Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Some Help Plz


  • This topic is locked This topic is locked
33 replies to this topic

#1 marito435

marito435

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 18 July 2007 - 09:22 PM

Hello i'm new here and can someone look at this log plz
Thank you :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 10:17:43 p.m., on 18/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wqlicpee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.gpjnxtycqepjiatmz.biz/m/9cSNAyltjhZlqEegYepKpj4vQ8Z520narIQCKFHkw.asp");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Emilio Arias\Application Data\Mozilla\Profiles\default\9n4bb4zf.slt\prefs.js)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bonepoppileshow] C:\Documents and Settings\All Users\Application Data\thatrdrbonepop\The Heart.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\gbwknakp.dll",forkonce
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Memohole] C:\DOCUME~1\EMILIO~1\APPLIC~1\ITCHMP~1\nounbook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: bw+0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E9F8A826-FEB9-4C85-827C-EBAB0DA6C3A9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 19 July 2007 - 03:54 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

You have Logitech Desktop Messenger installed.
Logitech Desktop Messenger (LDM) is a free service designed to deliver software support, news and information you can use. LDM ensures that you have simple, speedy, and effortless access to product upgrades, technology tips, and technology news and offers that are relevant to you. LDM delivers information right to your desktop, allowing you to take advantage of all of the advanced features of the Logitech products you own, while staying abreast of new computer-related product and service developments (Logitech and otherwise) that are applicable to your life. Once a week, when connected to the internet, Logitech Desktop Messenger will automatically connect with Logitech servers to see if there are any new messages for you. It performs this check during idle time to avoid slowing down other applications that may be accessing the Internet. If there is a message on the server, then Logitech Desktop Messenger will download the message utilizing bandwidth that would otherwise be unused. After the message is downloaded, Logitech Desktop Messenger will wait for one minute of keyboard and mouse inactivity before displaying the message on your screen. I suggest doing all updates yourself and removing this application!

You are running MyWebSearch (or MyBar). Although not technically malware, it is thought to be bad by many experts and it will bring malware with it. There are safer alternatives available such as the Google Toolbar. My Web Search also known as the My Way Speedbar is the Internet Explorer toolbar part of the Fun Web Products suite of utilities such as Smiley Central, Cursor Mania, My Mail Stationary, My Mail Signature, PopSwatter, Popular Screensavers, and the My Way website portal. The toolbar allows easy access to search engine results and a 404 Error Redirector called My Total Search among other things to your browser. This is not to be confused with the IBIS Web Search toolbar. MyWay is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. It reports your surfing activity anonymously to MyWay affiliates, helping them to serve targeted advertising to you. As a BHO, MyWay shares the memory that your browser uses, detects events, creates additional windows while you are surfing, and monitors your activity. When a new browser window is opened, MyWay will send a configuration request about 5k in size.
Although none of these products claim to be spyware, they do slow your computer down. All of the products use cookies to track usage, although they claim not to use cookies or anything else to track personally identifiable information. That being said, I would still recommend uninstalling the toolbar and other Fun Web Products if you feel your computer runs better without them. They are found by most spyware removal tools such as Spybot Search and Destroy, Lavasoft Ad-Aware.
If you want to get rid of this program, removal instructions can be found here.

Please download NoLop to your Desktop.
First close any other programs you have running; this will need you to reboot.
Double click NoLop.exe to run it
Now click the button labelled Search and Destroy
<<Your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, click OK.
Now click the REBOOT button.
A message should popup from NoLop. If not, double click the program again and it will finish. Please post the contents of C:\NoLop.log in your next reply.

Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your System32 folder then re-run the program.

Visit the online Jotti Virus Scanner
Click on Browse button.
Copy and paste the following filepath in the box:

C:\WINDOWS\system32\wqlicpee.exe

Click on the Open button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread. Also let me know what you know about this file (if anything).

