B
brylyn
Please help! I'm an IMAC user and now have a PC so it's a littl
different here with all this spyware/virus, etc. My IE won't go t
home page,or any other page, except advertisement of virus. A frien
informed me it sounded like I needed to run smitfraud and post alon
with HJT log, but she wasn't sure what to have HJT log to delete
sooooooooooo, here it is. If someone can look at the logs and advis
as to what to do, I'd be greatly indebted and will also learn somethin
valuable about a PC.
Here is the smitfraud and I'll second post the HJT log due to length.
SmitFraudFix v2.219
Scan done at 20:41:54.43, Tue 09/04/2007
Run from C:\Documents and Settings\Cathy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CCS\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A28DDAF-CB79-487A-9577-E3F0E8D06622}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A28DDAF-CB79-487A-9577-E3F0E8D06622}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A28DDAF-CB79-487A-9577-E3F0E8D06622}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A28DDAF-CB79-487A-9577-E3F0E8D06622}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS3\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.25
192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.23
85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.25
192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.23
85.255.112.78
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.25
192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.23
85.255.112.78
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning not selected.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» En
different here with all this spyware/virus, etc. My IE won't go t
home page,or any other page, except advertisement of virus. A frien
informed me it sounded like I needed to run smitfraud and post alon
with HJT log, but she wasn't sure what to have HJT log to delete
sooooooooooo, here it is. If someone can look at the logs and advis
as to what to do, I'd be greatly indebted and will also learn somethin
valuable about a PC.
Here is the smitfraud and I'll second post the HJT log due to length.
SmitFraudFix v2.219
Scan done at 20:41:54.43, Tue 09/04/2007
Run from C:\Documents and Settings\Cathy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CCS\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A28DDAF-CB79-487A-9577-E3F0E8D06622}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6A28DDAF-CB79-487A-9577-E3F0E8D06622}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A28DDAF-CB79-487A-9577-E3F0E8D06622}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6A28DDAF-CB79-487A-9577-E3F0E8D06622}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}
DhcpNameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CS3\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{472B0471-F6ED-4547-BDCC-0F16999180DE}
NameServer=85.255.115.237,85.255.112.78
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.25
192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.23
85.255.112.78
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.25
192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.23
85.255.112.78
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.25
192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.23
85.255.112.78
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window
NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning not selected.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» En