Please assist me with this problem, I have no idea what to do.
I've followed the steps provided but would like to make sure everything is in good working order and virus free. Where should I post my HJT results and any other results from the scans.

Hello and welcome to Techspot.

Go to the link in my signature and follow the instructions exactly.

Post a fresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:

Results from HJT scan

Herewith the scan resutls. I've noticed another problem. i can't change my homepage back to what it was. Everytime I go to tool,internet options, it shows the homepage i chose but it redirects to another page about security risks. anyway I can fix this?
Many thanx in advance!

Your system is infected with the Smitfraud infection.

Go HERE and follow the instructions exactly.

Once you`ve done that, please post a fresh HJT log.

Regards Howard

Thank You Howard

Thank you, all seem to be working now!
I've attached the lastest scan.

That`s good news.

However, I`d still like you to post a fresh HJT log, so I can check to see if your system is clean.

Regards Howard

HJT report as requested

Thanks for all the help!

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

UERS_0001_N68M1801NetInstaller.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.africagroup:8080<Fix this if you don`t know what it is, or you havenot set this yourself.

O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)

O2 - BHO: - {8E22B191-9FC7-4D90-B38D-ACED200E5333} - C:\WINDOWS\lbbho.dll (file missing)

O4 - HKLM\..\Run: [NI.UERS_0001_N68M1801] "C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe" -nag

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe" -nag

Reboot into normal mode and turn system restore back on.


Regards Howard