This is a split board - You can return to the Split List for other boards.

Malware Infections and How To Fix Them (V3.0)

#1Tigger93Posted 8/21/2008 6:27:49 PMmessage detail
Please do not post until the entire guide has been posted. This process may take several minutes. Thank you.

Table of Contents
-------------------------

0.0 GENERAL INFO
0.1 --- How to Use this Guide
0.2 --- Disclaimer
0.3 --- A Note About This Guide

1.0 The Help You Get Here
1.1 --- The Helpers
- 1.1.0 --- HijackThis Log Readers
- 1.1.1 --- General Assistance
- 1.1.2 --- A Note About the Helpers
1.2 --- What We Probably Can Help With
1.3 --- What We Probably Can't Help With (And Where To Get Help)
1.4 --- Tips for Getting Better Help

2.0 BASIC SKILLS
2.1 --- Booting to Safe Mode
2.2 --- Viewing Hidden/System Files
2.3 --- Resetting System Restore
2.4 --- How to Clear Out Temporary Files/Folders
- 2.4.1 --- with ATF Cleaner
- 2.4.2 --- with Windows' Disk Cleanup
2.5 --- Java
2.6 --- Disabling Security Programs
- 2.6.1 --- AdAware's Ad-Watch
- 2.6.2 --- MalwareBytes' Anti-Malware Protection Module
- 2.6.3 --- Spybot's Tea Timer
- 2.6.4 --- SpywareGuard
- 2.6.5 --- Webroot SpySweeper
- 2.6.6 --- Windows Defender

4.0 Virus Removal Basics
4.1 --- How to prevent Viruses
4.2 --- About HijackThis

5.0 Specific Virus Removal Instructions
5.1 --- Alcan (Symptoms: Popups, task manager doesn't work)
5.2 --- EGDAccess / Navipromo (Symptoms: Popups)
5.3 --- LOP (Symptoms: Popups, Messenger Plus!)
5.4 --- Smitfraud (Symptoms: Computer says it's infected, tries to install AV software)
5.5 --- Vundo/Virtumonde (Symptoms: Popups)
5.6 --- Wareout (Symptoms: Redirected Google results)

6.0 Conclusion
6.1 --- Credits
6.2 --- Other Information
6.3 --- Links to Removal Tools
#2Tigger93(Topic Creator)Posted 8/21/2008 6:28:08 PMmessage detail
================
0.0 GENERAL INFO
================

0.1 --- How to Use This Guide
-------------------------------------
This guide is meant as a self-help resource only. It is not the definitive answer to all problems that may or may not come up on this board--it's meant to help out with the ones that do.

The guide is numbered according to the Table of Contents. To use this numbering system, hit "Control-F" and type in the number you're looking for. This guide may be long--if you find it necessary, you may have to check the next page to find the rest of the information you're looking for.

0.2 --- Disclaimer
---------------------
The steps contained within this guide are as accurate as possible, however, neither the poster of this guide, the original compilers of this guide, or the creators of the removal tools can be held responsible for any damage incurred upon your computer during the malware infection or the removal process. The same goes for any steps you attempt while trying to fix your computer.

The removal steps in each section of this guide are provided for self-help only. You may see further disclaimers in the use of more advanced tools or while following advanced fixes.

It is recommended to pay attention those warnings for the overall safety of your system, but should you continue, it is entirely at your own risk.

While all efforts have been made to verify that the solutions to the infections in this topic are as recent as possible, new variants of infections are often found regularly. Should the solutions in this topic not work for you, post a new topic and a logreader will guide you through an updated fix.

Extra note for people who do not use Windows XP: Some of the removal tools or provided instructions may not work on your system. Please ask a log analyst for assistance and alternatives.

0.3 --- A Note About This Guide
---------------------
This guide is technically "Malware Infections (v3.0)", but with extras, originally made to replace the old topic by rpggamergirl and Sirith.

Much of the information in this topic was originally written by Sirith. Since this topic needs to be updated, and I've not seen her for quite a some time, I've updated and posted this version.
#3Tigger93(Topic Creator)Posted 8/21/2008 6:29:08 PMmessage detail
=================
1.0 The Help You Get Here
=================

1.1 --- The Helpers
---------------------
The helpers here at Tech Support change often--usually there's a new group of users every few months that step up to the challenge of pitching in with topics, but there are some users who have been here for a few years, consistently helping out.

