Perform an online scan with Internet Explorer with
Panda ActiveScan
Click on the "Free To Use ActiveScan" located on the top right hand corner- Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
My Computer- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report
*Turn off the real time scanner of any existing antivirus program while performing the online scan
---------------------------------------------------
Please post:
- c:\rapport.txt
- Ewido log
- Panda log
- A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.