Your HJT log shows a smitfraud infection. Follow these steps for removal;3. Next, please reboot your computer into Safe Mode by doing the following:
- Print out these instructions as we will need to close every window that is open later in the fix.
- Download SmitfraudFix.exe from here and save it to your desktop:
SmitFraudFix.exeConfirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps.
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
When you are at the logon prompt, log in as the same user which you had done the previous steps.
4. When your computer has started in safe mode and you see the desktop.
5. Close all open Windows.
6. Now, double-click on the SmitFraudfix icon that should be residing on your desktop
7. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen..
8. You will now see a menu. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
9. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the built in Disk Cleanup program. This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.
10. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.
11. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
12. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.
Save the log for posting back here.
A huge number of files found to be infected by Kaspersky are either in the Norton Quarantine and/or in your Temp files. Empty the Norton Quarantine and even though the Smitfraud fix program may have removed temp files please do this again by running CCleaner in safe mode to be certain all are gone.
Next go to Control Panel and double click Java the Java Control panel will open please delete the temp files/clear the cache there.
Next Download and install the latest version of Sun Java
please download the OFFLINE installation version and save it to the desktop.
You then will need to uninstall ALL entries for Java via Add/Remove.
Once you have uninstalled all java versions then install the newest version by double clicking the SunJava Icon on the desktop.
After that go here to verify that it was properly installed.
Next you need to uninstall the following via Add/Remove, now you may not see all of these but uninstall any that you do find there;
MySearch
My Search Bar
MyWay Speed Bar'
My Web Search Bar
Fun Web Products Easy Installer
License_Manager
Viewpoint
After doing all of the above please reboot the system. Run a new Kaspersky scan and another HJT scan and post back here with the Smitfraud log, and those new Kaspersky and HJT logs.
Judy
Reply With Quote