i tryed all the ways i know to change it but changes back after 2mins. please help
HJLOG
Logfile of HijackThis v1.99.1
Scan saved at 4:07:49 PM, on 2/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Name\Desktop\BNet\East\StealthBot v2.6R3.exe
C:\Documents and Settings\Name\Desktop\BNet\West\StealthBot v2.6R3.exe
C:\Documents and Settings\Name\Desktop\BNet\fiction\fiction\Fiction.exe
C:\Documents and Settings\Name\Desktop\BNet\l2uthless Ops v2.11f\l2uthless Ops v2.11f\l2uthless Ops.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Name\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ComboFix Log:
"Name" - 07-02-13 16:03:07 Service Pack 1
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Name\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\autorun.inf
((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))
2007-02-13 16:02 352 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-13 16:01 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-13 16:01 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-13 16:01 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-13 16:01 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-13 16:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-13 16:01 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-13 15:50 <DIR> d-------- C:\Program Files\Yahoo!
2007-02-13 15:50 <DIR> d-------- C:\Program Files\CCleaner
2007-02-13 15:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-02-13 15:26 <DIR> d-------- C:\WINDOWS\LastGood
2007-02-12 20:22 4,608 -r-hs---- C:\pagefile.exe
2007-02-07 14:04 <DIR> d-------- C:\DOCUME~1\Name\Application Data\JGsoft
2007-02-07 14:03 67,472 --a------ C:\WINDOWS\UnDeploy.exe
2007-02-07 14:03 <DIR> d-------- C:\Program Files\JGsoft
2007-02-06 18:16 <DIR> d-------- C:\Program Files\Accessdiver
2007-02-03 18:26 <DIR> d-------- C:\DOCUME~1\Name\Application Data\Creative
2007-02-02 19:45 974,848 --------- C:\WINDOWS\system32\mfc70.dll
2007-02-02 19:45 54,784 --------- C:\WINDOWS\system32\msvci70.dll
2007-02-02 19:45 487,424 --------- C:\WINDOWS\system32\msvcp70.dll
2007-02-02 19:45 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2007-02-02 19:45 <DIR> d-------- C:\Program Files\Audible
2007-02-02 19:44 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-02-02 19:44 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-02-02 19:44 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys
2007-02-02 19:43 35,938 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-02-01 18:40 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-02-01 18:23 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-02-01 18:23 35,564 --a------ C:\WINDOWS\DIIUnin.dat
2007-02-01 18:23 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-02-01 18:19 <DIR> d-------- C:\Program Files\Diablo II
2007-01-30 13:00 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-30 13:00 <DIR> d-------- C:\DOCUME~1\Name\Application Data\Adobe
2007-01-30 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-30 12:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-29 15:12 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-01-29 15:12 299,392 --a------ C:\WINDOWS\system32\imon.dll
2007-01-29 15:12 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-01-25 21:29 37,760 -ra------ C:\WINDOWS\system32\drivers\P2k.sys
2007-01-25 21:26 24,192 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-01-25 21:23 <DIR> d-------- C:\Program Files\Motorola
2007-01-25 17:21 <DIR> d-------- C:\Program Files\MirageChat.NET
2007-01-21 14:35 <DIR> d-------- C:\DOCUME~1\Name\Application Data\RapidGet
2007-01-20 21:26 <DIR> d-------- C:\Program Files\Project64 1.6
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-13 15:57 -------- d-------- C:\Program Files\flashget
2007-02-13 15:55 -------- d-------- C:\Program Files\mozilla firefox
2007-02-13 14:01 -------- d-------- C:\Program Files\starcraft
2007-02-02 19:52 -------- d-------- C:\Program Files\creative
2007-02-02 19:45 -------- d--h----- C:\Program Files\installshield installation information
2007-01-27 11:27 -------- d---s---- C:\DOCUME~1\Name\Application Data\microsoft
2007-01-25 21:26 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-12 23:54 -------- d-------- C:\Program Files\web publish
2007-01-11 18:53 -------- d-------- C:\Program Files\alcohol soft
2007-01-11 18:49 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-11 18:43 -------- d-------- C:\Program Files\grisoft
