|
|
#11
14th Aug 2007, 14:31
| |||
| |||
| OK lets try the Smitfraud removal again. Be sure you run it in Safe Mode. We will work on getting your settings back after this is gone. Please do the following... Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Run CCleaner. Do a fresh HJT scan and post a new HJT log along with a rapport.txt log (2 attatchments) |
|
#12
14th Aug 2007, 15:04
| |||
| |||
| Hi, I've run smitfraud in safe mode - it didn't prompt that wininet.dll was infected, and the rapport txt file attached. Also ran CCleaner and HJT and the log file for latter is attached, Kind regards Wayne |
|
#13
14th Aug 2007, 15:14
| |||
| |||
| Have you gotten any of the controls back? |
|
#14
14th Aug 2007, 15:23
| |||
| |||
| No- still no control panel and when iIclick on the system program access and defaults I get the same restrictions messages. Not looking good? Wayne |
|
#15
14th Aug 2007, 16:04
| |||
| |||
| Run HJT and select Do a system scan only. Check and remove these entries. O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr159.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum348.txt Close all windows before fixing. Install and run this SUPERAntispyware Free Edition When you have SAS open click the preferences. General and Startup tab Only have checked Show splash screen on startup Use XP style menus Check for program updates when the application starts Do not scan when SuperAntiSpyware starts Realtime Protection Tab Uncheck everything there Then scan your computer Have it fix what it finds. If anything other then cookies are found then please save the log. From SUPERAntispyware start page click Preferences>Statistics/Logs Tab>Highlight The Log>View Log Add the log in the next post. |
|
#16
14th Aug 2007, 17:02
| |||
| |||
| Hi, done everything you said and the superspyware log attached. Following re-boot, I still have no control panel and continue to get same restrictions messages when trying the set programme access and defaults. Bit of a swine this one - thanks for your help so far. I'm off to bed now, another early start in the morning, Regards Wayne |
|
#17
14th Aug 2007, 17:50
| |||
| |||
| Yes this is where we start having fun.  Download this. Open it and check all of the boxes as it will not hurt anything. Dial-a-fix Then go to Windows Update just to be sure nothing is missing. If you get any error messages from anything at all. I need to know the exact message word for word/number. Let us know if this helps. Also a fresh HJT log. |
|
#18
15th Aug 2007, 09:54
| |||
| |||
| Hi, Have done as requested - no error messages, but the dail a fix scan was interrupted right at the start stating there were restrictions on the computer and it could not scan - it related to the adjust date and time check box. After clicking OK it started to scan the other areas - I've attached the log on the dial a fix scan if it helps. Also HJT log attached. Regards Wayne  |
|
#19
15th Aug 2007, 10:30
| |||
| |||
| Download this file - Link removed at posters request. 2. Double click combofix.exe & follow the prompts. 3. When finished, it will produce a log for you. Attach this log to your next reply Note: Do not mouseclick combofix's window while it is running. That may cause it to stall. |
|
#20
15th Aug 2007, 15:47
| |||
| |||
| Hi, Combo fix log attached regards Wayne |
