Member Panel

grtlkcanadian

O.K i will do this now ...see you in a min.

grtlkcanadian · 04:12 PM

Originally Posted by chiaz

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please attach that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Here are the updated logs...

chiaz

Please run HijackThis and place a checkmark by the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: (no name) - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BA463437-C3DE-47da-8280-87596824388A} - (no file)
O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
O3 - Toolbar: (no name) - {21301D69-B8F1-46AA-B0B5-09EE2285914C} - (no file)
O3 - Toolbar: (no name) - {23DDAE8C-6A79-4d62-80AA-E95D89CB9811} - (no file)
O4 - Global Startup: Trend Micro Anti-Spyware.lnk.disabled
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} -
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} -
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/z...ploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

Can I see a new HijackThis log?

grtlkcanadian · 04:12 PM

Her is the latest HJT Log...

chiaz

The HijackThis log looks clean right now...

Run SUPERAntiSpyware or AVG Anti-Spyware right now, and post the new logs in your next reply. We'll then take care of everything else.

grtlkcanadian · 04:12 PM

Here is the log...

chiaz

Reboot to Safe Mode. Navigate to and delete the following folders:
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\STUPID VC SOFT DEFY
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BAGS FIVE WAVE STUPID
C:\DOCUMENTS AND SETTINGS\CRC\APPLICATION DATA\SHOW THAT FOR

After the folders are deleted, reboot again, back to Normal Mode.

Open Hijackthis, click "Open the Misc Tools section"
Next to "Generate StartupList log", place a check next to "List also minor sections" (full) and "List empty sections (complete).
Then click "Generate StartupList log"
Click "Yes" to the box that pops-up.
Then attach the notepad file that appears, along with a new SUPERAntiSpyware log. With any luck, your computer should be all clean now.

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud