This topic is locked
Thank you very very much first off for taking the time to read my post and for seeing if there is anything you can do to help me.
Okay so let me just run down for you what I have done in my attempt to clean up my computer:
AVG Anti-Spyware full scan; SUPERAntiSpyware full scan; combofix scan; Avast! Free antivirus full scan; vundofix scan; smitfraudfix scan; I'm pretty sure that was all of em.
To give you an idea of what I believe I have on my system:
What initially caught my attention and showed obviously that my computer was infected was a change of desktop background (with a hypertext link to do a spyware scan), along with a whole bunch of popups continually going off and my task manager being disabled (I have since regained access to my task manager, the desktop background has changed back, and popups have ceased). In addition, the scans have pointed out additional things (that I was able to quarantine) such as:
Win32:TratBHO [Trj]
Win32:Trojan-gen {UPX}
Win32:CTX
Win32:Delf-HOX [Trj]
Win32:Mudrop-U [Trj]
Win32:Wimad-C [Trj]
Trojan.IrcHole
By reading some of the other topics that I believe relate to what's infecting my computer I've seen that you have been asking for combofix logs, in addition to the hijack this log. So here go both of my most recent scans:
COMBOFIX LOG (TAKEN IN SAFEMODE**)
ComboFix 08-02-18.1 - Chris LastName 2008-02-18 20:23:22.6 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Chris LastName\Desktop\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.
2008-02-18 17:28 . 2008-02-18 17:28 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-18 01:58 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-18 01:58 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-18 01:58 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-18 01:58 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-18 01:57 . 2008-02-18 01:57 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-18 01:57 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-18 01:57 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-18 01:57 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-18 01:57 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-18 01:35 . 2008-02-18 19:16 <DIR> d-------- C:\VundoFix Backups
2008-02-17 10:30 . 2008-02-17 10:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-17 10:30 . 2008-02-17 10:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-17 10:30 . 2008-02-17 10:30 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-17 10:30 . 2008-02-17 10:30 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-17 09:14 . 2008-02-17 09:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-17 09:13 . 2008-02-18 19:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-17 09:13 . 2008-02-17 09:13 <DIR> d-------- C:\Documents and Settings\Chris Radecke\Application Data\SUPERAntiSpyware.com
2008-02-17 09:11 . 2008-02-17 09:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 03:02 . 2008-02-17 03:02 <DIR> d-------- C:\Documents and Settings\Chris Radecke\Application Data\Grisoft
2008-02-17 03:00 . 2008-02-17 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 03:00 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-05 18:46 . 2008-02-05 18:46 <DIR> d-------- C:\Program Files\WinDirStat
2008-02-05 18:28 . 2008-02-05 18:34 <DIR> d-------- C:\Program Files\Wise Registry Cleaner
2008-02-05 18:22 . 2008-02-05 18:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 16:49 . 2008-02-05 16:49 90,688 --a------ C:\WINDOWS\system32\gvvtqtjc.dll
2008-02-05 16:41 . 2008-02-05 16:41 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-02-05 16:40 . 2008-02-05 17:11 <DIR> d-------- C:\Documents and Settings\Chris Radecke\Application Data\Dealio
2008-02-05 16:40 . 2008-02-05 16:40 3,791,542 --a------ C:\WINDOWS\tbKUvulAEn.exe
2008-02-05 16:39 . 2008-02-05 17:13 <DIR> d-------- C:\Program Files\Dealio
2008-02-05 16:38 . 2008-02-05 16:38 <DIR> d-------- C:\WINDOWS\kwiofcnu
2008-02-05 16:38 . 2008-02-05 16:38 181,248 --a------ C:\WINDOWS\mrujwlkj.dll
2008-02-05 16:38 . 2008-02-05 16:38 89,617 --a------ C:\WINDOWS\vazyhabm.exe
2008-02-05 16:38 . 2008-02-05 16:38 54,764 --a------ C:\WINDOWS\system32\fnhoje
2008-02-05 16:38 . 2008-02-05 16:38 39,424 --a------ C:\WINDOWS\wbubqziv.exe
2008-02-05 16:38 . 2008-02-05 16:38 2 --a------ C:\138535567