It's very wise to realize that you may or may not get assistance from people who are trained--although a number of the users here do have certifications or experience in technical jobs, and are qualified. Take the advice of random users with care. Rarely do any problems result, but don't hold us responsible if something goes wrong.

1.1.0 --- HijackThis Log Readers
---------------------
At present there are only six regular HijackThis Log Readers on the GFAQs Tech Board. If you are interested in helping out or learning to read HijackThis Logs, please view "Other Information" below.

This is a very specific category largely because these people will deal mostly with topics related to specific malware infections.

As it stands, the individuals who have been acknowledged to provide reliable help with HijackThis logs are:
Sirith (AbstractEpiphany)
Tigger93
Frost_Shock_FTW
Fire Knight
rpggamergirl
dragonius17


Any HijackThis assistance from individuals other than the above may be questionable--use at your own risk.

1.1.1 --- General Assistance
---------------------
General assistance is provided largely by anyone who feels like stopping by--and who has expertise on a given problem. There are a lot more "general helpers" than there are people who have very specific expertise (HijackThis). To become a member of this category--just help out, if you know an answer or can point someone in the right direction.

If you check enough topics, you'll soon realize who has been most helpful and knowledgeable about specific aspects of computing--and you may want to take their advice more seriously than the first random suggestion that comes into your topic.

1.1.2 --- A Note About the Helpers
The helpers on this board are volunteers.
The helpers at this board are not affiliated with GameFAQs in any way.
The helpers on this board do have lives--and may or may not be able to help you immediately. They may also not be able to help you as quickly as you might like. They may disappear altogether in the middle of helping. There is really no telling.
There have been cases in the past where we'll stop helping users who are being especially rude--not many, but it still happens.

Again, we're here and helping out because we like sharing our knowledge.

1.2 --- What We Probably Can Help With
---------------------
---> Virus removal
---> Hardware/software recommendation
---> Hardware problems
---> Software errors
---> Operating system problems
---> General questions/concerns
---> General troubleshooting

Basically, just about anything you can throw at us that someone will know how to fix.
#4Tigger93(Topic Creator)Posted 8/21/2008 6:30:02 PMmessage detail
1.3 --- What We Possibly Can't Help With (And Where To Get Help)

1) Your Internet connection
---------------------
Strangely enough, a lot of the time, if you say "My Internet isn't working", beyond a few basic steps, we really can't help you at all. Why is this? Because we can't really determine what the cause is. It could be that your ISP is screwing up, the cabling is bad, your computer's got a problem... The only thing we can rule out is computer problems--your ISP has to do the rest.
Where to get help: Your ISP. You pay them for Internet--they do have customer service.

2) Obscure programs (possibly in foreign languages)
---------------------
While we can try our best, there are some programs with very specific errors that we can't help with, especially if the program operates in a language that is not English. While some of us do speak or can extrapolate other languages, or are comfortable enough with Google and other resources to give you advice, you may be better off trying elsewhere, especially if you're getting a very specific error.
Where to get help: Here, or the program's website/help documentation if they have any. This may include any forums or newsgroups they have, or e-mailing the developer if it's a small project.

3) Illegal programs, using said programs, or illegal activities
---------------------
No we will not help you crack your friend's password, screw with your school computers, or bypass or violate any agreements you may have agreed to in using programs. No matter how legitimate your cause may be ("I forgot my password and have to crack it!") or how amusing you think the reactions of people may be, you should probably not ask about any of that here--although you will sometimes get answers of varying degrees of usefulness.
Where to get help: Nowhere if you're up to no good; here otherwise.

4) Web pages, web hosting, web development
---------------------
While some of us are actually web developers, you will probably get better results asking specifically on the Web Design and Programming Board. Be sure to read their sticky first, as it covers a lot of the basics.
Where to get help: Web Design and Programming Board.

5) Coding, programming, and application development
---------------------
Again, some of us do code and may be able to help, but you'll probably get better results by asking the guys on the Game Design and Programming board.
Where to get help: Web Design and Programming Board.

6) Vague problems
---------------------
"Help, my computer isn't working!" is great, because I'm sure it's accurate, but you're wasting both our time and yours by not giving us more information earlier on so we can help you better.
Where to get help: Here is fine, but we need more info.

