Programs not working, always freezing, firefox crashing...
#1
Posted 20 February 2007 - 08:15 PM
Register to Remove
#2
Posted 21 February 2007 - 09:11 PM
#3
Posted 25 February 2007 - 08:10 PM
Welcome to Tom Coyote . Sorry about the delay in responding but we are as most times just overwhelmed with logs.
Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#4
Posted 25 February 2007 - 11:14 PM
#5
Posted 25 February 2007 - 11:18 PM
#6
Posted 26 February 2007 - 05:48 AM
When we are done cleaning the infection off of you computer I will give you a list of free programs to install, right now we need to get rid of the Smitfraud Infection.
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop.
- Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run Ewido and update the definition files.
- On the main screen select the icon Update then select the Update now link.
- Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
- Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
- Under Reports
- Select Automatically generate report after every scan
- Un-Select Only if threats were found
- Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.
Boot your computer into Safemode
- Go to Start> Shut Off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
- This will bring up a menu.
- Use the Up and Down Arrow Keys to scroll up to SAFEMODE
- Then press the Enter on your Keyboard
- Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
- Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
- You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
- The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart into normal Windows.
- A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
Clean out your Temporary Internet files. Proceed like this:
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start> Control Panel and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete Offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button.
- Click Apply then OK.
- Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
- Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
- AVG will now begin the scanning process, be patient this may take a little time.
- Once the scan is complete do the following:
- If you have any infections you will prompted, then select Apply all actions
- Next select the Reports icon at the top.
- Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
- make sure to remember where you saved that file, this is important
- Close AVG Anti-Spyware 7.5
Reboot normally.
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd
- Select option #3 - Delete Trusted zone by typing 3 and press Enter
- Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O4 - Startup: .protected
O4 - Global Startup: .protected
Run this system cleaner.
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
Download and Install CCleaner
* Click on Run Cleaner
* Run the Issues Scan < -- After it scans your system, when you click on the Fix button and it asks you to backup the Registry..Say Yes
Tutorial for CCleaner
This is what I need.
1. Smitfraud Log
2. AVG Log
3. New HJT log
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#7
Posted 26 February 2007 - 10:09 PM
#8
Posted 27 February 2007 - 05:37 AM
here is where I am getting stuck, after i press enter to delete infected files, the screen always goes blank, and i am never offered the registry cleaner option
Just bypass this for the moment and proceed with the rest of the fix.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#9
Posted 27 February 2007 - 10:07 PM
#10
Posted 28 February 2007 - 05:52 AM
This is related to the Smitfraud infection. First fix it with HJT.
O4 - Startup: .protected
Then run Smitfraud fix Option 2 in normal windows if it won't run in safemode.
Run this other great cleaner.
Please download ATF Cleaner by Atribune.
- This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Let me see the Smitfraud log and a New HJT log please.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
Register to Remove
#11
Posted 28 February 2007 - 08:07 PM
Edited by crz1o13o4, 28 February 2007 - 08:08 PM.
#12
Posted 28 February 2007 - 08:25 PM
O4 - Startup: .protected
- Open HJT
- Then open the Misc Tools section
- click on Generate a Startup List Log,
- Don't check the 2 boxes just yet.
- Post the log into this thread
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#13
Posted 28 February 2007 - 08:42 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijack This\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack This\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\JoHn & RiA\Start Menu\Programs\Startup]
.protected
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
D_V_T = C:\\dvt.exe /S \C:\\d_v_t.reg\
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
HPHUPD05 = C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HPHmon05 = C:\WINDOWS\system32\hphmon05.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
FRU Task #Hewlett-Packard#hp psc 1200 series#1157981268.job
HP Usg Daily.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 4,336 bytes
Report generated in 0.125 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
#14
Posted 28 February 2007 - 09:13 PM
Try disabling AVG anti spyware. Open the program and look for the Background Guard feature and disable it.
Go to where you have the Smitfraud fix icon on your desktop and delete it and do a fresh download.
Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.
After disableing the background guard in AVG, try removing that entry with HJT on both Normal and Safemode, do another scan with Smitfraud in both Normal and Safemode. If and when the screen goes blank, let it be for a while, sometimes it takes awhile for it to complete.
Post the report if you can and a new HJT log.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#15
Posted 01 March 2007 - 05:56 AM
Click Start> Run and type msconfig into the run box and press the enter key.
Click the Startup tab and look for and untick anything that says protected.
Click Apply > Ok
You will be prompted to reboot your system.
After your system has rebooted, you will see a window that says you have used msconfig to make changes etc. Tick the little box that says not to run msconfig the next time you start your computer and click ok.
Then if you can proceed with removing that entry and running Option 2 for Smitfraud.
There is a newer version of Smitfraud here if the one I posted still won't work.
http://siri.geekstog...mitfraudFix.php
Ken
Edited by ken545, 01 March 2007 - 06:29 AM.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users