I have some problems...

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

While running in safe mode can be important to get certain infections removed, I'm more concerned that you run ALL of the steps and that you run them in the order given. Did you run ALL steps starting at step 0, and did you run them in the order given?

Having to use Task Manger in safe mode to run things is not the normal way. Some infections will make booting in safe mode more difficult for you or impossible and some (like you have) just make it difficult to do anything in safe mode.

Each tool may find and remove things. That does not mean you will be clean after running the READ & RUN ME. It is a generic procedure that will clean many many things from your PC and get it into a known work state from which it will be easier for us to maunally remove anything that remains. Once you complete ALL of the READ ME and attach ALL 6 requested logs we can continue with the manual steps.

 

But you need to run steps in the order written which means HijackThis must be run after everything else was run. If you don't run it this way, your HijackThis log may not display current information since the other scans could have changed something. Post a current log.

But did you run them where/when requested in the READ ME.

Where is the log from BitDefender?

 

Did you run CounterSpy before or after Panda and BitDefender?

 

The problem with this is that you are making it more difficult for us to help you. When things are not run in the correct order, what we see in each of the logs is not necessarily correct. In addition it confuses us because we will see things in certain logs that we know should have been fixed by a particular tool which should have already been run. For future reference: When running our procedures, you must run only what we request and you must do it in the order requested. This will yield the most effective results and will result in us being able to help you more correctly and more quickly.

I'm looking thru your logs now, but due to things being run out of order, some items I point out may no longer exist.

I still see Viewpoint Manager running. You should have uninstalled this in step 0. Please uninstall it now.

 

Do you know what the below is for?
O4 - Global Startup: VTAgentReboot.exe

Also remove the below malware service while waiting for me to work thru the rest of your logs:

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Net Agent
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

 

Okay here are a couple more things to do while I continue working up a fix (almost done).

Delete the below file which is wasting over 2 Gig of hard disk space

Code:

C:\
14fd.tmp      Jul 20 2007   296419328  "14FD.tmp"

Also in the root of drive c (that is C:\) you have all the below JPGs. If you need them, move them someplace safer otherwise delete them. You should avoid saving things in the root folder.

Code:

