Thanks,



Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

1. Reboot your computer in Safe Mode.
   • If the computer is running, shut down Windows, and then turn off the power.
   • Wait 30 seconds, and then turn the computer on.
   • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
   • Ensure that the Safe Mode option is selected.
   • Press Enter. The computer then begins to start in Safe mode.
   • Login on your usual account.
2. Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
   Select option #2 - Clean by typing 2 and press Enter.
   Wait for the tool to complete and disk cleanup to finish.
   You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
   The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
   
   A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
   
   The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
   
   
3. Clean out your Temporary Internet files. Proceed like this:
   • Quit Internet Explorer and quit any instances of Windows Explorer.
   • Click Start, click Control Panel, and then double-click Internet Options.
   • On the General tab, click Delete Files under Temporary Internet Files.
   • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
   • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
   • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
   • Click OK.
   Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
   
   Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
   
   
   
4. Run SmitfraudFix. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
   Select option #3 - Delete Trusted zone by typing 3 and press Enter
   
   Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
   
   
5. Post Logs. Please post:
   1. c:\rapport.txt
   2. A new HijackThis log
   Your may need several replies to post the requested logs, otherwise they might get cut off.
   

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.