guyz help me out, frrom this ntndis.exe thing!!

ok. time to run the 2nd step, which has to be done in SAFE MODE.

to reach safe mode you would tap the f8 key during a computer restart
chose the first option from the list: safe mode.
once at the safe mode desktop

you should copy/paste the rest into notepad and save it somewhere so you can read it in safe mode;

locate the smitfraud icon on the desktop and double click it to start.
from the main option menu, chose the second option (clean). after smitfraud runs-- disk clean will run, last when asked if you want to clean the registry, select y (yes) then enter. computer will reboot and after the restart produce a log. please save the log somewhere.
post that log and a new hjt log in next reply.

 

SMITFRAUDFIX LOG AFTER CLEANING

SmitFraudFix v2.257

Scan done at 7:18:22.51, Thu 12/06/2007
Run from D:\Documents and Settings\anandakrishnan\Desktop\BAjar ARchivos\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}"="exegeses"

[HKEY_CLASSES_ROOT\CLSID\{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}\InProcServer32]
@="D:\WINDOWS\system32\bubbj.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}\InProcServer32]
@="D:\WINDOWS\system32\bubbj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

D:\WINDOWS\system32\bubbj.dll -> Hoax.Win32.Renos.gen.o
D:\WINDOWS\system32\bubbj.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

D:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
D:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
D:\DOCUME~1\ANANDA~1\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:40 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\RunServices: [SystemTray Monitor] SysTraymon.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3002 bytes

 

Here check these freeware programs, too.
http://www.majorgeeks.com/download506.html
http://www.safer-networking.org/en/download/
http://www.javacoolsoftware.com/spywareblaster.html
In the log report are a few (BHO) Browser Helper Object, and ActiveX. These may be or may not be considered spyware. All depends on the program.

 

Thumbs up for echoreply and QuikDraw. I eliminated the malware. Thanks 2 Smitfraud n HijackThis n etc. etc...
A great support from the afterdawn team once again. Hurray!! guyz! u rock.

 

Congrats!
http://www.youtube.com/watch?v=YwEMxYggoKQ

 

gr8! dat one was one of ma favorites!!!

 

dun dah dah dah dun dun dun dun... wahoo! LOL
Goes something like that.
Hey, now that the bugs are out.
RESET your browser
Configure your startups
Run Disk Cleanup &
Disk Defragmenter.
You can run a registry cleaner, if you know what to remove.

THEN BOB'S YOUR UNCLE!

 

that was pretty clean and complete!
may i have your email.... mail me at jeynash@hotmail.com

 

I can give you an alternate email on a PM. Did you know adbots are on chats and help sites? Waiting for some dummy to post their main email address. Next thing ya got is 20 to 50 SPAMS per day! Ever seen the movie, Cool Hand Luke? Come men you just can't...

 

dats ma alternate too. im not that dumb!
why should you post your emailid here??
send it to the id i gave you above!

 

now that it all looks good, one last thing;

One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is agood idea after malware is removed.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405

echoreply

 

Thanx for de details, echoreply! that was simply great.

Now, i have another problem. this also is connected with the startup.
My taskbar is idle after the login. So, what i do is, kill
explorer.exe using task manager, start a new process, ie, explorer.exe.
Then the taskbar would work as usual. What might be the probable reason?

 

dont know really, back on page one you where playing in the registry and trying various things yourself it looks like. maybe this is the cause?


echoreply

 

Man, that computer has more problems than Carter has pills! LOL
We're going to have to start charging you for each incident. Just kidding! Not a problem helping you.
I have some questions, too. What brand and model computer? WinXP SP2? What Internet Security Suite? Is your operating system fully updated? Is you MOBO BIOS updated? Do you use IE6, or IE7? Do you know how to perform System Recovery?
When using hijackthis, if you remove the wrong stuff your computer may not function properly. A novice would be better off using programs like, Ad-Ware SE or Spybot: Search and Destroy, to remove Tojans, Malware, BHO, and ActiveX. As far as, I know you never did delete anything in registry. Did you? You were only in two places, Startup and WinLogon.

 

USING XP sp2, bitdefender internet security suite, and its always updated

 

I never deleted anything from the registry..

 

jeynash,

You have a corrupted explorer.exe file.

Fire up the task manager, run cmd and then c:\windows\system32\restore\rstrui.exe
from the command prompt (edit the command if you didn't install windows in c:\windows).
See if system restore can rescue explorer for you.
If that doesn't work, run appwiz.cpl from the command prompt. This will fire
up the add/remove programs panel. Uninstall sp2 and your old explorer.exe should
work again.

If you want sp2, reinstall it. Then make a fresh copy of the sp2 version of explorer.exe
and store as backup. Make another copy to feed to resource hacker.
http://www.download.com/3000-2352-10178588.html

 

go to start>run and type in sfc /scannow
there is a space after the c in sfc, click ok
windows file checker will run, may be prompted to insert your windows install CD.

look here:
http://www.updatexp.com/scannow-sfc.html

echoreply

 

jeynash,
How are you coming along? Were you able to fix anything, yet?