1.4 --- Tips for Getting Better Help

1) Relevant subject line
---------------------
"Help!" "Help me FAST!" "NEED HELP NOW!" are useless subject lines, and aren't going to help to attract anyone who can help you as quickly as you want. Try something more specific, like "Firefox error", "Windows won't load", or "Problems with Popups (HijackThis)"

2) Include all information!
---------------------
If you want to get answers that contain suggestions you haven't tried as opposed to questions or things you have already done, let us know all information!
--> When did the problem start
--> What you've tried so far to fix it
--> If you did anything unusual to the system before the problem started
--> What are the symptoms of the problem?
--> Any logfiles you've got through your previous steps (HijackThis, antivirus logs, etc.)
And anything else you think is relevant.
#5Tigger93(Topic Creator)Posted 8/21/2008 6:30:43 PMmessage detail
3) Be polite
---------------------
A little Thanks goes a long way, it really does.

4) Be patient--but not too patient!
---------------------
It may take a few days to get an answer--it may be a while before someone who knows how to solve your problem will take a look at your topic. Bump your topic when you feel you need to to keep it seen--but don't bump it every ten minutes.

5) Look before you post!
---------------------
The stickies have a lot of information, and so do the topics on the board. Your problem may be similar to one that's already posted here--give the search function a try before you post, or if you can't use it, have a quick look through the titles of the topics on the first few pages. You may just find the answer you're looking for.

Other useful resources may be found through your favorite search engine.

================
2.0 BASIC SKILLS
================

2.1 Booting To Safe Mode
---------------------

Safe Mode is a diagnostic mode where Windows starts up with a reduced number of drivers and running processes in order for the user to repair damaged system components. Should Windows not boot to normal mode for some reason (malware, corrupt system files), or certain tasks can't be completed or files can't be removed, generally it can be accomplished in Safe Mode.

In Safe Mode, Windows generally runs at a resolution of 640x480, with 'Safe Mode' superimposed on the background at the corners. Only a minimum number of processes are permitted to run, making this mode ideal for the removal of malicious programs or stubborn files.

NOTE: For best Hijack This results, do not provide logreaders with a Safe Mode log unless it is absolutely impossible to get one while in normal mode!

How to boot to Safe Mode using a Key During Bootup:
--> restart your system normally
--> tap (or hold) F8 during bootup (before the Windows logo screen appears)
NOTE: Sometimes a different key other than F8 is used, should you have problems with this method, pay attention to the screens during bootup for other potential keys to try (F2, Delete, Enter, left Shift) or ask for advice
--> select "Safe Mode" from the menu that appears (it's usually option three)
NOTE: For malware removal purposes, avoid using 'Safe Mode With Networking' while attempting to remove viruses

To escape safe mode once you're finished, just restart your computer normally, and don't press any keys during bootup.

2.2 --- Viewing Hidden and System Files
---------------------
Lots of malware hides on a system as a hidden or system file so it can't be normally seen by the user. This can easily be changed, and should be changed before you go to delete any malicious files.

--> Open My Computer.
--> Select the Tools menu and click Folder Options.
--> Select the View tab then select "Show hidden files and folders".
--> Uncheck "Hide protected operating system files (recommended)", and make sure to uncheck "Hide file extensions for known file types".
--> Click OK.
#6Tigger93(Topic Creator)Posted 8/21/2008 6:31:35 PMmessage detail
For Vista Users:
--> Click the start button and click Control Panel.
--> On the side panel, click Classic View.
--> Click Folder Options.
--> Select the Tools menu and click Folder Options.
--> Select the View tab then select "Show hidden files and folders".
--> Uncheck "Hide protected operating system files (recommended)", and make sure to uncheck "Hide file extensions for known file types".
--> Click OK.

You can now see hidden and system files. Do whatever work you need to do, and when you're done, change the settings back (especially checkmark Hide protected operating system files (recommended)) so you don't accidentally delete important files later on.

2.3 --- Resetting System Restore
---------------------
Resetting System Restore clears out any malicious software hiding in your backup points.

You should NOT reset your System Restore until your computer is clean. It is always better to have an infected restore point than none at all.

