Hi there, I'll start helping you out, but a few questions.
You ran SmitRem, is that a current copy that was just downloaded? If it was downloaded even a few days ago, it may not be updated with the latest definitions. If you didn't just download SmitRem, then please download a new copy. Also, download the trial version of Ewido Security Suite
here. Install it and check for updates. After you have updated it, close it and reboot into safe mode. You should copy the instructions to notepad or print them out, since you won't have Internet access in safe mode.
Safe mode instructions:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode
Once in safe mode, run the SmitRem file 1st. When that is done, run ewido. Be sure to save the logs that both make so you can post them in your next reply. Reboot normally after finishing and see how things work. Please copy and paste the logs in your replies instead of attaching them. , it is easier to work with and it makes it easier for other helpers to search.
If that doesn't work, then please do the following so i can get some more info:
Run HijackThis, click on
Open the Misc Tools Section, put a checkmark in
List also minor sections and
List empty sections. Click on
Generate StartupList log, answer
Yes and copy/past the content in your reply.
Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingc...es/winpfind.php Extract it to your
C:\ folder. This will create a folder called
WinPFind in the C:\ folder.
Open the
C:\WinPFind folder and double-click on
WinPFind.exe.
Click on
Configure Scan Options.
Remove all the checkmarks under
Folder Options on the left side by clicking the button
Remove All, uncheck
Run Addon's and click
Apply.
Click on the
Start Scan button and wait for it to finish.
Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named
C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.
REgardless of what happens, please post a fresh HJT log, the SmitRem log, and the ewido log. If you haven't been cleaned, then include the other two as well. Use more than one post, since some of the logs can be long.
Edited by Nick-YF19, 09 February 2006 - 08:54 AM.