Open HijackThis and select
Do a system scan only and place a check mark next to:
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
Close all windows except for HijackThis and click
Fix checked
---------------
Download
ViewpointKiller
* Unzip the program and all of the contents of
ViewpointKiller.zip to a location such as your desktop.
* Double click the ViewpointKiller icon to run
ViewpointKiller.exe. Select the "
File" menu, and select "
Check to see if you have Viewpoint installed".
* If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "
Kill" option in the
File menu.
Follow the prompts and instructions very carefully, answering "
Yes" or "
No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.
Note: When done with ViewpointKiller, simply right click and delete all files that were unzipped.
---------------
Please download ATF Cleaner by Atribune.
ATF Cleaner.exe
Make sure that
all browser windows are closed.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
If you use Firefox browser
* Click Firefox at the top and choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use Opera browser
* Click
Opera at the top and choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
Click
Exit on the Main ATF Cleaner menu to close the program.
---------------
Download
SmitfraudFix (by S!Ri) to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing
1 and press
Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named
rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
Please attach that log in your next reply.
Note: process.exe ( which is used by SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool";
it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
---------------
Last, run a new HijackThis scan and attach the log.
---------------
Next post please attach
rapport.txt
New HijackThis log