Hi there, I'll start helping you out, but a few questions.
You ran SmitRem, is that a current copy that was just downloaded? If it was downloaded even a few days ago, it may not be updated with the latest definitions. If you didn't just download SmitRem, then please download a new copy. Also, download the trial version of Ewido Security Suite here
. Install it and check for updates. After you have updated it, close it and reboot into safe mode. You should copy the instructions to notepad or print them out, since you won't have Internet access in safe mode.
Safe mode instructions:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode
Once in safe mode, run the SmitRem file 1st. When that is done, run ewido. Be sure to save the logs that both make so you can post them in your next reply. Reboot normally after finishing and see how things work. Please copy and paste the logs in your replies instead of attaching them. , it is easier to work with and it makes it easier for other helpers to search.
If that doesn't work, then please do the following so i can get some more info:Run
HijackThis, click on Open the Misc Tools Section
, put a checkmark in List also minor sections
and List empty sections
. Click on Generate StartupList log
, answer Yes
and copy/past the content in your reply.
Download WinPFind.zip to your Desktop or to your usual Download Folder. http://www.bleepingc...es/winpfind.php
Extract it to your C:\
folder. This will create a folder called WinPFind
in the C:\ folder.
Open the C:\WinPFind
folder and double-click on WinPFind.exe
Click on Configure Scan Options
Remove all the checkmarks under Folder Options
on the left side by clicking the button Remove All
, uncheck Run Addon's
and click Apply
Click on the Start Scan
button and wait for it to finish.
Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt
. Please copy that log into your next reply.
REgardless of what happens, please post a fresh HJT log, the SmitRem log, and the ewido log. If you haven't been cleaned, then include the other two as well. Use more than one post, since some of the logs can be long.
Edited by Nick-YF19, 09 February 2006 - 08:54 AM.