Looks like we got it that time. :) Reboot 1 more time, then create and post a fresh HijackThis log.
I have some errands to run. I'll be back in a bit. :)
Copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As...
Close the registry editor and reboot. Either check the value manually or do a HijackThis scan to see if it returns.
Good. Close out of the Permissions dialog. Right click the appinit_dlls entry in the right pane and select delete. Press F5 and let me know if...
Yes. Click Start>Run, type regedit and hit enter. Navigate to the following registry key. HKEY_LOCAL_MACHINE\software\microsoft\windows...
Looks good. I'm quite sure those 208.67.220.220 dhcp addresses were put there by Spybot. Looks like you're clean, but I'd recommend running an...
OK. Thanks. I may be gone for a while as well. ;)
Thanks. Just to make sure, please right click that file and select Properties. Check the Version tab and let me know what info is there, eg;...
Yes, I was referrring to putting the modem back in, boot up, remove it via Phone and Modem Options, then in Device Manager if present. No need to...
Please go to jotti and submit the following file, then wait for the analysis results. Copy and paste the results back here please....
That's fine. :)
Hmmm.... lets give CmboFix one more shot. Open the CFScrit.txt on the desktop and remove everything. Copy the contents of the quote box below and...
Thanks. :) Please run SmitfraudFix again, selecting option 5 this time. Post the log it opens when complete.
Hmmm....the registry entries weren't removed. :confused: Scan again with HijackThis and fix the following entry. O20 - AppInit_DLLs:...
Two files caught my attention in your first dump. Mrxdav.sys mrxsmb.sys Then I scrolled down to see mrxsmb.sys as the faulting module in...
Download ComboFix again from Here or Here, saving the file to your Desktop. Copy the contents of the code box below and paste it into a blank...
You ran SmitfraudFix in normal mode rather than safe mode. I can't determine if was as effective as it could have been. Recommend you run it again...
I do see a few signs of Zlob yet, and there may be others that we can't see, so let's run another tool. Please download SmitfraudFix by S!Ri,...
Likely that you just have Windows set to not show known extensions. To make sure they are the right ones, open any explorer window, Click...
Separate names with a comma.
