... Seriously, Ím not familiar with Windows Command Prompt and also,... English. Can you please show me little more details? Thank you very much
This is what you should fix with HJT:
C:\WINDOWS\system32\FastNetSrv.exe
The filename is associated with these malware groups:
Banking Info Stealer
Rootkit
System Back Door
Malicious Software Trojan
Nasty
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
This entry is classified as malware, spyware, adware, or other potentially unwanted software
Should be fixed.
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
Nasty Fix
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
Nasty
Must be fixed! SearchSettings.dll - Vendio "Search Settings" foistware - reportedly installed without notice - see here,
http://groups.google.com/group/mozilla.s upport.firefox/browse_thread/thread/dcc6 bd1e6009abe8 and here,
http://www.tutorials-win.com/SupportXP/O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Vendio "Search Settings" foistware, bundled with its Dealio toolbar, which is in turn bundled with numerous third party applications
Nasty
O20 - AppInit_DLLs: C:\WINDOWS\TEMP\42844kou.dll c:\windows\system32\dukotova.dll,pehuraba.dll
Use Windows Command Prompt to Unregister dukotova.dll & pehuraba.dll Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the pehuraba.dll DLL file is located and press the "Enter" button on your keyboard. If don't know where pehuraba.dll DLL file is located, use the "dir" command to display the directory's contents.
To unregister "pehuraba.dll" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u pehuraba.dll.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file. Do the same for the other file.
O21 - SSODL: pirumotan - {0c9c9d08-e0a2-4303-b396-2c7596487748} - (no file)
Fix
O22 - SharedTaskScheduler: gahurihor - {0c9c9d08-e0a2-4303-b396-2c7596487748} - (no file)
Fix
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
Nasty (2.17 / 5.00)
Fix
polonus
[/quote]