Logfile of HijackThis v1.99.1
Scan saved at 15:29:08, on 11/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)
Nothing open except Hijackthis and click on fix checked.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Now run that clean batch file you created earlier, type in 'Y' a couple of times and press enter each time you type in "Y" until black box disappears.
Then:
Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter
Reboot
Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start
typed in run CLEANMGR.EXEthats when things went pear shape pc cut out completely,done this 4times and this just wouldnt work!!!!!!! in the end i couldnt even get out of safeboot so switched off had enough went to bed!!!! now after a been off all day ive just come in switched on come out of safemode and cant work this out!!!!!!!! help! i got pc wizard if you need any more info ok
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates: Ad-Aware SE Setup
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.
Try your best to do the smitrem tool if you can't do any of the others, if you can post that log per instructions above.
Don't do anything with this tool(ABOVE) unless you loose your internet connection, if you do loose it run LSPfix tool and click finish and reboot
Download and install Kazza Begone, this tool does have a bug in it but it is rare if it happens, you could loose your internet connection, just run LSPfix and click finish and reboot if you do.
hi
downloaded smitrem.exe run in safemode log attached
couldnt do adware in safeboot kept shuting down
couldnt do pandascan either in normal mode
pc just keeps shutting down in safeboot??sometimes cant even get out of safeboot??
ewido log attached too
new hijack log below:
Logfile of HijackThis v1.99.1
Scan saved at 14:58:22, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)
Are you running the new version of Windows(Vista)?
Did you run kazza Begone?
(BETA Rootkit Elimination Technology): Note: The F-Secure BlackLight Beta only works on 32-bit Windows 2000, Windows XP and Windows 2003 Server. The current F-Secure BlackLight beta does not work on Windows NT, 95, 98, ME, or 64-bit Windows.
Please print out these instructions as you should have all open windows and programs closed when running the scan.
Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop
Step 2.
==========
- Double-click the blbeta.exe file on your Desktop and select ‘Run’.
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure "Scan through Windows Explorer (Recommended)" is selected\checked (if asked)
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Close" – VERY IMPORTANT: Do not proceed beyond this point on the initial first assessment – this is BETA software – need to proceed carefully
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
hi yes i have run kazza begone...just forgot to say.......anyway log is attached f.secure.lucky to eevn be on windows now as last night this was shutting down when ever it decided to??
hi i know this file is on that report i posted but i cant find this on my pc.....tried everything search results made sure hidden files and folders was checked and stiil cant locate this ......i did even know i dont like norton i used there online scan to check for virus's and it come back with ...infected with 1 Adware.DollarRevenue which according to that scan was located in c:\windows\drsmartload95a.exe <----only im also unable to find this????
