Can not boot after Smitfraud/Netsky

You still have TeaTimer running.

* Run Spybot and click Mode
* Select Advanced Mode.
* Then click Tools and select Resident.
* Now in the right window pane, uncheck TeaTimer.
* Also while this is open, in the left column now select IE Tweaks
* and then in the right pane make sure all the Miscellaneous locks are unchecked.
* Now quit Spybot!

Please double-click the RootRepeal.exe previously downloaded.

* Select File then Scan
* On the Select Drives form select drive C by "ticking" the box for drive C and click OK
* When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
c:\windows\temp\euwmhorn.out
c:\windows\temp\obdwr58p.out
c:\windows\temp\s5p6wfi0.out
c:\windows\temp\v4wx6isu.out
c:\windows\temp\oricxh1t.out
c:\windows\temp\p4kzn2z5.out
* After Wiping all files, immediately reboot your pc!

Now re-run ComboFIx.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

You need to update to either SP2 or 3!!

 

When you ended up doing a re-installation ( as opposed to a repair installation ) you wiped out everything. There will not be anything to retrieve.

As to how this happened:

There are many vehicles by which people get infected. Downloading and clicking on adverstisments are only two possible ways. Others include but are not limited to

* NOT KEEPING ALL SOFTWARE UPDATED!!!
* surfing - usually certain websites are the main problem
* click links to view pictures or videos, or listen to music....etc
* not reading what you are clicking on and even if you do it may be worded in a form to trick you into clicking the wrong answer. Sometimes the answer is the opposite of what you think. And sometimes there is no correct answer because it is already too late one the popup has appeared..
* installing codecs to view videos or sound
* installing cracks and or illegal software
* downloading via P2P or Torrent programs
* downloading from websites that do no check their downloads to see if they are safe and very few actually do this even though they say they do. (We do at Major Geeks!)
* reading emails from unknown senders especially if you have html enabled and also especially if clicking on any attachments
* reading emails from friends who don't know they are infected and may not even know they are sending you emails.

I know that many people like to say that they don't understand how they are getting infected, but the fact remains that in most cases it is by their own doing. I surf more than most people and access all kinds of websites while trying to test various malware. I have to eliminate all of my protection (even my router which has a hardware firewall) and I still have a hard time getting infected and I have to knowingly agree to install things to get infected.

General Tips for everyone (not just you )

* If you do not have a router or do not have a router with a hardware firewall, then get one.
* If you are not using a real bidirectional firewall then install one and only one. The Windows (any version) firewall is not adequate.
* Install one and only one antivirus program.
* Install one and only one realtime antispyware protection program
* Install the below for background protection
o SpywareBlaster
o Spybot with SDHelper and use the Immunization feature
* Do period scans with you AV and AS programs?
* Use additional scan only programs like SUPERAntiSpyware and Malwarebytes.