Please download smitRem.zip and save it to your desktop from this link http://noahdfear.geekstogo.com/smitRem.exe
Open the file and it will extract itself to a new folder called SmitRem.
Reboot into safe mode by following the directions Here.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again, this is normal.
Wait for the tool to complete and Disk Cleanup to finish, this may take a while; please be patient.
Next go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
While still in safe mode run Hijack This again, close all windows and browsers except HT, place a check to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp3162.tmp
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
All of the 018"s
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Navigate to and delte these files/folders if found:
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
Run this free online scan from Panda
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.
Please download this cleaner and run it in safe mode
http://www.atribune.org/content/view/19/2/ by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into safe mode run Ewido
When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Please reboot into normal mode and post the ewido log.
Click the Empty Selected button.
