Thanks for returning your information and your feedback, let's see if I can wrap this up for you now.
First thing I notice this morning and I apologize for not noticing it before is that Smitfraudfix is and
old version. It has to be constantly updated as the hackers change their junk. I posted a link to the newest version? Please uninstall all Smitfraud Fix and download then run the "Search" function again and
post that report.
http://siri.geekstogo.com/SmitfraudFix.php Please
DO NOT run the "Clean" function, if there is no infection left, and I can not tell without running the "Search" it can do
damage to your desktop.
I will also point out that thought the instructions say this:
Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
You ran the "Clean" function in normal mode? I am going to continue with the balance of the adware, I will be able to better advise you when I see the report from
Smitfraudfix version v2.146.
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your
Desktop. We will use this later.
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\
Save\ <<< delete that folder
C:\WINDOWS\system32\
ntsystem.exe <<< delete that file
5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the
C:\report.txt from Smitfraudfix "Search" and a new
HJT log.
Thanks
You have peer to peer file sharing programs on this computer and I am not going to attempt to tell you what to do with those, I am simply going to provide you information and you may do as you wish:
http://kppfree.altervista.org/spylist.html
http://www.benedelman.org/news/030705-1.html
http://www.benedelman.org/spyware/p2p/
http://www.spywareinfo.com/articles/p2p/
http://pcpitstop.com/spycheck/p2p.asp
http://pcpitstop.com/spycheck/badtorrent.asp
Since you may not have installed those yourself, let me add that while the programs may not be, many of the files that can be downloaded are illegal.
xpsp2res.dll,-22019"
ogProxy2"