To reset System Restore:
--> Right click My Computer and select Properties.
--> Select the System Restore tab and checkmark "Turn off System Restore on all drives".
--> Click Apply and OK
--> Restart your computer.
--> Go back into my Computer and uncheck "Turn off System Restore on all drives".
--> Click Apply and OK

For Vista users:
--> Right click Computer in the start menu.
--> Click Advanced system Settings.
--> Under the System Protection uncheck the checkboxes for the drives you wish to turn
system restore off.
--> You will get a warning telling you all restore points will be deleted. Press Turn System Restore Off
--> Restart your computer.
--> Go back in Computer > Advanced System Settings > System Protection and check the boxes next to the drives you wish
to turn System Restore back on.

2.4 --- How to Clear Out Temporary Files/Folders
---------------------
Removing temp files can help your computer run faster, free up space and even remove virus's hiding there.

- 2.4.1 --- with ATF Cleaner
---------------------
Download ATF Cleaner from: http://www.atribune.org/ccount/click.php?id=1.

GENERAL TEMP CLEANUP
--> Click on ATF-Cleaner.exe to start the program.
--> Under Main, choose Select All.
--> Click the Empty Selected button.

IF YOU USE FIREFOX
--> At the top, click FireFox.
--> Check the Select All button.
NOTE: Uncheck the Saved Passwords if you don't want to delete them!
--> Click the Empty Selected button.

IF YOU USE OPERA
--> At the top, click Opera.
--> Check the Select All button.
NOTE: Uncheck the Saved Passwords if you don't want to delete them!
--> Click the Empty Selected button.

Click Exit on the main menu.
#7Tigger93(Topic Creator)Posted 8/21/2008 6:31:58 PMmessage detail
- 2.4.2 --- with Windows' Disk Cleanup
---------------------
Go to Start -> Run -> and type in cleanmgr. Press OK.

Select your hard drive (usually C:\) and click OK. This next part may take several minutes
as Windows is scanning your drive for temp files. Once it's finished, it'll present you with a new
window that gives you a list of checkboxes pertaining to various things you can clear out on your
Windows install.

Once you've selected all of the options you want, click "OK" and then follow any prompts that
appear, and be patient as the disk cleanup process occurs.

2.5 --- Java
---------------------
Java is used to run many things on your computer and many applications on the web. But as other
programs, it is often updated. It is important to keep software up-to-date to fix bugs and security
issues. Java is no exeception. Having an out-of-date version Java may leave open to infections including
Vundo.

To update Java:

--> Open the Control Panel and find any items with JRE or J2SE, they are Java.
--> Uninstall each item.
--> Download the latest version of Java from http://java.sun.com/javase/downloads/index.jsp.
--> Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
--> Click the download button, select your platform, and agree to the agreement.
--> Click continue and download the Windows Offline Installation saving it to your desktop.
--> After the download has completed, install Java.
--> Once the installation has completed, restart your computer.

2.6 --- Disabling Security Programs
---------------------
Many security programs monitor important parts of your system (such as the registry) and block changes
made to these locations. Therefore, fixes by HijackThis and other tools will be undone. Therefore,
you need to disable these programs before you begin a fix.

NOTE: This does not mean you also to turn off your firewall! Your firewall should be on at all times!

- 2.6.1 --- AdAware's Ad-Watch
Note: Ad-Watch is not available unless you have the paid version of Ad-Aware.

-> Open Ad-Aware.
-> Go to the Ad-Watch User Interface.
-> Go to Tools and Preferences.
-> At the bottom of the window, you should see these two options:
--> "Automatic" blocks all perceived threats automatically.
--> "Active" will turn Ad-Watch on and off.
-> Disable both options (click on the icon).
-> Close Ad-Watch/Ad-Aware.

- 2.6.2 --- MalwareBytes' Anti-Malware Protection Module
Note: The Protection Module is not available in the free version.
-> If the protection module is running, a MalwareBytes' icon will be in the system tray.
-> Right-click the MalwareBytes' icon.
-> Select Disable protection.
-> Select Yes at the prompt.

- 2.6.3 --- Spybot's Tea Timer
-> Open Spybot Search and Destroy.
-> Choose Advanced mode (Select Yes at the prompt).
-> Click on the Tools menu to expand it.
-> Click Resident.
-> Uncheck the Resident "TeaTimer" (Protection of overall system settings) active box.
-> Close Spybot.

