Hi paulmath
Please print out or copy this page to
Notepad in order to assist you while carrying out the following instructions. This page will not be available to you at some points during the fix. Please read the instructions carefully before you begin and if you have any questions then post them here before continuing. It is important you carry out the instructions in the exact order stated. Please make sure you close all other windows including browsers when carrying out the fix.
-------------------------------------
You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it
HJT , or another name of your choice. Extract (unzip) HijackThis to the new folder. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.
-------------------------------------
Please download
Cleanup! and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.If you have any files or programs stored in a temporary folder then please make backups before running cleanup. Do not run cleanup on XP 64-bit edition. If your not sure if you have 64-bit then you probably don't. You can make sure by downloading and running this tool http://www.mvps.org/marksxp/Download...p_whichcpu.vbs (download using IE)
-------------------------------------
Download
Ewido Anti-Malware- Install Ewido Anti-Malware
- Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
- Then click on Start Update. The update will start and a progress bar will show the updates being installed.
- I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to
manually update Ewido
When you have finished updating,
EXIT Ewido.
-------------------------------------
Please download
SmitfraudFix (by
S!Ri)
Extract the content (a folder named
SmitfraudFix) to your Desktop.
IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!
-------------------------------------
Boot to
Safe Mode (by repeatedly tapping F8 until the menu appears)
-------------------------------------
Go to
My Computer >Tools >Folder Options >View tab and
select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside
Hide file extensions for known file types. Click OK.
-------------------------------------
Open Control Panel > Add/Remove Programs and uninstall the following (if they still exist)
RXToolbar
-------------------------------------
Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Filter: text/html - (no CLSID) - (no file)
Remember to close all other windows and click Fix Checked
-------------------------------------
Delete the following
Folder (if it still exists)
C:\Program Files\RXToolBar
-------------------------------------
Open the SmitfraudFix Folder, then double-click
smitfraudfix.cmd file to start the tool.
Select option
#2 - Clean by typing
2 and press
Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "
Registry cleaning - Do you want to clean the registry?" answer
Yes by typing
Y and hit
Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer
Yes to the question "
Replace infected file?" by typing
Y and hit
Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Reboot in Safe Mode.
-------------------------------------
Clean out your
Temporary Internet files.
Open
Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "
Options..."
Move the arrow down to "
Custom CleanUp!"
Put a check next to the following (
Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files (if present)
- Cleanup! All Users
- Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click
OK
Press the
CleanUp! button to start the program.. Once it's finished Cleanup will ask you to logoff/reboot. Please select
NO as we will do this later.
Next go to Control Panel click
Display>Desktop>Customize Desktop>Web> Now,
Uncheck Everything and
delete if present:
- "Security Info"
- "Warning Message"
- "Security Desktop"
- "Warning Homepage"
- "Desktop Uninstall"
Empty the Recycle Bin by right-clicking the
Recycle Bin icon on your Desktop, and then clicking
Empty Recycle Bin.
-------------------------------------
Close
ALL open Windows / Programs / Folders. Run
Ewido with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
- When the scan is complete click Recommended Action and change it to Quarantine
- Then click Apply all actions
Once finished, click the
Save report button, then click
Save Report As and save it to your desktop.
Close Ewido and Reboot in Normal Mode.
-------------------------------------
Open the SmitfraudFix folder and double-click
smitfraudfix.cmd
Select option
#3 - Delete Trusted zone by typing
3 and press
Enter
Note, if you use
SpywareBlaster and/or
IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
-------------------------------------
Your java version is outdated please update java
Updating Java:
- Go to Start > Control Panel double-click on the Software icon > add/remove programs.
- Search in the list for all previous installed versions of Java, if not 1.5 (J2SE Runtime Environment.... )
It may have a coffee cup icon next to it.
Select it and click Remove.
- Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp
-------------------------------------
Perform an online scan with Internet Explorer with
Panda ActiveScan
Click on the "Free To Use ActiveScan" located on the top right hand corner- Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
My Computer- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Post the
Panda Scan report and a
new HijackThis log
-------------------------------------
After doing all this is there any improvement?
Required Logs
rapport.txt
Ewido report
Panda report
new HijackThis log