Download hijack this from the link below.Please do this. Click here:
to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
SpywareQuake Program
If you can't boot to safe mode run the yools in normla mode, you really should have admin roghts to make sure the fixes work!
1. Print out these instructions as we will need to close every window
that is open later in the fix.
2. Download the appropriate Roguescanfix depending on your language from
here:
Roguescanfix.exe (English version)
Roguescanfix.exe (Dutch version)
Confirm that the file Roguescanfix.exe now resides on your desktop.
3. Double-click on the roguescanfix.exe file found on your desktop and
then press the Install button. The file will create a folder on your
desktop called roguescanfix.
4. Double-click on the roguescanfix folder and then double-click on
Run.bat. Please note that when the Run.bat starts it will download a
program from the Internet that it needs to use during the cleanup. If your
firewall gives an alert about this, please allow the download.exe or
run.bat program to access the Internet.When you start the Run.bat program
your desktop will disappear which is normal so you do not need to be
concerned. It will then start the SpywareQuake uninstallation program.
When that program starts, click on the Uninstall button. When it has
finished uninstalling, you can then press the OK button to finish the
uninstalling of SpywareQuake
When this program is finished, and it was able to delete all the files,
you will see a small prompt that says Completed script execution. Simply
press the OK button. It will then open the Brute Force Uninstaller program. You can simply press the Exit button and continue to Step 5.
If there were more files that needed to be deleted, the program will
prompt you to reboot your computer. Press the Yes button and allow the
computer to reboot. When you are back at the desktop, proceed to Step 5.
* Click here to download smitRem.zip.
* Save the file to your desktop.
* Unzip smitRem.zip to extract the two files it contains.
* Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.
* Download the trial version of Ewido Security Suite.
* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Click here for info on how to boot to safe mode if you don't already
know how.
* Now copy these instructions to notepad and save them to your desktop.
You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps
in safe mode:
Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
Go to add/remove programs in your control panel and uninstall (if there):
SpyFalcon
***if the computer asks for you to let it reboot DO NOT allow it.
Go to your desktop and double click on the FixSF.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.
Navigate to the following files/folders and delete these (if there):
C :\Windows\System32\dxmpp.dll
C:\Windows\System32\ginuerep.dll
C:\Program Files\SpyFalcon
run hijack this and fix the tmp file if there!
Something like this!
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp6A30.tmp
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Run Ewido:
* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
* Go to Control Panel > Internet Options. Click on the Programs tab
then click the "Reset Web Settings" button. Click Apply then OK.
* Next go to Control Panel > Display. Click on the "Desktop" tab then click
the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you
should see an entry checked called something like "Security info" or similar.
If it is there, select that entry and click the "Delete" button. Click OK
then Apply and OK.
* Restart back into Windows normally now.
* Run ActiveScan online virus scan here
When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!
post another hijack this log, the ewido and active scan logs and
the contents of smitfiles.txt from the smitRem folder
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
