Special programs for certain problems.

Download and scan with Super AntiSpyware Free for Home Users

http://www.superantispyware.com/

http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/SUPERAntiSpyware.shtml



Double-click SUPERAntiSypware.exe to install and use the default settings for installation.
Run SUPERAntiSypware and update the definitions before scanning by selecting "Check for Udates".
When done, select "Scan for Harmful Software".
There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
Place a checkmark next to items you wish to remove/quarantine and Click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
Please post the results of the superantispyware log in your next reply along with a new HijackThis Log..
Select close to exit the program.




Note: If you encounter any problems while downloading the updates, manually download and unzip them from here . http://www.superantispyware.com/definitions.html

Download AVG anti-spyware from HERE (http://www.ewido.net/en/) and save that file to your
desktop.
This is a 30 day trial of the program Once you have downloaded AVG anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program. Once the setup is complete you will need run AVG and update the definition
files. On the main screen select the icon "Update" then select the "
Update now" link. Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then
select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found"Close AVG anti-spyware, Do Not run a scan just yet, we will shortly. Reboot your computer into SafeMode. You can do this by restarting
your computer and continually tapping the F8 key until a menu appears.

Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or
programs while AVG is scanning, it may interfere with the scanning proccess: Lauch AVG-anti-spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan". AVG will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all
actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system (make sure to remember where
you saved that file, this is important). Close AVG and reboot your system back into Normal Mode and post the
results of the AVG report scan along with a new HijackThis log......Jim

Download AVG Anti-Rootkit

http://free.grisoft.com/softw/70free/setup/avgarkt-setup-1.1.0.42.exe


Double click avgarkt-setup-1.1.0.42.exe to install. By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit
Accept the license and follow the prompts to install.
You will be asked to reboot to finish the installation so click "Finish".
After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.
You will see a window with four buttons at the bottom.
Click "Search For Rootkits" and the scan will begin.
You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.
When the scan has finished, a small window will open so you can view the results.
Right click and select "Save Result To File".
By default the file will be saved with a .csv extension. (You can use notepad to open the .cvs file)
If anything was found, click "Remove selected items"
If nothing was found, please click the "Perform in-depth Search" saving anything found to file as before

1. Download Combofix from one of the following links :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply, along with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.


Please download SmitfraudFix (by S!Ri)

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (normally C: ), and launch from there.


Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, normally C:\rapport.txt


Rightclick on hijackthis.exe file and rename it to hjt.exe
Post a fresh hijackthis log using hjt.exe with rapport.txt, and let me know how your computer is running........Jim

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.




Fix 2 for unknown files


Run VundoFix again:
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once the scan is complete, Right Click inside the listbox (white box) and click add more files
Copy&Paste the 2 entries below into the top 2 boxes

C:\WINDOWS\system32\????????.dll
C:\WINDOWS\system32\?????.dll


Click Add Files and Click Close Window
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


????????.dll is unknown file, type in unknown file that shows on the log.

Download VirtumundoBegone, place it on your desktop.

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Doubleclick VirtumundoBeGone.exe to start the tool.
Follow the instructions on the screen.
Don't worry if you'll get a Blue screen with an error in it - this is normal.
After reboot,

Please download Malwarebytes' Anti-Malware to your desktop.

http://www.besttechie.net/tools/mbam-setup.exe

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

part 1

Lets run an F-Secure online scan it will scan for Viruses, Spyware and RootKits:Click HERE

http://support.f-secure.com/enu/home/ols.shtml

Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New ScanWhen the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Note: This scan will only work with Internet Explorer.
You must be logged on a administrator rights to run this scan.
The scan may take a few hours.


part 2


Download ComboFix from Here or Here to your Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe


**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.