pic171.jpg    Apr 25 2007           0  "PIC171.jpg"
pic172.jpg    Apr 25 2007      214353  "PIC172.jpg"
pic173.jpg    Apr 29 2007       61338  "PIC173.jpg"
pic174.jpg    Apr 29 2007      203657  "PIC174.jpg"
pic175.jpg    Apr 29 2007      205601  "PIC175.jpg"
pic176.jpg    Apr 29 2007      202120  "PIC176.jpg"
pic177.jpg    Apr 29 2007      204918  "PIC177.jpg"
pic178.jpg    Apr 30 2007      105732  "PIC178.jpg"
pic179.jpg    Apr 30 2007      231851  "PIC179.jpg"
pic180.jpg    May 13 2007           0  "PIC180.jpg"
pic181.jpg    May 13 2007      177672  "PIC181.jpg"
pic182.jpg    May 13 2007      179237  "PIC182.jpg"
pic183.jpg    May 13 2007      199306  "PIC183.jpg"
pic184.jpg    Jun 20 2007      241264  "PIC184.jpg"
pic185.jpg    Jun 20 2007      251231  "PIC185.jpg"
pic186.jpg    Jun 20 2007      249269  "PIC186.jpg"
pic187.jpg    Jun 22 2007      217393  "PIC187.jpg"
pic188.jpg    Jun 22 2007      218053  "PIC188.jpg"
pic189.jpg    Jun 22 2007      216381  "PIC189.jpg"
pic190.jpg    Jun 22 2007      223797  "PIC190.jpg"
pic191.jpg    Jun 22 2007      225503  "PIC191.jpg"
pic192.jpg    Jun 22 2007      225995  "PIC192.jpg"
pic193.jpg    Apr 22 2007      223787  "PIC193.jpg"
pic194.jpg    Apr 22 2007      226286  "PIC194.jpg"
pic195.jpg    Jun 22 2007      161844  "PIC195.jpg"
pic196.jpg    Jun 22 2007      166895  "PIC196.jpg"
pic197.jpg    Jun 22 2007      154959  "PIC197.jpg"
pic198.jpg    Jun 22 2007      151806  "PIC198.jpg"
pic199.jpg    Jun 22 2007      150987  "PIC199.jpg"
pic200.jpg    Jun 22 2007           0  "PIC200.jpg"
pic201.jpg    Jun 23 2007      202415  "PIC201.jpg"
pic202.jpg    Jun 23 2007      207665  "PIC202.jpg"
pic203.jpg    Jun 23 2007      213442  "PIC203.jpg"
pic204.jpg    Jun 23 2007      207784  "PIC204.jpg"
pic205.jpg    Jun 23 2007      180766  "PIC205.jpg"
pic206.jpg    Jun 23 2007      172471  "PIC206.jpg"
pic207.jpg    Jun 23 2007      210154  "PIC207.jpg"
pic208.jpg    Jun 23 2007      149381  "PIC208.jpg"
pic209.jpg    Jun 23 2007      172536  "PIC209.jpg"
pic210.jpg    Jun 23 2007      152348  "PIC210.jpg"
pic211.jpg    Jun 23 2007      140480  "PIC211.jpg"
pic212.jpg    Jun 23 2007      138041  "PIC212.jpg"
pic213.jpg    Jun 23 2007      157096  "PIC213.jpg"
pic214.jpg    Jun 23 2007      142010  "PIC214.jpg"
pic215.jpg    Jun 23 2007      162994  "PIC215.jpg"
pic216.jpg    Jun 23 2007      117096  "PIC216.jpg"
pic217.jpg    Jun 23 2007       91077  "PIC217.jpg"
pic218.jpg    Jun 23 2007      102650  "PIC218.jpg"
pic219.jpg    Jun 23 2007       85851  "PIC219.jpg"
pic220.jpg    Jun 23 2007       68222  "PIC220.jpg"
pic221.jpg    Jun 23 2007       70050  "PIC221.jpg"
pic222.jpg    Jun 23 2007       85006  "PIC222.jpg"
pic223.jpg    Jun 23 2007      118389  "PIC223.jpg"
pic224.jpg    Jun 27 2007      252467  "PIC224.jpg"
pic225.jpg    Jun 27 2007      254570  "PIC225.jpg"
pic226.jpg    Jun 28 2007      231609  "PIC226.jpg"
pic227.jpg    Jun 28 2007      174804  "PIC227.jpg"
pic228.jpg    Jun 28 2007      197297  "PIC228.jpg"
pic229.jpg    Jun 28 2007      200844  "PIC229.jpg"
pic230.jpg    Jun 28 2007      188507  "PIC230.jpg"
pic231.jpg    Jun 29 2007      145395  "PIC231.jpg"
pic232.jpg    Jun 29 2007      162197  "PIC232.jpg"
pic233.jpg    Jul  1 2007      208341  "PIC233.jpg"
pic234.jpg    Jul  1 2007      209125  "PIC234.jpg"
pic235.jpg    Jul  1 2007      205604  "PIC235.jpg"
pic236.jpg    Jul  4 2007      158002  "PIC236.jpg"
