Have managed to download the Antivermin Spyware.
I uninstalled the program and deleted it from the hard disk but the icons in the bottom right hand corner won't go away and keeps popping these antivirus messages.
Have cleaned the temporary internet files, run Norton anti-virus, Run Ad-Aware( said it removed it) but its still there.
Went to Internet explorer ad-ons and disabled the Security Protection bar.
Have run Hijackthis and have a log file.
It is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 00:30:38, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\LxrSII1s.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\program files\halliburton\halhelp\halhelp.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Interwise\Student\pull.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\s7rw213\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7online.subsea7.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://7online.subsea7.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://halworld.corp.halliburton.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Halliburton Company
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s7ukisaarray.subsea7.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.corp.halliburton.com;s7portal*;portal*;*.subsea7.net;https://subsea7.porter.xait.no*;http://notana*;http://ukgree*;http:brnite*;notana*;ukgree*;brnite*;https://codex.ambito.net*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [DIRECT!] C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe
O4 - HKLM\..\Run: [HalHelp] c:\program files\halliburton\halhelp\halhelp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Push Client.LNK = C:\Program Files\Interwise\Student\pull.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://7online.subsea7.net
O15 - Trusted Zone: http://*.brnitesps01 (HKLM)
O15 - Trusted Zone: http://*.notanasps01 (HKLM)
O15 - Trusted Zone: http://www.petrolearn.com (HKLM)
O15 - Trusted Zone: http://*.portal (HKLM)
O15 - Trusted Zone: http://*.s7portal (HKLM)
O15 - Trusted Zone: http://7online.subsea7.net (HKLM)
O15 - Trusted Zone: http://brnitesps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://notanasps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://portal.subsea7.net (HKLM)
O15 - Trusted Zone: http://s7portal.subsea7.net (HKLM)
O15 - Trusted Zone: http://ukgreesps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://*.ukgreesps01 (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\Software\..\Telephony: DomainName = Subsea7.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\system32\mscoree.dll
O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINNT\system32\cthkpcv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINNT\SYSTEM32\LxrSII1s.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\bin\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
I can see two things which seem bad to me:
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll
and
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
Can I fix these with Hijackthis?
If Not
What should I do.
Thank you,
Regards,
vivek
Full Version: Can't get rid of Antivermin Icons
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hello,vivek & Welcome
First move HijackThis.exe to a folder of it's own like C:\HJT
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
( Do not run just YET )
Download ATF (Atribune Temp File) Cleaner© by Atribune
Download and Install AVG Anti-Spyware© by Grisoft
Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware
( Don't run just YET )
===========
Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):
Video ActiveX Object
AntiVermins
Note: Please that these items may need you to do a reboot to complete the Uninstall then please do so.
===========
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
===========
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [DIRECT!] C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe
These 015 items did you put them in place if so don't fix
O15 - Trusted Zone: http://*.brnitesps01 (HKLM)
O15 - Trusted Zone: http://*.notanasps01 (HKLM)
O15 - Trusted Zone: http://www.petrolearn.com (HKLM)
O15 - Trusted Zone: http://*.portal (HKLM)
O15 - Trusted Zone: http://*.s7portal (HKLM)
O15 - Trusted Zone: http://7online.subsea7.net (HKLM)
O15 - Trusted Zone: http://brnitesps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://notanasps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://portal.subsea7.net (HKLM)
O15 - Trusted Zone: http://s7portal.subsea7.net (HKLM)
O15 - Trusted Zone: http://ukgreesps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://*.ukgreesps01 (HKLM)
These 017 items if not your Domain or not put in place by you or Admins fix them
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\Software\..\Telephony: DomainName = Subsea7.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINNT\system32\cthkpcv.dll
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
===========
Restart your computer in Safe Mode.
===========
Next, please find and delete the following files/folders (if present):
C:\WINNT\system32\cthkpcv.dll<---This file
C:\Program Files\Video ActiveX Object\<---This folder
===========
Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program
Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware
===========
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log and the AVG anti-spyware log in your next reply.
Gogo
First move HijackThis.exe to a folder of it's own like C:\HJT
Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
( Do not run just YET )
Download ATF (Atribune Temp File) Cleaner© by Atribune
Download and Install AVG Anti-Spyware© by Grisoft
Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware
( Don't run just YET )
===========
Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):
Video ActiveX Object
AntiVermins
Note: Please that these items may need you to do a reboot to complete the Uninstall then please do so.
===========
View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
===========
Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [DIRECT!] C:\PROGRA~1\COURIO~1\IDENTI~1\direct.exe
These 015 items did you put them in place if so don't fix
O15 - Trusted Zone: http://*.brnitesps01 (HKLM)
O15 - Trusted Zone: http://*.notanasps01 (HKLM)
O15 - Trusted Zone: http://www.petrolearn.com (HKLM)
O15 - Trusted Zone: http://*.portal (HKLM)
O15 - Trusted Zone: http://*.s7portal (HKLM)
O15 - Trusted Zone: http://7online.subsea7.net (HKLM)
O15 - Trusted Zone: http://brnitesps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://notanasps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://portal.subsea7.net (HKLM)
O15 - Trusted Zone: http://s7portal.subsea7.net (HKLM)
O15 - Trusted Zone: http://ukgreesps01.subsea7.net (HKLM)
O15 - Trusted Zone: http://*.ukgreesps01 (HKLM)
These 017 items if not your Domain or not put in place by you or Admins fix them
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\Software\..\Telephony: DomainName = Subsea7.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Subsea7.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = subsea7.com,subsea7.net
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINNT\system32\cthkpcv.dll
Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis
===========
Restart your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
===========
Next, please find and delete the following files/folders (if present):
C:\WINNT\system32\cthkpcv.dll<---This file
C:\Program Files\Video ActiveX Object\<---This folder
===========
Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program
Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware
===========
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.
Please post the newrapport.txt log along with a new HijackThis Log and the AVG anti-spyware log in your next reply.
Gogo
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.