Tech Support Forum - View Single Post - Technicolor screen, Popups, Error messages running programs, random programs starting

Nigel4 · 10-06-2007, 10:10 AM

I have a ATI Radeon 9600.

I had a sudden blast of about 20 pop ups when I rebooted after safe mode that all came up in internet explorer as blank:pages with a few IP's and generic mal-ware websites I couldn't read because of technicolor death.

Here come the logs: Rapport.txt

mitFraudFix v2.235

Scan done at 0:11:15.00, Sat 10/06/2007
Run from C:\Documents and Settings\Owner\My Documents\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\country.exe Deleted
C:\WINDOWS\kl1.exe Deleted
C:\WINDOWS\secure32.html Deleted
C:\WINDOWS\toolbar.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{240A4C79-8242-4231-89B6-2836FC0CC688}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A6F1D4E-9368-4CFC-B3C2-CD3E7F72B91A}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{240A4C79-8242-4231-89B6-2836FC0CC688}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A6F1D4E-9368-4CFC-B3C2-CD3E7F72B91A}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{240A4C79-8242-4231-89B6-2836FC0CC688}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9A6F1D4E-9368-4CFC-B3C2-CD3E7F72B91A}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

10-06-2007, 10:10 AM	#11 (permalink)
Nigel4 Registered User Join Date: Aug 2006 Location: Detroit Posts: 18 OS: XP/Vista	Re: Technicolor screen, Popups, Error messages running programs, random programs star I have a ATI Radeon 9600. I had a sudden blast of about 20 pop ups when I rebooted after safe mode that all came up in internet explorer as blank:pages with a few IP's and generic mal-ware websites I couldn't read because of technicolor death. Here come the logs: Rapport.txt mitFraudFix v2.235 Scan done at 0:11:15.00, Sat 10/06/2007 Run from C:\Documents and Settings\Owner\My Documents\Downloads\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\country.exe Deleted C:\WINDOWS\kl1.exe Deleted C:\WINDOWS\secure32.html Deleted C:\WINDOWS\toolbar.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{240A4C79-8242-4231-89B6-2836FC0CC688}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A6F1D4E-9368-4CFC-B3C2-CD3E7F72B91A}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS1\Services\Tcpip\..\{240A4C79-8242-4231-89B6-2836FC0CC688}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A6F1D4E-9368-4CFC-B3C2-CD3E7F72B91A}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS3\Services\Tcpip\..\{240A4C79-8242-4231-89B6-2836FC0CC688}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9A6F1D4E-9368-4CFC-B3C2-CD3E7F72B91A}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End