Help Removing Smitfraud-C.gp

[stuffeditup]

Hi I have run Smitfraud, spybot and adaware, and Hijack this but I still have 3 instances of the Smitfraud-C.gp. This started in google and I do not know what he managed to download before I got home.

Seriously I need help before he starts using my Laptop and stuffs this up

Hijack Log

[TimW]

Welcome to Major Geeks!

Please uninstall HJT as it will be properly installed when you do the following:

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

[stuffeditup]

Well I think I may have done it since running the SAS program and removing the infections then running Spybot the Smitfraud seems to be gone.

So do I continue running the rest or stop here. Also the MGtools.exe did not download I only recieved a attachment.php.

One last thing how is he getting these things in his computer. He had a straight Smitfraud a few weeks ago then this one, and he had only visited YouTube, Weatherbom and Adelaide airport the day before he got it.
We run Spybot, AVG spyware and antivirus, and I have left the SAS antispyware running as well now.

Thanks in advance

[TimW]

I would suggest that you do the rest of the requested step .....what exactly happened when you downloaded MGTools?

If you want a clue as to where it is coming from:
SAS log:
Known Threat Sources
C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\KTAHAX87\ajax[1].htm
C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\H9SKL4WX\errorhandler[1].htm

[stuffeditup]

Ok Tim,
I had already gone ahead and run the Malawarebytes AntiMalaware, but I stopped before running the CCleaner as I was a bit wary of the 1/100 computers failing.

Anyway back to the download of MGTools.

All that downloads is a PHP file.

attachment.php

I have included the mbam log which fould a few more spots of trouble and I ran Spybot again. At the moment he can use the Internet and the computer and I will be checking those files are gone when I get home. Also looking at those files does thos mean he still runs IE5 not version 6 as I thought.
And if all this fails would a complete Harddrive format work, all of our document were backed up last week so it is an easy thing for me to do.

[stuffeditup]

Add another on, I thought we were clear. ( I still haven't run the Ccleaner yet)
But we have found that most of the Internet is clear, but when he hits YouTube it all goes to hell again.
I have upgraded him to IE7
I also could not find the 2 files??
C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\KTAHAX87\ajax[1].htm
C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\H9SKL4WX\errorhandler[1].htm

[TimW]

You ran MalwareBytes but didn't have it fix anything. It shows you are infected....and without logs or having fixed anything with MWB's I cant advise you on what to do. If you feel it would be no trouble to reformat.....go ahead.