2008-02-05 16:38 . 2008-02-17 09:10 0 --a------ C:\reg.reg
2008-01-20 02:44 . 2008-02-17 14:24 <DIR> d-------- C:\Program Files\iTunes
2008-01-20 02:44 . 2008-01-20 02:44 <DIR> d-------- C:\Program Files\iPod
2008-01-20 02:42 . 2008-01-20 02:42 <DIR> d-------- C:\Program Files\QuickTime
2008-01-20 02:39 . 2008-01-20 02:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-20 02:39 . 2008-01-20 02:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-19 17:00 . 2008-02-12 19:33 156 --a------ C:\WINDOWS\matlab.ini
2008-01-19 16:59 . 2008-01-19 16:59 <DIR> d-------- C:\Documents and Settings\Chris Radecke\Application Data\MathWorks
2008-01-19 16:55 . 2004-03-01 21:05 407,104 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-01-19 16:55 . 2004-02-11 13:37 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-01-19 16:22 . 2008-01-19 16:22 645,120 --a------ C:\WINDOWS\system32\config.gms
2008-01-19 16:06 . 2008-01-19 16:06 <DIR> d-------- C:\Program Files\MATLAB
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 01:35 --------- d-----w C:\Program Files\WinXMedia
2008-02-19 01:33 --------- d-----w C:\Program Files\The Weather Channel FW
2008-02-19 01:31 --------- d-----w C:\Program Files\Trillian
2008-02-19 01:30 --------- d-----w C:\Program Files\Sony
2008-02-19 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-19 01:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 01:25 --------- d-----w C:\Program Files\Avvenu
2008-02-17 19:21 --------- d-----w C:\Program Files\Windows Defender
2008-02-17 11:02 --------- d-----w C:\Program Files\PeerGuardian2
2008-02-17 09:55 --------- d-----w C:\Documents and Settings\Chris Radecke\Application Data\Azureus
2008-02-14 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-12 19:38 --------- d-----w C:\Program Files\Dl_cats
2008-02-12 05:33 --------- d-----w C:\Documents and Settings\Chris Radecke\Application Data\U3
2008-02-10 00:46 --------- d-----w C:\Documents and Settings\Chris Radecke\Application Data\LimeWire
2008-02-06 10:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 00:31 --------- d-----w C:\Program Files\ESET
2008-01-25 22:56 --------- d-----w C:\Program Files\McAfee
2008-01-25 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-24 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-21 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-20 10:40 --------- d-----w C:\Program Files\Apple Software Update
2008-01-19 22:42 --------- d-----w C:\Program Files\EA SPORTS
2008-01-19 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-01-19 21:27 --------- d-----w C:\Program Files\VstPlugins
2008-01-19 21:21 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-01-18 21:07 --------- d-----w C:\Program Files\XBC
2008-01-18 18:54 --------- d-----w C:\Documents and Settings\Chris Radecke\Application Data\locks online four
2008-01-16 04:00 --------- d-----w C:\Documents and Settings\Chris Radecke\Application Data\ESET
2008-01-16 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-01-15 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 23:10 --------- d-----w C:\Program Files\LimeWire
2008-01-07 07:23 --------- d-----w C:\Program Files\Azureus
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-03-14 00:15 27,044,969 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_13_17_09_49_full.dmp.zip
2007-03-14 00:15 147,976 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_13_17_07_38_small.dmp.zip
2007-03-14 00:15 142,025 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_13_17_11_03_small.dmp.zip
2007-03-14 00:15 108,521 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_13_17_08_11_small.dmp.zip
2007-03-14 00:06 207,003 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_11_21_27_52_small.dmp.zip
2007-03-12 04:27 137,185 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_11_21_07_22_small.dmp.zip
2007-03-12 04:06 204,650 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_23_02_17_49_small.dmp.zip
2007-03-12 04:06 198,581 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_23_02_17_44_small.dmp.zip
2007-03-12 04:06 177,736 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_23_02_15_52_small.dmp.zip
2007-03-12 04:06 138,187 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_23_02_13_33_small.dmp.zip
