You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.


You are presently running two (2) real-time antivirus tools at the same time which is very unproductive for your PC as well as a possible source of conflict and slowdowns.

Please uninstall either NOD32 or Norton AV (NOD32 probably simpler to uninstall for the time being).



REBOOT after the uninstall.



Next,

Download and install AVG Anti-Spyware 7.5 (AVG AS).

• Click the Download BUTTON. On the next page click the Download now BUTTON.
• Save and then install (Run) from the save location.
  
• Open/Run AVG Anti-Spyware
  
• Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
  
  
  Quote:

  Click on the Update now LINK at the top of the window Click on the Start update button Wait for the update to download and install

• This is very important to get the LATEST updates
  
• Click on the Status ICON
  • Under "Your computers Security"
    Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
• Click on the Scanner ICON at the top of the window
  
• Click on the Settings tab then select Recommended Actions and choose Quarantine
• When updating has finished. Close AVG Anti-Spyware.

We will be using this tool in a later step.

• Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Running SmitfraudFix – 2nd Part

• Once in Safe Mode, double-click on SmitfraudFix.exe
  Warning: running option #2 on a non infected computer will remove your Desktop background.
  
  Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  
  You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  
  The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  
  The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
  
  A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
  The report can also be found at the root of the system drive, usually at C:\rapport.txt
  
  
• Restart your computer in Safe Mode again.

AVG Anti-Spyware - 2nd Part

• Click on Scanner on the toolbar.
• Click on Complete System Scan to start the scan process.
• Let the program scan your computer.
• When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Tray Icon and select Exit.
• Now copy the report back to this topic.

• Run a new HijackThis (HJT) scan.
  
• Please ensure that you have posted the SmitfraudFix, AVG, and HJT logs in this thread.

Let us know how your PC is now behaving.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.