sari

Members
  • Content Count

    105
  • Joined

  • Last visited

About sari

  • Rank
    HJT Team

Contact Methods

Profile Information

  • Location
    Maryland
  1. Chrissie, That looks good. Just a little clean up, and you should be ready to go. Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. You can also delete the smitfraudfix program we installed at the beginning. Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the
  2. Chrissie, That looks better - I'm going to have you run an online virus scanner just as a final check. Please do an online scan with Kaspersky WebScanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When th
  3. Chrissie, It looks like those runs cleaned up a lot of the issues. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O21 - SSODL: genadmui - {16824F4F-3B2B-AF53-C6C2-098B56D7403C} - C:\Program Files\gehndkd\genadmui.dll Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please remove these entries from Add/Remove Programs in the Control Panel(if pre
  4. Chrissie, First, I want to verify that what you're dragging looks like this: . Second, let's delete your version of Combofix and download a newer one. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** Once it's saved, drag the recovery console to it again, and report back here. Thanks, sari
  5. Chrissie, I'm checking on this - we'll get it resolved and get the rest of the PC cleaned up.
  6. Chrissie, I would really like for the recovery console to be installed. While I don't anticipate that we'll need it, there are still a number of infected files present. Would you please try dragging the recovery console file over to Combofix again? If you're asked to accept any EULAs by Microsoft, please accept them - it's a just a license agreement for the recovery console software. Once you've completed that, re-run combofix and post the log. Thanks, sari
  7. Chrissie, We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen
  8. Chrissie, Hi, and welcome to Besttechie. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a
  9. cirobest, Welcome to Besttechie. I apologize for the wait - I hope you're still checking. You have something called Lop, and I can help you with it. Disable your Avast anti-virus; you'll re-enable it after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) sari
  10. samuel3838, Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Thanks, sari
  11. Samuel3838, Sorry - I didn't realize you had replied to this, and I was away for part of that time. Let me review what you have and I'll post shortly. sari
  12. Panda08, You'll download SP2 - that will install the recovery console. sari
  13. raiannon, Could you give some more detail on what you see? That hijackthis log is clean, so I'm curious what symptoms you're seeing, or what the scanners have found.
  14. Panda08, You had an infection called Wareout, that redirects your browser to other sites and generally interferes with how your PC runs. Most viruses, spyware, etc., interfere with the performance of the PC, so I'm not surprised yours was running much faster after that - it was the primary infection on your PC. I'd like you to follow some directions to install what's called the Recovery Console. This isn't to clear up anything you have; it's more of a safety measure. We're seeing more cases of nasty viruses that can prevent PCs from booting up, and having this installed could help you out i
  15. Panda08, How are things running now? Are you still having issues with slowness, because your logs are clean now. sari