2007-02-15 07:33 40 ----a-w C:\Documents and Settings\Chris Radecke\language.dat
2007-01-31 02:15 13,195 ----a-w C:\Documents and Settings\Chris Radecke\zguicfgw.dat
2007-03-14 20:08 1,155,832 -csha-w C:\WINDOWS\system32\ccbeg.bak1
2007-03-13 15:20 1,160,035 -csha-w C:\WINDOWS\system32\cccdd.bak1
2007-03-12 15:20 1,167,983 -csha-w C:\WINDOWS\system32\cccdd.bak2
2007-02-11 20:50 88 --sh--r C:\WINDOWS\system32\D39B572A28.sys
2007-03-15 11:34 1,155,727 -csha-w C:\WINDOWS\system32\jjkkj.bak1
2007-03-16 12:05 1,168,591 -csha-w C:\WINDOWS\system32\jjkkj.bak2
2007-03-13 22:00 1,154,870 -csha-w C:\WINDOWS\system32\jlkkj.bak1
2007-02-11 20:50 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-30 22:20 791,842 -csha-w C:\WINDOWS\system32\kjllm.bak1
2006-12-01 01:51 792,585 -csha-w C:\WINDOWS\system32\kjllm.bak2
2007-03-14 18:08 1,154,808 -csha-w C:\WINDOWS\system32\utstv.bak1
2007-03-14 18:08 353 -csha-w C:\WINDOWS\system32\utvwa.ini2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 10:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 10:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 10:50 114688]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-07 20:55 73728]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BurnWin"= {C145CF11-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\system32\apiuser32.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcc]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhecc]
jkkhecc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjj]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxxuv]
yayxxuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvenu Access n Share.lnk]
backup=C:\WINDOWS\pss\Avvenu Access n Share.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris Radecke^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris Radecke^Start Menu^Programs^Startup^PeerGuardian.lnk]
backup=C:\WINDOWS\pss\PeerGuardian.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chris Radecke^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Update]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMCService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2007-04-19 13:21 198184 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-14 23:04 332800 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
--a------ 2005-03-11 10:59 35328 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 02:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-11-01 00:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2006-12-14 12:28 2801664 C:\Program Files\Electronic Arts\EA Link\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 17:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emMON]
--a------ 2006-05-31 12:24 61440 C:\WINDOWS\HCWemMON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FRAG LITE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-18 11:56 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 07:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 07:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--a------ 2006-07-12 21:22 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 16:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mySISvc]
--a------ 2007-05-04 14:59 5958965 C:\Program Files\mySI\mySI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-07-29 03:07 188416 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-16 20:26 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-15 19:12 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 17:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2005-03-09 23:18]
S1 fnhoje;fnhoje;C:\WINDOWS\system32\fnhoje [2008-02-05 16:38]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-13 12:21]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-09-13 12:21]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 03:00:00 C:\WINDOWS\Tasks\857BF1E581B89DC9.job"
- c:\docume~1\chrisr~1\applic~1\lockso~1\Tool boob bore.exe
"2008-02-15 02:02:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 02:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D6CXNLB1-Chris Radecke).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-19 03:17:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 20:30:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-18 20:33:38
ComboFix-quarantined-files.txt 2008-02-19 04:33:32
ComboFix2.txt 2008-02-19 01:13:06
.