Please scan once more with HijackThis and post back the log in your next reply along with both the Jotti report and NoLop.log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 marito435

marito435
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 19 July 2007 - 12:48 PM

Hello again and thanks for helping me
about the file sorry i dont know anything about it (im not very good with computer stuff :thumbsup: )
here are the results

Jotti Report:

Service load: 0% 100%

File: wqlicpee.exe
Status: INFECTED/MALWARE
MD5: 47f6b8a5b776c3fd013a34a54681ffef
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 19 Jul 2007 17:34:57 (GMT)
A-Squared Found nothing
AntiVir Found TR/Click.MNB
ArcaVir Found Trojan.Downloader.Tiny.Id
Avast Found nothing
AVG Antivirus Found Downloader.Generic5.QB
BitDefender Found Trojan.Clicker.MNB
ClamAV Found Trojan.Downloader-11250
CPsecure Found Troj.Downloader.W32.Tiny.id
Dr.Web Found Trojan.DownLoader.26570
F-Prot Antivirus Found W32/Downloader2.ALUX
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Tiny.id
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Tiny.id
NOD32 Found Win32/TrojanDownloader.Tiny.ID
Norman Virus Control Found W32/Tiny.AHZ
Panda Antivirus Found Trj/Downloader.PJT
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.Win32.Tiny.id

NoLop Log:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Emilio Arias\Desktop
[19/07/2007]
[12:50:18 p.m.]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A7430FF691848966.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Messengerlog6
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Playfirst
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Support.com
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Thatrdrbonepop
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Cynthia\Application Data\Cyberlink
C:\Documents and Settings\Cynthia\Application Data\Google
C:\Documents and Settings\Cynthia\Application Data\Identities
C:\Documents and Settings\Cynthia\Application Data\Macromedia
C:\Documents and Settings\Cynthia\Application Data\Microsoft
C:\Documents and Settings\Cynthia\Application Data\Playfirst
C:\Documents and Settings\Cynthia\Application Data\Sun
C:\Documents and Settings\Cynthia\Application Data\Symantec
C:\Documents and Settings\Cynthia\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Cyberlink
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Emilio Arias\Application Data\.bittornado
C:\Documents and Settings\Emilio Arias\Application Data\Acccore
C:\Documents and Settings\Emilio Arias\Application Data\Adobe
C:\Documents and Settings\Emilio Arias\Application Data\Adobeaum
C:\Documents and Settings\Emilio Arias\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Emilio Arias\Application Data\Aim -- EMPTY Directory
C:\Documents and Settings\Emilio Arias\Application Data\Aol
C:\Documents and Settings\Emilio Arias\Application Data\Apple Computer
C:\Documents and Settings\Emilio Arias\Application Data\Cyberlink
C:\Documents and Settings\Emilio Arias\Application Data\Fotowire
C:\Documents and Settings\Emilio Arias\Application Data\Funwebproducts
C:\Documents and Settings\Emilio Arias\Application Data\Google
C:\Documents and Settings\Emilio Arias\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Emilio Arias\Application Data\Identities
C:\Documents and Settings\Emilio Arias\Application Data\Itch Mp3 Eggs
C:\Documents and Settings\Emilio Arias\Application Data\Lavasoft
C:\Documents and Settings\Emilio Arias\Application Data\Macromedia
C:\Documents and Settings\Emilio Arias\Application Data\Microsoft
C:\Documents and Settings\Emilio Arias\Application Data\Motive
C:\Documents and Settings\Emilio Arias\Application Data\Mozilla
C:\Documents and Settings\Emilio Arias\Application Data\Msn6
C:\Documents and Settings\Emilio Arias\Application Data\Playfirst
C:\Documents and Settings\Emilio Arias\Application Data\Real
C:\Documents and Settings\Emilio Arias\Application Data\Sun
C:\Documents and Settings\Emilio Arias\Application Data\Symantec
C:\Documents and Settings\Emilio Arias\Application Data\Systweak
C:\Documents and Settings\Emilio Arias\Application Data\Uniblue
C:\Documents and Settings\Emilio Arias\Application Data\Utorrent
C:\Documents and Settings\Emilio Arias\Application Data\Viewpoint
C:\Documents and Settings\Emilio Arias\Application Data\Yahoo!
C:\Documents and Settings\Emilio Arias\Application Data\Yahoo! Messenger
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Symantec
C:\Documents and Settings\Owner\Application Data\Symantec -- EMPTY Directory

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 01:39:53 p.m., on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\trnokhmx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.gpjnxtycqepjiatmz.biz/m/9cSNAyltjhZlqEegYepKpj4vQ8Z520narIQCKFHkw.asp");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Emilio Arias\Application Data\Mozilla\Profiles\default\9n4bb4zf.slt\prefs.js)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [bonepoppileshow] C:\Documents and Settings\All Users\Application Data\thatrdrbonepop\The Heart.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\dsysxmwt.dll",forkonce
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Memohole] C:\DOCUME~1\EMILIO~1\APPLIC~1\ITCHMP~1\nounbook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Those are the results i got
Also, my home page changed from google to yahoo by itself
Is that OK? or is something wrong
Thanks again for your help :flowers:

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 19 July 2007 - 03:34 PM

Hello again marito435,

Also, my home page changed from google to yahoo by itself
Is that OK? or is something wrong

What one would you prefer it to be?

