Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Another Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Another Virus

Unread postby Ryuji35 » January 26th, 2007, 6:26 am

Please check my HIJACKTHIS LOG, coz, there was an annoying thing happening in my computer please check!

Logfile of HijackThis v1.99.1
Scan saved at 10:24:33, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/ins ... utions.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Ryuji35
Regular Member
 
Posts: 85
Joined: January 15th, 2006, 8:27 pm
Location: Asia
Advertisement
Register to Remove

Unread postby beynac » January 26th, 2007, 6:58 am

Hi. Welcome to MalWare Removal!

SmitFraudFix (by S!Ri)
  • Please download SmitFraudFix from here and save it to your Desktop.
  • Double-click on Smitfraud.exe - this will create a SmitfraudFix folder.
  • Open the folder and double-click smitfraudfix.cmd
  • Select option #1 - Search by typing 1 and press Enter - a text file will appear, which lists infected files (if present).
Do not run any of the other options at this stage.

Please copy/paste the content of the report (c:\rapport.txt) into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a 'RiskTool'; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between 'good' and 'malicious' use of such programs, therefore they may alert the user.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Ryuji35 » January 26th, 2007, 7:05 am

SmitFraudFix v2.135

Scan done at 11:03:37.98, 26/01/2007
Run from C:\Documents and Settings\home\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\home


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\home\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\home\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

[HKEY_CLASSES_ROOT\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Ryuji35
Regular Member
 
Posts: 85
Joined: January 15th, 2006, 8:27 pm
Location: Asia

Unread postby beynac » January 26th, 2007, 7:09 am

Hi. That was quick! :)

First, I need you to download a couple of programs.

-----------------------------------------------------------------

Download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.

Do not use it yet.

----------------------------------------------------------------

AVG Anti-Spyware:

If you already have this program installed, please update it as detailed below.

Please note that you must uninstall all versions of Ewido anti-spyware before installing this program.

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under How to act? click Recommended actions and select Quarantine from the menu.
You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------------------

You need to reboot your computer in Safe Mode for the next step. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an 'always on' connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting a menu appears.
  • Use up-arrow key to select Safe Mode and press Enter.
-------------------------------------------------------------

Open the SmitFraudFix folder on your desktop and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press 'Enter' to delete infected files.

You will be prompted : 'Registry cleaning - Do you want to clean the registry ?'; answer 'Yes' by typing Y and press 'Enter' in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer 'Yes' by typing Y and press 'Enter'.

The tool may need to restart your computer to finish the cleaning process.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt.

Reboot into Safe Mode (as above).

------------------------------------------------------------

Run ATF Cleaner by Atribune ©:
  • Make sure that all browser windows are closed
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
----------------------------------------------------

Close all open windows and then start AVG Anti-Spyware.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan? - Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Reboot in Normal Mode.

------------------------------------------------------------

Open the SmitFraudFix folder again and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question 'Restore Trusted Zone ?' by typing Y and hit Enter.

-----------------------------------------------------------

Please post, as a reply to this thread:
  • The SmitFraudFix report (c:\rapport.txt)
  • The AVG Anti-Spyware report
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Ryuji35 » January 26th, 2007, 7:26 am

okay, I'll post this within an hour. :D thank you!!!
Ryuji35
Regular Member
 
Posts: 85
Joined: January 15th, 2006, 8:27 pm
Location: Asia

HijackthisLog

Unread postby Ryuji35 » January 26th, 2007, 8:37 am

Logfile of HijackThis v1.99.1
Scan saved at 12:36:03, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/ins ... utions.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Ryuji35
Regular Member
 
Posts: 85
Joined: January 15th, 2006, 8:27 pm
Location: Asia

AVG Scan Report

Unread postby Ryuji35 » January 26th, 2007, 8:38 am

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:27:28 26/01/2007

+ Scan result:



HKU\S-1-5-21-842925246-413027322-682003330-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.375:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.178:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.179:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.229:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.231:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.233:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.234:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.236:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.207:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.208:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.20:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.185:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.186:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.187:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.56:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.363:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.105:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.354:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.355:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.320:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.137:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.138:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.139:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.62:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.63:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.64:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.356:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.357:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.338:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.339:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.345:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.285:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.286:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.287:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.188:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.221:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.281:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.282:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.283:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.284:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.102:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.103:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.180:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.183:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.184:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.107:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.108:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.79:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.97:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.98:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.99:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.169:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.28:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.72:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.73:C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\ob33bp03.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
Ryuji35
Regular Member
 
Posts: 85
Joined: January 15th, 2006, 8:27 pm
Location: Asia

Rapport

Unread postby Ryuji35 » January 26th, 2007, 8:39 am

SmitFraudFix v2.135

Scan done at 11:49:45.82, 26/01/2007
Run from C:\Documents and Settings\home\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"

[HKEY_CLASSES_ROOT\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Ryuji35
Regular Member
 
Posts: 85
Joined: January 15th, 2006, 8:27 pm
Location: Asia

Unread postby beynac » January 26th, 2007, 9:24 am

Congratulations - your latest HijackThis log is clean! :)

There's just a bit of tidying up to do. Please delete SmitfraudFix, from your desktop, and its report (c:\rapport.txt). I suggest that you keep ATF Cleaner and AVG Anti-Spyware as these are useful programs. Now that your computer is clean, it would be a good idea to 'flush' your System Restore points.

Flush System Restore

Turn OFF System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK
Restart your computer

Turn ON System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK
This will create a new, clean restore point.

I won't give you my usual 'clean speech' as I've already done that when I helped you in a previous thread (http://www.malwareremoval.com/forum/viewtopic.php?p=117990#117990).

Please let me know if you have any questions.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Ryuji35 » January 26th, 2007, 8:00 pm

I have done the last part.... Thank you very much of your help!!! MWR really never let me down! :D :D Thanks again!
Ryuji35
Regular Member
 
Posts: 85
Joined: January 15th, 2006, 8:27 pm
Location: Asia

Unread postby beynac » January 27th, 2007, 5:56 am

You're welcome. I'm glad that we could help. :)
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby Nick-YF19 » January 27th, 2007, 4:58 pm

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware