I still think there's some things lurking on your computer
We'll have to try alternatives
Can you please do the following
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows CleanupGive the link time to load or try it twice, it may be busy
Alternate Download linkDon't run it yet, we'll need it later
==Download and UNZIP to desktop or a folder
Smitfraud.zip, so you now have Smitfraud.reg extracted
We'll need this later
[attachment=282:attachment]
I'll assume you downloaded Killbox earlier, if not I'm including it again just in case
Please Open up a Notepad file
START>>RUN>>Type in
notepadHit OK
Copy all of these instructions to that notepad file and save it on your computer
Close down all unneccessary windows running in the background
That includes this one
Can you please disable SpySweeper's realtime protection
We don't need it interfering in any fixes we are about to try
==Download the
Killbox by Option^Explicit.
[color=\"red\"]*In the event you already have Killbox, this is a new version that I need you to download[/color].
* Save it to your desktop or a folder
Please Save these instructions below to a Notepad file and save it to the infected computers desktop or a folder
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Security IGuard
Virtual Maid
Search Maid
PSGuardExit Add/Remove Programs.
* Please double-click
Killbox.exe to run it.
* Select "
Delete on Reboot".
* Open the Notepad file where you saved the instructions and copy the file paths below to the clipboard by highlighting ALL of them and pressing
CTRL + C[color=\"purple\"]Killbox file paths to copy to clipboard between dotted lines[/color]
===========================================
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\zloader3.exe
C:\Windows\system\wp.bmp
C:\Windows\System\hhk.dll
C:\Windows\System\wldr.dll
C:\Windows\System\helper.exe
C:\Windows\System\intmon.exe
C:\Windows\System\shnlog.exe
C:\Windows\system\perfcii.ini
C:\Windows\System\intmonp.exe
C:\Windows\System\msmsgs.exe
C:\Windows\system\msole32.exe
C:\Windows\System\ole32vbs.exe
C:\WINDOWS\system\oleadm.dll
C:\WINDOWS\system\oleadm32.dll===================================================
* Return to Killbox, go to the
File menu, and choose "
Paste from Clipboard".
* Click the red-and-white "
Delete File" button. Click "
Yes" at the Delete on Reboot prompt. Click "
No" at the Pending Operations prompt.
Don't worry about any file not found messages
If your computer does not restart automatically, please restart it manually.
[color=\"red\"]
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.[/color]
In SAFE MODE
Using Windows Explorer, Manually navigate and delete these folders if found
Don't do a search for them, manually look for them
C:\Program Files\
Search MaidC:\Program Files\
Security IGuardC:\Program Files\
Virtual MaidC:\Program Files\
PSGuardC:\Windows\System\
Log Files Can you also look for Log Files in your System32 folder
==Double click on
Smitfraud.reg and allow to add or Merge to the registry
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Restart the computer back to Normal mode
Back in Windows
Can we run another scanner through your machine please
Download and Install Spybot 1.4 from
HERE or
HEREDon't activate the Tea Timer when installing, it's a great feature but can get in the way
of any fixes we may still have to do
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish the cleaning process
Back in Windows
Run another scan with Hijackthis and post a fresh log
Could you also Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST button
Save the list to your desktop and then copy and paste back the contents here too along with the hijackthis log
I want to check a couple files
Although the may be legit, I want to make sure
Can you go to this link
Give this site time to load
Jotti's Online Malware scanUse the browse button and navigate to this file on your hard drive
C:\WINDOWS\SYSTEM\
aucbpnp.exe <-this file
Right click on it and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please, just the scanner results which includes name of file
Do the same for this file
C:\WINDOWS\
CLGAMMA.EXE <-this may be legit, but won't hurt to check it
We'll worry about the cleaning of the registry and the error message from the USB file later
It looks like you have a USB port controller hooked to the machine
and some entries related on startup, this may be the reason for the error message on startup