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.gpjnxtycqepjiatmz.biz/m/9cSNAyltjhZlqEegYepKpj4vQ8Z520narIQCKFHkw.asp");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Emilio Arias\Application Data\Mozilla\Profiles\default\9n4bb4zf.slt\prefs.js)
O4 - HKLM\..\Run: [bonepoppileshow] C:\Documents and Settings\All Users\Application Data\thatrdrbonepop\The Heart.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\dsysxmwt.dll",forkonce
O4 - HKCU\..\Run: [Memohole] C:\DOCUME~1\EMILIO~1\APPLIC~1\ITCHMP~1\nounbook.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following files (if present):

C:\WINDOWS\system32\trnokhmx.exe
C:\WINDOWS\system32\wqlicpee.exe

And these folders:

C:\Documents and Settings\All Users\Application Data\Thatrdrbonepop
C:\Documents and Settings\Emilio Arias\Application Data\Itch Mp3 Eggs

Reboot into Normal Mode again.

Please scan once more with HijackThis and post back the new log in your next reply, and also answer my question about your Home Page.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 marito435

marito435
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 19 July 2007 - 04:41 PM

Hello again Charles

Here is the new HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 05:37:24 p.m., on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Emilio Arias\Application Data\Mozilla\Profiles\default\9n4bb4zf.slt\prefs.js)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

About the home page I would prefer Google
Thanks again

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 20 July 2007 - 02:01 AM

Hello again,
Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

Backup the Registry:
Navigate to Start | Run and paste the following:
regedit /e c:\registrybackup.reg
Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.google.com/"

Save this as fix.reg Choose to save as *all files and place it on your Desktop.
It should look like this: Posted Image
Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

Then reboot your computer once more and post back a brand new HijackThis log, along with letting me know if the Home Page issue has been solved.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 marito435

marito435
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 20 July 2007 - 12:32 PM

Hello again
The home page issue was solved, I put google as my new home page

Here is the HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 01:23:22 p.m., on 20/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\acluwmlp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Emilio Arias\Application Data\Mozilla\Profiles\default\9n4bb4zf.slt\prefs.js)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\sboylkii.dll",forkonce
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks again

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 21 July 2007 - 02:00 AM

Hi again,
Please download ATF Cleaner to your Desktop.
Don't run it yet.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Double click ATF-Cleaner.exe to run the program.
Under Main choose Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

Click Exit on the main menu to close the program.

Reboot back into Normal Mode again.

Please do an online scan with Kaspersky WebScanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on Next.
Select a target to scan; click on My Computer.
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text.

Post these results in your next reply, along with also giving me some information about how things seem to be running now.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 marito435

marito435
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 21 July 2007 - 04:53 PM

Hello again,
I haven't noticed any difference in the computer speed
Everything seems to be running normal

Here are the Kaspersky WebScanner results:

Saturday, July 21, 2007 5:44:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 21/07/2007
Kaspersky Anti-Virus database records: 366234


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 79420
Number of viruses found 25
Number of infected objects 163
Number of suspicious objects 0
Duration of the scan process 02:11:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\cynthia\Local Settings\Temporary Internet Files\Content.IE5\LP31SYST\masiyxanidi[1] Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\Documents and Settings\cynthia\Local Settings\Temporary Internet Files\Content.IE5\LP31SYST\_jnvm[1] Infected: Trojan.Win32.BHO.bd skipped

