Hi Bod thanks for helping me. I am posting this for a friend and helping him thru his problems. unfortunatly i will not be able go to his house until after the weekend. i have been successful in downloading from my computer to cd-r and then going to his house running programs.So thats where we are at. I can post back sunday or monday . Thanks again Alan

Hi

I'm Bod and here to help you with your Hijack This log.

Please only use this topic for your replies on this problem. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.

I've had a look through your log and I now have some instructions for you to follow.

Before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.

You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.

Please follow and carry out all the steps in the instructions in the order I've listed them.

Please do not try any other "fixes" you may have found on the internet while we are sorting this problem out, it's important that we work through the fix in a systematic manner.


Download SmitfraudFix from http://siri.urz.free.fr/Fix/SmitfraudFix.zip and save the file to your desktop.
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder created in step 1 and double-click " smitfraudfix.cmd". Please do not try to use any of the other files in the folder until instructed.
Select option " 1 - Search" by typing " 1" and pressing " Enter" on the keyboard.
A text file will appear, which lists infected files (if present). We are only generating a report at this stage, not cleaning yet.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
See http://www.beyondlogic.org/consulting/proc...processutil.htm

Please copy/paste the content of the report generated into your next reply. The report can be found at the root of the system drive, usually at C:\rapport.txt.

I'll check the report and get back to you with the next stage of the fix.

Thanks,

Bod

OK, no problem.

I hope your friend isn't too far away, there's a lot to do here and it's going to take a few posts back and forth!

Bod

Hi again,

If you've not burned your cdr yet, also include these - we're going to need them at some point.

CWShredder from http://www.cwshredder.net/bin/CWShredder.exe

Brute Force Uninstaller from http://www.merijn.org/files/bfu.zip

Qoofix from http://downloads.subratam.org/Lon/qooFix.bat

E2TakeOut from http://www.malwarebytes.org/E2TakeOut.zip

Ewido 4.0 trial from www.ewido.net/en/download

There may be others, but we won't know until we get into the fix. Please don't run any of these until instructed.

Thanks,

Bod

Could not get this

Qoofix from http://downloads.subratam.org/Lon/qooFix.bat

Hi,

It's now been at least 7 days since your last post. I am presuming now that your problem has been solved and this topic is now inactive.

I will keep tabs on this post for another 7 days from this date, after which if you need help you should start a new topic.

If you should wish to reply before the 7 days has passed then simply please post a fresh HJT log before proceeding further.

Thanks,

Bod

No our issues have not been resolved. I work different shifts than my friend and we have heck of a time getting together. I'm gonna try tommorrow. Thanks Alan

Hi Alan,

Understood, no problem. I'll continue to monitor this message thread, and offer whatever help I can.

Bod

Hi Alan,

Have you had any luck with this? I'll stop monitoring this topic in a couple of days unless I hear otherwise from you.

Bod