pestilence Hello:WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! Back to Top
Touch Forum Moderator Hello
If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (normally C: ), and launch from there.
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click on SmitfraudFix.exe Clean by typing 2 and press "Enter " to delete infected files.Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". C:\rapport.txt
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
process.exe is detected by some antivirus programs as a "RiskTool". It is not a virus , but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please download Malwarebytes' Anti-Malware:
to your desktop .
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan , then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with C:\rapport.txt, a fresh combofix log
NB : If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Do NOT post your problem in someone elses thread.
Back to Top
pestilence Ok I think I have everything here are the 3 logs you asked for.WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! Back to Top
Touch Forum Moderator
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
Snapshot::
Folder::
C:\Documents and Settings\Cheyanne.MARTY-A113CE187\Application Data\Enc bind
C:\Documents and Settings\marty.MARTY-A113CE187\Application Data\Enc bind
C:\Documents and Settings\Beckie.MARTY-A113CE187\Application Data\Enc bind
C:\Documents and Settings\All Users.WINDOWS\Application Data\Noun Love Bits Peak
C:\Documents and Settings\Cree\Application Data\Enc bind
C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
C:\Documents and Settings\Marley.MARTY-A113CE187\Application Data\Enc bind
C:\Program Files\Logitech\Desktop Messenger
DirLook::
C:\Program Files\BitPim
Registry::
R0 -: HKCU-Main,Start Page = hxxp://www.iesearch.com/
----------------------------------------------
Save this as CFScript.txt
At this point, You MUST EXIT ALL BROWSERS NOW before continuing!
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
Post new hijackthis log along with fresh combofix log
Do NOT post your problem in someone elses thread.
Back to Top
pestilence ok here we goWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 0 0 0 60SM.ipk Back to Top
pestilence I have not seen one in a while thank you very much Back to Top
Touch Forum Moderator My pleasure
Please read Tony Klein's excellent article about how to prevent against spyware/hijackers in the future
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html
Do NOT post your problem in someone elses thread.
Back to Top
pestilence Would you by any chance know how to get my clock off military time i don"t think it reset after combofix changed it. Back to Top
pestilence
Forum Information Currently it is Saturday, November 07, 2009 8:30 PM (GMT +1)View Active Threads Who's Online This forum has 30250 registered members. Please welcome our newest member, iyshwarya iyer .Details 5 Latest Threads
|