hello, it seems as though this is a common problem, youre all probably sick of helping people with it but, yeah, bestsafetyguide.net has taken my browser hostage, i think i managed to remove most of it following previous posts but there you have it, it wont go away. here are my rapport.txt and hijackthis report, i really hope someone can help, all yours, §pamos
ps, although this log was taken from normal mode i have ran it in safe mode with the same results
SmitFraudFix v2.61
Scan done at 12:31:22.71, 18/06/2006
Run from C:\Documents and Settings\tco\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tco\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\tco\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
----------------------------------------------------------------------------------------------------------------------------
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\tco\Desktop\sam\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\system32\ixt1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {0E6276A2-625D-1120-DC24-51473A5607FA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F290DEE-957A-38BC-EECF-45030FEE353C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FAD677C-B1BA-45B6-9381-E4D2916B2DA0}: NameServer = 80.225.252.178 80.225.252.186
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Full Version: bestsafetyguide?
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hi spyamamoto
Make a copy of these instructions so you have them handy as the next steps need to be done with all Browsers and any open windows closed.
Then, close all browsers, any open windows, so that only HijackThis is open
Choose to do a *scan only* and when it finishes checkmark these entries then press the *fix checked* button
O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\system32\ixt1.dll
O16 - DPF: {0E6276A2-625D-1120-DC24-51473A5607FA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F290DEE-957A-38BC-EECF-45030FEE353C} - http://85.255.113.214/1/gdnFR2218.exe
Reboot your computer.
Scan again with HijackThis to make a log and post the new log back here please for review.
Make a copy of these instructions so you have them handy as the next steps need to be done with all Browsers and any open windows closed.
Then, close all browsers, any open windows, so that only HijackThis is open
Choose to do a *scan only* and when it finishes checkmark these entries then press the *fix checked* button
O2 - BHO: (no name) - {7fcf04b6-6354-47ef-b45e-a48268e92757} - C:\WINDOWS\system32\ixt1.dll
O16 - DPF: {0E6276A2-625D-1120-DC24-51473A5607FA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F290DEE-957A-38BC-EECF-45030FEE353C} - http://85.255.113.214/1/gdnFR2218.exe
Reboot your computer.
Scan again with HijackThis to make a log and post the new log back here please for review.
brilliant jane, thank you so much, im not actually at that pc til tomorrow, will post results then, was wondering about the 3rd 016, superadblocker, is that kosher?§pamos
Superadblocker is fine 
http://www.tomcoyote.org/rec_ad.php
It's made by the developer of SuperAntispyware and they are ok.
http://www.tomcoyote.org/rec_ad.php
It's made by the developer of SuperAntispyware and they are ok.
That BHO is your Hijacker
These two are a dialer:
O16 - DPF: {0E6276A2-625D-1120-DC24-51473A5607FA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F290DEE-957A-38BC-EECF-45030FEE353C} - http://85.255.113.214/1/gdnFR2218.exe
Complete scanning result of "gdnFR2218.exe", received in VirusTotal at 06.20.2006, 00:05:19 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.19.2006 TR/Dldr.Small.cxq.1
Authentium 4.93.8 06.19.2006 no virus found
Avast 4.7.844.0 06.19.2006 no virus found
AVG 386 06.19.2006 Downloader.Generic2.CYO
BitDefender 7.2 06.20.2006 no virus found
CAT-QuickHeal 8.00 06.19.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.19.2006 Dialer-306
DrWeb 4.33 06.19.2006 Trojan.DownLoader.10553
eTrust-InoculateIT 23.72.42 06.18.2006 no virus found
eTrust-Vet 12.6.2263 06.19.2006 no virus found
Ewido 3.5 06.19.2006 Downloader.Small.cxq
Fortinet 2.77.0.0 06.19.2006 Dial/269
F-Prot 3.16f 06.19.2006 no virus found
Ikarus 0.2.65.0 06.19.2006 no virus found
Kaspersky 4.0.2.24 06.19.2006 Trojan-Downloader.Win32.Small.cxq
McAfee 4787 06.19.2006 potentially unwanted program Dialer-269
Microsoft 1.1441 06.19.2006 no virus found
NOD32v2 1.1608 06.19.2006 no virus found
Norman 5.90.21 06.19.2006 W32/DLoader.ACCF
Panda 9.0.0.4 06.19.2006 no virus found
Sophos 4.06.0 06.19.2006 no virus found
Symantec 8.0 06.19.2006 no virus found
TheHacker 5.9.8.162 06.19.2006 no virus found
UNA 1.83 06.19.2006 no virus found
VBA32 3.11.0 06.19.2006 Trojan-Downloader.Win32.Small.cxq
VirusBuster 4.3.7:9 06.19.2006 no virus found
Aditional Information
File size: 17528 bytes
MD5: a4b128aa011eb2c2b4f7753ad3bd54ee
SHA1: 21eb189f793798233026267706754fa8757d8ef4
These two are a dialer:
O16 - DPF: {0E6276A2-625D-1120-DC24-51473A5607FA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F290DEE-957A-38BC-EECF-45030FEE353C} - http://85.255.113.214/1/gdnFR2218.exe
Complete scanning result of "gdnFR2218.exe", received in VirusTotal at 06.20.2006, 00:05:19 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.13 06.19.2006 TR/Dldr.Small.cxq.1
Authentium 4.93.8 06.19.2006 no virus found
Avast 4.7.844.0 06.19.2006 no virus found
AVG 386 06.19.2006 Downloader.Generic2.CYO
BitDefender 7.2 06.20.2006 no virus found
CAT-QuickHeal 8.00 06.19.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.19.2006 Dialer-306
DrWeb 4.33 06.19.2006 Trojan.DownLoader.10553
eTrust-InoculateIT 23.72.42 06.18.2006 no virus found
eTrust-Vet 12.6.2263 06.19.2006 no virus found
Ewido 3.5 06.19.2006 Downloader.Small.cxq
Fortinet 2.77.0.0 06.19.2006 Dial/269
F-Prot 3.16f 06.19.2006 no virus found
Ikarus 0.2.65.0 06.19.2006 no virus found
Kaspersky 4.0.2.24 06.19.2006 Trojan-Downloader.Win32.Small.cxq
McAfee 4787 06.19.2006 potentially unwanted program Dialer-269
Microsoft 1.1441 06.19.2006 no virus found
NOD32v2 1.1608 06.19.2006 no virus found
Norman 5.90.21 06.19.2006 W32/DLoader.ACCF
Panda 9.0.0.4 06.19.2006 no virus found
Sophos 4.06.0 06.19.2006 no virus found
Symantec 8.0 06.19.2006 no virus found
TheHacker 5.9.8.162 06.19.2006 no virus found
UNA 1.83 06.19.2006 no virus found
VBA32 3.11.0 06.19.2006 Trojan-Downloader.Win32.Small.cxq
VirusBuster 4.3.7:9 06.19.2006 no virus found
Aditional Information
File size: 17528 bytes
MD5: a4b128aa011eb2c2b4f7753ad3bd54ee
SHA1: 21eb189f793798233026267706754fa8757d8ef4
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.