2007-01-11 18:17 -------- d-------- C:\Program Files\Common Files\ahead
2007-01-11 18:17 -------- d-------- C:\Program Files\ahead
2007-01-11 16:51 724992 --a------ C:\WINDOWS\iun6002.exe
2007-01-11 16:51 -------- d-------- C:\Program Files\eo video
2007-01-06 12:22 -------- d-------- C:\DOCUME~1\Name\Application Data\real
2007-01-06 12:17 -------- d-------- C:\Program Files\real
2007-01-06 12:17 -------- d-------- C:\Program Files\Common Files\xing shared
2007-01-06 12:17 -------- d-------- C:\Program Files\Common Files\real
2007-01-06 11:28 -------- d-------- C:\Program Files\nimocodec pack
2007-01-06 11:28 -------- d-------- C:\Program Files\divx
2007-01-05 16:02 73216 --a------ C:\WINDOWS\st6unst.exe
2007-01-05 16:02 286720 --------- C:\WINDOWS\setup1.exe
2007-01-05 16:02 -------- d-------- C:\Program Files\starforge
2007-01-04 16:03 -------- d-------- C:\Program Files\winamp
2007-01-04 15:45 -------- d-------- C:\Program Files\bearshare
2007-01-03 17:59 -------- d-------- C:\Program Files\breakpoint software
2007-01-02 17:17 -------- d-------- C:\Program Files\datel
2007-01-02 14:00 967 --a------ C:\WINDOWS\scunin.pif
2007-01-02 14:00 70656 --a------ C:\WINDOWS\scunin.exe
2007-01-02 14:00 32845 --a------ C:\WINDOWS\scunin.dat
2007-01-01 17:54 -------- d-------- C:\DOCUME~1\Name\Application Data\utorrent
2007-01-01 17:47 -------- d-------- C:\DOCUME~1\Name\Application Data\sun
2007-01-01 16:58 -------- d-------- C:\Program Files\videolan
2007-01-01 16:58 -------- d-------- C:\DOCUME~1\Name\Application Data\vlc
2007-01-01 14:06 -------- d-------- C:\Program Files\bitcomet
2007-01-01 13:18 -------- d-------- C:\Program Files\no-ip
2007-01-01 12:49 2024 --a------ C:\WINDOWS\mozver.dat
2007-01-01 12:49 -------- d-------- C:\Program Files\java
2007-01-01 12:48 -------- d-------- C:\Program Files\Common Files\java
2007-01-01 12:30 -------- d-------- C:\Program Files\conexant
2007-01-01 11:58 -------- d-------- C:\Program Files\movie maker
2007-01-01 11:58 -------- d-------- C:\Program Files\messenger
2007-01-01 11:46 -------- d-------- C:\Program Files\Common Files\aol
2007-01-01 01:46 -------- d-------- C:\DOCUME~1\Name\Application Data\identities
2007-01-01 01:45 -------- d--h----- C:\Program Files\windowsupdate
2007-01-01 01:43 0 -rahs---- C:\MSDOS.SYS
2007-01-01 01:43 0 -rahs---- C:\IO.SYS
2007-01-01 01:43 0 --a------ C:\CONFIG.SYS
2007-01-01 01:43 0 --a------ C:\AUTOEXEC.BAT
2007-01-01 01:43 -------- d-------- C:\Program Files\microsoft frontpage
2007-01-01 01:42 -------- d-------- C:\Program Files\online services
2007-01-01 01:41 -------- d-------- C:\Program Files\Common Files\mssoap
2007-01-01 01:40 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-01 01:40 -------- d-------- C:\Program Files\windows nt
2007-01-01 01:40 -------- d-------- C:\Program Files\msn gaming zone
2006-12-31 23:51 -------- d-------- C:\Program Files\aim6
2006-12-31 23:51 -------- d-------- C:\DOCUME~1\Name\Application Data\acccore
2006-12-31 23:50 335 --a------ C:\WINDOWS\nsreg.dat
2006-12-31 23:50 -------- d-------- C:\Program Files\viewpoint
2006-12-31 23:50 -------- d-------- C:\Program Files\Common Files\nullsoft
2006-12-31 23:50 -------- d-------- C:\DOCUME~1\Name\Application Data\mozilla
2006-12-31 23:26 -------- d-------- C:\DOCUME~1\Name\Application Data\macromedia
2006-12-31 23:19 -------- d-------- C:\Program Files\stealthbot
2006-12-31 23:16 -------- d-------- C:\Program Files\sigmatel
2006-12-31 23:16 -------- d-------- C:\Program Files\intel
2006-12-31 17:36 62 --ahs---- C:\DOCUME~1\Name\Application Data\desktop.ini
2006-12-31 17:36 -------- d-------- C:\Program Files\Common Files\speechengines
2006-12-31 17:36 -------- d-------- C:\Program Files\Common Files\odbc
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSVolFE"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Creative\\Mixer\\CTSVolFE.exe\" /r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\igfxpers.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\igfxtray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MirageChat]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PARPORT
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-13 16:03:38
Rapport
SmitFraudFix v2.141
Scan done at 16:02:17.31, 07-02-13
Run from C:\Documents and Settings\Name\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Sign In
Create Account