- 2.6.4 --- SpywareGuard
-> If SpywareGuard is running, a SpywareGuard icon will be in the system tray.
-> Right-click on the SpywareGuard icon and open SpywareGuard.
-> Go to the menu, then File -> Exit.
#8Tigger93(Topic Creator)Posted 8/21/2008 6:32:52 PMmessage detail
- 2.6.5 --- Webroot SpySweeper
-> Open SpySweeper and go to Options followed by Program Options.
-> Uncheck Load at Windows Startup.
-> Click Shields and uncheck all items listed there.
-> Uncheck Home Page Shield and Automatically restore default without notification.
-> Close SpySweeper.

- 2.6.6 --- Windows Defender
-> Open Windows Defender.
-> Click Tools, then Options.
-> At the bottom of the window, under Real-time protection options, uncheck Use real-time protection (recommended).
-> Click the Save button.
-> Close Windows Defender.
-> Right click on the Windows Defender icon in the system tray (the lower right of the screen, by the clock) and select Exit.

================
4.0 Virus Removal Basics
================

4.1 --- How to prevent Viruses
-------------------------------------
Listed below are several tips you can use to help prevent being infected with a virus.

1) Have an Anti-Virus program. If you don't have one, you need one as soon as you can get one. Several free ones include Avira AntiVir, Avast!, and AVG Free. Paid ones include NOD32, McAfee, and Norton.

2) Have a FireWall. If you don't have one, again, you need one as soon as you can get one. ZoneAlarm is a good free one. Most paid Anti-Viruses come with a firewall.

3) Stay Updated! Microsoft released security updates at least once a month. It's a good idea to get these installed as soon you can download and install them. If you have automatic updates enabled, you don't have to worry about this. If its not enabled, you will be alerted in the system tray when updates become available.

4) Scan regularly. Scan with your Anti-Virus/Spyware program at least once a week. This will make sure you are virus free.

5) Don't disable. It's not a good idea to ever turn off you're firewall. Once it's off your computer is available for hackers to find. If you must, you can turn off your Anti-Virus program, but turn it back on once you no longer need it to be disabled.

6) If you think something's wrong, there probably is. If you think you have a virus, you very well may be right. Scan immediately with your anti-virus/spyware program -- and if you think is necessary, post a HijackThis log for someone to analyze.

4.2 --- About HijackThis
-------------------------------------
As of this writing, the latest version of HijackThis is version: 2.0.2.

You can download HijackThis from: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

You should never fix anything in HijackThis without consulting an expert.

Basic HiJackThis instructions:
-> If you do not have HijackThis, download load it from the link above.
-> Run the tool, and click Scan Only.
-> Place a checkmark beside all the entries you've been advised to fix.
-> Click Fix Checked.
-> Close HijackThis.

If HijackThis will not run, rename it to something else such as your GFAQs username, or a random word. Some viruses will not allow HijackThis to run so we must rename it so it will.
#9Tigger93(Topic Creator)Posted 8/21/2008 6:33:46 PMmessage detail
================
5.0 Specific Virus Removal Instructions
================

5.1 --- Alcan
-------------------------------------
NOTE: This infection is for the most part dead and no longer in the wild, but is left here for the few who may come across it.

Possible Symptoms:
TaskManager, regedit disabled
Popups
Ads
Processes using up large amounts of resources

Lines in HijackThis:
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe

Removal Instructions:
-> Download BFU from http://www.merijn.org/files/bfu.zip
-> Unzip it, and run the executable file inside.
-> Click on the Web button (looks like a world) and paste the URL below into the Download Script window:

http://metallica.geekstogo.com/alcanshorty.bfu

-> Click on the Execute button.

5.2 --- EGDAccess / Navipromo
-------------------------------------
Possible Symptoms:
Popups

Lines in HijackThis:
Various

Removal Instructions:
Note: This removal tool does NOT work on Vista!
-> Download Navilog1 from http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe.
-> Double click to install to tool. Once complete, click the shortcut on your Desktop to run it.
-> At the language menu, press E. Next, type 2 and press Enter.
-> When the scan is complete, press any key as requested.
-> Once done, you can uninstall this tool via Add/Remove Programs.

5.3 --- LOP
-------------------------------------
Possible Symptoms:
Popups

Lines in HijackThis:
Very long R# entries.

