Have you disabled any real time protection already. I was thinking it was already disabled - but maybe that didn't happen as I didn't read the whole thread - any real time monitoring can usually be disabled by right clicking it in the system tray and checking or unchecking to disable it.

Do this then try again - if that doesn't work

==============================================

Download FixIEDef by ShadowPuterDude to the Desktop.

Disable real-time protection that can interfer with FixIEDef:

Disable Windows Defender until the computer is clean

• Open Windows Defender
• Select Tools and then General Settings
• Under Real Time Protection Options uncheck Turn on real-time protection
• Select Save

Don't forget to re-enable it, when your computer is clean.

Disable SUPERAntiSpyware until the computer is clean

• Right-click on the shortcut from the system tray
• Choose View Control Center (preferences/options)
• On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
• Click Close to exit.

Don't forget to re-enable it, when your computer is clean.

Disable Teatimer
First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Don't forget to re-enable it, when your computer is clean.

Run FixIEDef:

Double-click FixIEDef


Click 'Accept'


Click 'Scan'


Wait for the scan to finish. It won't take very long.


WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during scanning. The icons and Start Menu on your Desktop will not be visible while FixIEDef is scanning. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

Click 'Exit' once FixIEDef displays the All Finished message.


Post the Results of the scan:

Post the FixIEDef log file, located on the Desktop.

ok heres the
FixIEDef log

Attached Files

FixIEDef.log (2.2 KB, 4 views)

Can you run Smitfruad now?

if not, try renaming the .exe from smitfraudfix.exe to smitty.exe

nope not even renaming it same problem.

Ok, one more thing, I would like you to uninstall it and try downloading from somewhere else

http://downloads.securitycadets.com/SmitfraudFix.exe

nope still thing..

ok, do the kaspersky scan from the last page, if that comes back clean then I will be ok with that.

ok thats not working now its syaing my Java is messed up and i went to check and it said it was ok. but figured i'd reinstall just incase and did it 2 times and is still doing that..
i do have crossloop if you want to use that. not sure if any of you have it or not. but a friend had me download it to fix a problem a week or so ago to try and fix a problem with a video of one of our kids not lettting us move it.

Ok, something is not right here, I just glanced back over the thread quickly and never saw a log to look a little deeper into your registry. So lets do that now


Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

combofix log. I had to zip the file because it was too big.

Attached Files

combofixlog.zip (70.9 KB, 5 views)

bumping this up.

I will respond shortly - I am in the middle of work

Very good,

What anti virus are you going to use. I see reference to Norton, AVG, and Avast in there. Please let me know so I can give instructions for removing the ones that you don't want - or at least the leftovers from an old install.

Please post a fresh hijackthis log - it looks like most orphans have been removed by combofix, but just want to clean up a bit.

After you do this we can clean up and secure the system from future attacks

thanks.. Norton is what we paid for so thats the one we'll keep.

Attached Files

hijackthis.log (10.8 KB, 1 views)

Ok, your good.

Uninstall Avast! through control panel->add/remove programs

=======================================================

Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

-----------------------------------------------------------------------

OTCleanit! by Oldtimer

• Download OTCleanIt
• Click the CleanUp! button.
  • It will go thorugh the list and remove all of the tools it finds and then delete itself (requiring a reboot).

---------------------------------------------------------------------------

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Set correct settings for files
   • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
   • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
   • If unchecked please check Hide protected operating system files (Recommended)
   • If necessary check "Display content of system folders"
   • If necessary Uncheck Hide file extensions for known file types.
   • Click OK
   
   clear system restore points
   • This is a good time to clear your existing system restore points and establish a new clean restore point:
     • Go to Start > All Programs > Accessories > System Tools > System Restore
     • Select Create a restore point, and Ok it.
     • Next, go to Start > Run and type in cleanmgr
     • Select the More options tab
     • Choose the option to clean up system restore and OK it.
     This will remove all restore points except the new one you just created.
   
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   
4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.This is done in Vista through control panel -> windows updates.
   
   
7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

ok i followed thsoe steps but when i ran the cleanup one it didnt delete any of them should i just go in and uninstall and delete them..

also i'm still getting sent to the other search page i looked when it was loading and it says its qwewebsearch.com , i tried looking up info on it and it looks like it was part of those whole trojan/malware crap that was on the computer how do i cange that or delete get rid of it. if i try to use the search window up there it said on firefox "Firefox can't find the server at www.qwewebsearch.com." so i changed it to search with google but how do i get rid of it from even being an option.

yes, just delete any left manually.

I'm not sure I understand what you are trying to accomplish. If you want to restrict a connection to that site - then we can do this:

Open C:\windows\system32\drivers\etc\hosts

paste the following like to the host file

click save

One more thing

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.