pic237.jpg    Jul  4 2007      156248  "PIC237.jpg"
pic238.jpg    Jul  4 2007      160735  "PIC238.jpg"
pic239.jpg    Jul  4 2007      175373  "PIC239.jpg"
pic240.jpg    Jul  5 2007      209309  "PIC240.jpg"
pic241.jpg    Jul  4 2007      210437  "PIC241.jpg"
pic242.jpg    Jul  4 2007      210379  "PIC242.jpg"
pic243.jpg    Jul  5 2007      194032  "PIC243.jpg"
pic244.jpg    Jul  5 2007      207632  "PIC244.jpg"
pic245.jpg    Jul  5 2007      202249  "PIC245.jpg"
pic246.jpg    Jul  5 2007      202460  "PIC246.jpg"
pic247.jpg    Jul  5 2007      261314  "PIC247.jpg"
pic248.jpg    Jul  5 2007      256757  "PIC248.jpg"
pic249.jpg    Jul  5 2007      249255  "PIC249.jpg"
pic250.jpg    Jul  5 2007      256896  "PIC250.jpg"
pic251.jpg    Jul  5 2007      236682  "PIC251.jpg"
pic252.jpg    Jul  5 2007      254524  "PIC252.jpg"
pic253.jpg    Jul  5 2007      243499  "PIC253.jpg"
pic254.jpg    Jul  5 2007      256249  "PIC254.jpg"
pic255.jpg    Jul  5 2007      231764  "PIC255.jpg"
pic256.jpg    Jul  5 2007      204437  "PIC256.jpg"
pic257.jpg    Jul  5 2007      208136  "PIC257.jpg"
pic258.jpg    Jul  5 2007      204801  "PIC258.jpg"
pic259.jpg    Jul  5 2007      206693  "PIC259.jpg"
pic260.jpg    Jul  5 2007      211539  "PIC260.jpg"
pic261.jpg    Jul  5 2007      207875  "PIC261.jpg"
pic262.jpg    Jul  5 2007      212999  "PIC262.jpg"
pic263.jpg    Jul  5 2007      212581  "PIC263.jpg"
pic264.jpg    Jul  5 2007      204728  "PIC264.jpg"
pic265.jpg    Jul  6 2007      227041  "PIC265.jpg"
pic266.jpg    Jul  6 2007      205002  "PIC266.jpg"
pic267.jpg    Jul  6 2007      185219  "PIC267.jpg"
pic268.jpg    Jul  6 2007      178210  "PIC268.jpg"
pic269.jpg    Jul  9 2007      235319  "PIC269.jpg"
pic270.jpg    Jul  9 2007      237157  "PIC270.jpg"
pic271.jpg    Jul 11 2007      230973  "PIC271.jpg"
pic272.jpg    Jul 11 2007      218175  "PIC272.jpg"
pic273.jpg    Jul 11 2007      217119  "PIC273.jpg"
pic274.jpg    Jul 11 2007      217265  "PIC274.jpg"
pic275.jpg    Jul 11 2007      217210  "PIC275.jpg"
pic276.jpg    Jul 11 2007      218880  "PIC276.jpg"
pic277.jpg    Jul 11 2007      217133  "PIC277.jpg"
pic278.jpg    Jul 11 2007      216782  "PIC278.jpg"
pic279.jpg    Jul 11 2007      194774  "PIC279.jpg"
pic280.jpg    Jul 11 2007      183865  "PIC280.jpg"
pic281.jpg    Jul 12 2007      241654  "PIC281.jpg"
pic282.jpg    Jul 12 2007      250572  "PIC282.jpg"
pic283.jpg    Jul 14 2007      190897  "PIC283.jpg"
pic284.jpg    Jul 17 2007      197711  "PIC284.jpg"
pic285.jpg    Jul 17 2007      169342  "PIC285.jpg"
pic286.jpg    Jul 17 2007           0  "PIC286.jpg"
pic287.jpg    Jul 17 2007           0  "PIC287.jpg"
pic288.jpg    Jul 17 2007           0  "PIC288.jpg"
pic289.jpg    Jul 17 2007           0  "PIC289.jpg"
pic290.jpg    Jul 17 2007           0  "PIC290.jpg"
pic291.jpg    Jul 18 2007      231061  "PIC291.jpg"
pic292.jpg    Jul 19 2007      180622  "PIC292.jpg"
pic293.jpg    Jul 19 2007      192672  "PIC293.jpg"
sosswe~1.jpg  Jul  4 2007      167367  "S.O.S Swearing Bad Language.jpg"
tahkuc~1.jpg  Jun 28 2007      150900  "TAHKuCTka Swearing In Stables Public Place.JPG"
ultima~1.jpg  Jun 28 2007      149907  "UltimatE swearing.JPG"
_mazah~1.jpg  Jul  5 2007      177095  "=MaZaHaKa= Bad Language.jpg"
_mazah~2.jpg  Jul  5 2007      155015  "=MaZaHaKa= Bad Language #2.jpg"
_mazah~3.jpg  Jul  5 2007      163411  "=MaZaHaKa= Bad Language #3.jpg"