Removal Instructions:
-> Go Start -> Control Panel -> Add/Remove Programs.
-> Uninstall Messenger Plus! 3 and its sponsor program.
-> Download NoLop! from http://www.spywareedge.net/nolop/NoLop.exe
-> Click Search and Destroy.
-> If infected files are found, click OK.
-> The tool will remove the infected files.

5.4 --- Smitfraud
-------------------------------------
Note: This infection has so many rogue anti-spyware/malware scanners and codecs related to it, it'd take several posts to list them all.

Possible Symptoms:
Background changed
Secutiy popup in your system tray saying you are infected and suggests to download a antivirus to remove it
A "codec" you need to install in order to play a video or song (this is what caused your symptoms)
Start page changed or redirected from other websites
An anti-malware/spyware program installed that you don't know

Lines in HijackThis:
Too many to list
May no longer show up in HijackThis logs

Removal Instructions:
-> Download Smitfraudfix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.exe
-> Double-click the executable file to run it.
-> Select option 2 at the menu (type 2 and press enter).
-> When prompted to clean the registry, type Y and press enter.
-> Once completed, you may need to restart your computer.

Removal Option two:
-> Download Malwarebytes' Anti-Malware from http://www.malwarebytes.org/mbam.php (free version).
-> Install it and when complete, run the program.
-> Click the Update tab and click the Check for Updates button to update.
-> Click the Scanner tab and select Perform Quick Scan (Quick Scan is designed to remove everything that it would in a full scan).
-> Click Scan and let the program scan. Once complete, be sure to delete the infected files.
-> You many need to restart your computer to finish.
#10Tigger93(Topic Creator)Posted 8/21/2008 6:34:18 PMmessage detail
5.5 --- Vundo/Virtumonde
-------------------------------------
Possible Symptoms:
Popups

Lines in HijackThis:
Possible matching O2 and O20 that have the same file name
Random file in O4 that may be accommodated by the matching O2 and O20

Removal Instructions:
-> Download Malwarebytes' Anti-Malware from http://www.malwarebytes.org/mbam.php (free version).
-> Install it and when complete, run the program.
-> Click the Update tab and click the Check for Updates button to update.
-> Click the Scanner tab and select Perform Quick Scan (Quick Scan is designed to remove everything that it would in a full scan).
-> Click Scan and let the program scan. Once complete, be sure to delete the infected files.
-> You many need to restart your computer to finish.

5.6 --- Wareout
-------------------------------------
Possible Symptoms:
Popups

Lines in HijackThis:
O18's with IP address to the Ukraine

Removal Instuctions:
-> Download FixWareout from http://downloads.subratam.org/Fixwareout.exe
-> Double-click the executable to install it. Make sure Run fixit is checked.
-> The fix should start once you install it. If you are asked to reboot, do so.
-> Once your computer restarts, follow the prompts.
-> Once done, you can uninstall this tool via Add/Remove Programs.

================
6.0 CONCLUSION
================

6.1 --- Credits
-------------------------------------
This version of a guide is an updated version of "Malware Infections and How To Fix Them (V2.0)" by
Sirith/AbstractEpiphany. Several parts of this guide were written by Sirith and have been modified.
The original "Malware Infections and How To Fix Them" was created and compiled
by rpggamergirl.

All removal tools created by their respective authors.

6.2 --- Other Information
-------------------------------------
For program suggestions and security tips not covered here, check out Qbsean's sticky:
http://www.gamefaqs.com/boards/genmessage.php?board=2000111&topic=27719937

Updates to this guide should be posted here, but may also be posted at:
http://s13.zetaboards.com/HJT_Central/

6.2 --- Links to Removal Tools
-------------------------------------
AIMFix (by Jay Loden) --- http://jayloden.com/aimfix.htm
CWShredder (by Merijn, now owned by TrendMicro) --- http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe
HijackThis (by Merijn, now owned by TrendMicro) --- http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
MalwarBytes' Anti-Malware (by MalwareBytes') --- http://www.malwarebytes.org/mbam.php
NoLop! (by Skate_Punk_21) --- http://www.spywareedge.net/nolop/NoLop.exe
SmitfraudFix (by S!Ri) --- http://siri.urz.free.fr/Fix/SmitfraudFix.exe

-=- END OF GUIDE -=-

You may now post.

Please DO NOT post logs in this topic!