2008-02-14 19:59:28 --- E O F ---
HiJack This Log (Reg Mode):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:18 AM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....my.ucdavis.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159138496674
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gebcc - C:\WINDOWS\
O20 - Winlogon Notify: jkkhecc - jkkhecc.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\
O20 - Winlogon Notify: jkklj - C:\WINDOWS\
O20 - Winlogon Notify: yayxxuv - yayxxuv.dll (file missing)
O21 - SSODL: BurnWin - {C145CF11-124F-3562-44AC-E685D962C63C} - C:\WINDOWS\system32\apiuser32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 8494 bytes
****HERE ARE SOME ADDITIONAL LOGS THAT MAY BE HELPFUL*****:
SUPERAntiSpyware Log:
SUPERAntiSpyware Scan Log
Generated 02/18/2008 at 03:37 PM
Application Version : 3.6.1000
Core Rules Database Version : 3404
Trace Rules Database Version: 1396
Scan type : Complete Scan
Total Scan Time : 14:05:28
Memory items scanned : 404
Memory threats detected : 1
Registry items scanned : 8599
Registry threats detected : 6
File items scanned : 49184
File threats detected : 7
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMNLM.DLL
C:\WINDOWS\SYSTEM32\PMNLM.DLL
HKLM\Software\Classes\CLSID\{8F47A633-F319-40C0-BC92-A848B54226E2}
HKCR\CLSID\{8F47A633-F319-40C0-BC92-A848B54226E2}
HKCR\CLSID\{8F47A633-F319-40C0-BC92-A848B54226E2}\InprocServer32
HKCR\CLSID\{8F47A633-F319-40C0-BC92-A848B54226E2}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F47A633-F319-40C0-BC92-A848B54226E2}
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{98663E21-9CCE-4CF6-863C-911A9523A66F}
Adware.Tracking Cookie
C:\Documents and Settings\Chris Radecke\Cookies\chris_radecke@pcantiviruspro[1].txt
C:\Documents and Settings\Chris Radecke\Cookies\[email protected][1].txt
C:\Documents and Settings\Chris Radecke\Cookies\[email protected][1].txt
C:\Documents and Settings\Chris Radecke\Cookies\chris_radecke@bizadverts[2].txt
C:\Documents and Settings\Chris Radecke\Cookies\[email protected][1].txt
RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk
Avast! Antivirus Scan:
Malware name: Win32:TratBHO [Trj]
File name: C:\VUNDOFIX BACKUPS\EQQVJQXG.DLL.BAD (deleted);
C:\VundoFix Backups\ypnthbpv.dll.bad (moved to chest)
VPS version: 080218-0, 02/18/2008
Malware name: Win32:Trojan-gen {UPX}
File name: C:\Program Files\Numark Cue\Setup.exe (moved to chest)
Type: Virus/Worm
VPS version: 080218-0, 02/18/2008
C:\WINDOWS\system32\ActiveScan\pskavs.dll (moved to chest)
Win32:CTX
Virus/Worm
080218-0, 02/18/2008
C:\WINDOWS\system32\gvvtqtjc.dll (moved to chest)
Win32:TratBHO [Trj]
Trojan Horse
080218-0, 02/18/2008
K:\My Software\Sony.Vegas.v7.0c.Incl.Keygen-SSG\keygen.exe
Win32:Delf-HOX [Trj]
Trojan Horse
080218-0, 02/18/2008
K:\My Software\Webroot Spy Sweeper\Spy Sweeper Updater 2.0.0 Beta 5000.exe
Win32:Mudrop-U [Trj]
Trojan Horse
080218-0, 02/18/2008
C:\Documents and Settings\Chris Radecke\My Documents\My Music\Mistah F.A.B. - Son of a Pimp\intro mistah son of a pimp.wm
Win32:Wimad-C [Trj]
Trojan Horse
080219-0, 02/19/2008
AVG Anti-Spyware Scan:
Trojan.IrcHole
Several Tracking Cookies
Not-A-Virus.Hoax.Win32.Renos.asa
SmitFraudFix v2.292
Scan done at 17:20:04.43, Tue 02/19/2008
Run from C:\Documents and Settings\Chris Radecke\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.76.178
DNS Server Search Order: 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9911AD09-9943-40B9-8F36-A33AEE266A97}: DhcpNameServer=68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9911AD09-9943-40B9-8F36-A33AEE266A97}: DhcpNameServer=68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9911AD09-9943-40B9-8F36-A33AEE266A97}: DhcpNameServer=68.87.76.178 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.178 68.87.78.130
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Sorry for the length of this post lol. I hope that it's a good thing.
Thank you very very much,
Chris (First time poster)
Sign In
Create Account