 

Okay make sure you have completed what I requested in messages 10, 11, & 12 and then continue on to the below.


Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
  [*]It will create a folder named HostsXpert in whatever folder you extract it to.
  [*]Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
  [*]Click the X to exit the program

Uninstall the below old versions of software:
Ad-aware 6 Personal <-- this was replace by Ad-Aware SE about 3 yrs ago
Java 2 Runtime Environment, SE v1.4.2


Continue by downloading a tool we will need

- Process Explorer

Extract it to its own folder somewhere that you will be able to locate it later.

Make sure you have rebooted in Normal Mode (do not open any other processes)

Make sure that one and only one Internet Explorer browser is opened up

- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of any of the below DLL files (if found) and then click the kill button.
jkkihig.dll

After you have killed all instances of any of the above DLLs under winlogon click ok.
(If you do not find these DLLS, just continue on.)

Next double click on explorer.exe and again click once on each instance of any of the below DLL files (if found) and then click the kill button.
jkkihig.dll

After you have killed all instances of any of the above DLLs under Explorer click ok.
(If you do not find these DLLS, just continue on.)

Next double click on iexplore.exe and again click once on each instance of any of the below DLL files (if found) and then click the kill button.
jkkihig.dll

After you have killed all instances of any of the above DLLs under iexplore click ok.
(If you do not find these DLLS, just continue on.)

Now back at the main Process Explorer window look for the below processes and if found right click on them and select Kill Process.
C:\Program Files\Common Files\{5CCBDF4D-06C1-1033-0106-050602200002}\Update.exe
C:\Program Files\Ipwindows\ipwins.exe

Now just exit Process Explorer.

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\security\Database\docjava.dll (file missing)
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\jkkihig.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe SKY009
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Global Startup: stamp.dat
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: VTAgentReboot.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O20 - Winlogon Notify: docjava - C:\WINDOWS\security\Database\docjava.dll (file missing)
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
O20 - Winlogon Notify: jkkihig - C:\WINDOWS\SYSTEM32\jkkihig.dll

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 8 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

If you do not see an uninstall for Viewpoint. Run the below:

Run this ViewpointKiller to remove Viewpoint Media software.

 

Continue on with all other steps. We will finish off any remaining Viewpoint stuff later.

 

No it did not based on your ShowNew log. Also you would have a log if it worked. CCleaner would not delete it. It would be c:\avenger.txt if it ran properly. The whole procedure did not work properly. Are you sure you did exactly what was requested with Process Explorer. Please run ALL of the procedure from message # 13 again starting just after the point where it says to download and install Process Explorer. Also please uninstall the CounterSpy trial before repeating the procedure.

Make sure you copy and paste the Avenger fix again since I'm going to add something to it now.

Then attach the same four logs again (make sure they are new logs that you obtain after running the procedure).

 

I asked you to uninstall CounterSpy first. I still see it installed. Also I recommend shutting down your Symantec Antivirus program too. However wait while I work up a new procedure since yu have picked up some new problems.

If you want to try that other procedure (which is not clearly written and think you can follow it) go ahead but it will not fix all of your other issues which we need to get fixed. We have to get the Avenger procedure to work or you will have to find and delete all the problems manually.

New fix to follow.

 

I also see that you still have not uninstalled this: Java 2 Runtime Environment, SE v1.4.2 as requested in message # 13. Did you forget?

You must uninstall this now as it leaves your system susceptible to reinfections from Virtumonde.

Do you have a paid version of Ad-aware 7? If so, you may need to shut it down too before running any fixes.

 

Okay I was putting together another fix using Avenger since there are a load of problems remaining. However I want to try to simplify the manual fixes by using another tool which should remove a few of your problems and will thus reduce the size of the manual fix.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

I saw a link to Ad-Aware's Ad-watch which normlly only works with the paid version. That is why I asked.


Okay did you see message # 24? You and I were posting at the same time. Complete that procedure and attach the new logs.

I'm also going to post another procedure to keep you moving along. Somethings in my next message my no longer appear after running ComboFix. But I want to keep you moving since I have to log off and may not be back until tomorrow night.

 

Okay shutdown Symantec and any other realtime protection and continue on with the below steps.


Make sure that one and only one Internet Explorer browser is opened up

- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of any of the below DLL files (if found) and then click the kill button.
geede.dll
After you have killed all instances of any of the above DLLs under winlogon click ok.
(If you do not find these DLLS, just continue on.)

Next double click on explorer.exe and again click once on each instance of any of the below DLL files (if found) and then click the kill button.
geede.dll

After you have killed all instances of any of the above DLLs under Explorer click ok.
(If you do not find these DLLS, just continue on.)

Next double click on iexplore.exe and again click once on each instance of any of the below DLL files (if found) and then click the kill button.
geede.dll

After you have killed all instances of any of the above DLLs under iexplore click ok.
(If you do not find these DLLS, just continue on.)

Now just exit Process Explorer.

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {5B76B8DF-2115-492A-9693-6A7E8E62B3FE} - C:\WINDOWS\system32\geede.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\awdopvqj.dll\
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xbaprgpp.dll",forkonce
O4 - Global Startup: stamp.dat
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm231
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now run avenger.exe by double-clicking on it.

• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 8 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Looks like we are almost finished with the removal process.

Have HJT fix the below line:
O20 - Winlogon Notify: geede - C:\WINDOWS\


Now use Windows Explorer to delete the below folders:
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\driver <-- be careful!!! Only delete the driver folder not the driversfolder
C:\WINDOWS\system32\Z11

Then reboot!

After reboot, get new logs for ShowNew and HJT and attach them.

 

You're welcome.

Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
10. If you are running Windows XP or Windows ME, do the below:
    • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome Surf safely!