C:\Documents and Settings\cynthia\Local Settings\Temporary Internet Files\Content.IE5\RZMRB74D\adfcook[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\Emilio Arias\Application Data\Uniblue\SpyEraser\Quarantine\AdTool.MyWebSearch.af_13_07_2007_14_08_38.asq22190 Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\Documents and Settings\Emilio Arias\Application Data\Uniblue\SpyEraser\Quarantine\AdTool.MyWebSearch.au_13_07_2007_14_08_31.asq32391 Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Documents and Settings\Emilio Arias\Application Data\Uniblue\SpyEraser\Quarantine\AdTool.MyWebSearch.au_13_07_2007_14_08_31.asq5436 Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Documents and Settings\Emilio Arias\Application Data\Uniblue\SpyEraser\Quarantine\AdTool.MyWebSearch.ax_13_07_2007_14_08_38.asq1842 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\Documents and Settings\Emilio Arias\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Emilio Arias\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Emilio Arias\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Emilio Arias\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Emilio Arias\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Emilio Arias\Local Settings\Temporary Internet Files\Content.IE5\7CQWNIT9\masiyxanidi[1] Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\Documents and Settings\Emilio Arias\Local Settings\Temporary Internet Files\Content.IE5\96ML5F17\kcehc_eicooc20070702[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\Emilio Arias\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Emilio Arias\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Emilio Arias\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\New Folder (2)\3wPlayer-1.0.0.3-setup-0395.exe/file9 Infected: Trojan.Win32.Obfuscated.en skipped

C:\New Folder (2)\3wPlayer-1.0.0.3-setup-0395.exe Inno: infected - 1 skipped

C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachines_Vista.dat Object is locked skipped

C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachine_Specific.dat Object is locked skipped

C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\General.dat Object is locked skipped

C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped

C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped

C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Virus.dat Object is locked skipped

C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped

C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\WinXP.dat Object is locked skipped

C:\Program Files\BigFix\__Data\__Global\Logs\20070721.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped

C:\Program Files\Sygate\SPF\debug.log Object is locked skipped

C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped

C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped

C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped

C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped

C:\RECYCLER\S-1-5-21-2256854508-829839949-3330490359-500\Dc1.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\RECYCLER\S-1-5-21-2256854508-829839949-3330490359-500\Dc2.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP490\A0139333.exe/data0089/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP490\A0139333.exe/data0089/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP490\A0139333.exe/data0089 Infected: not-a-virus:AdWare.Win32.Ucmore skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP490\A0139333.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139623.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139624.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139625.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139626.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139628.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139629.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139630.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139633.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139634.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139635.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139636.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139637.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139638.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139639.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139640.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139642.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139645.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139647.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139648.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139649.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139651.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139652.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139653.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139654.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139655.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139661.exe/data.rar/STEAM Key-Gen.exe Infected: Backdoor.Win32.Dragonbot.k skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139661.exe/data.rar Infected: Backdoor.Win32.Dragonbot.k skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139661.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139662.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139662.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139662.exe/data.rar/crack.exe Infected: Trojan-Dropper.Win32.Small.ayg skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139662.exe/data.rar Infected: Trojan-Dropper.Win32.Small.ayg skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139662.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0139731.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0141786.exe/data.rar/MSCheck.exe Infected: Virus.Win32.VB.ew skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0141786.exe/data.rar Infected: Virus.Win32.VB.ew skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0141786.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0141821.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP495\A0141829.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP496\A0141849.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP496\A0141857.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP496\A0141869.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP496\A0141876.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP496\A0142888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP496\A0142907.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP496\A0142908.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP496\A0142916.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP497\A0142947.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP498\A0142970.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP498\A0142982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP499\A0143087.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP499\A0143111.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP499\A0143112.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP499\A0143113.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP499\A0143114.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP499\A0143116.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP500\A0143129.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP500\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{F5E8754C-1868-4567-8D27-8D7920E068AB}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\achayepp.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\acluwmlp.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\afeydait.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\aglcifxe.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\ajrjkmty.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\almncsdv.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\bagfqehk.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\bdgncapy.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\bfqyvfgc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\btuflmwb.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\ccyjingk.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\dhxqyabu.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\dntimpir.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\dsysxmwt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\WINDOWS\system32\dypiufyt.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\eanymdwd.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\eqvrwuja.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\fccaxww.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\WINDOWS\system32\fgshhkra.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\fktwqvkt.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\fwwtumvi.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\gdxwmyum.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\gkfrecac.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\hchprxif.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\hgdlivdi.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\hjpxurxo.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\hnqqjigc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\hujdjxvc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\hutkugln.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\igyhghbo.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\ijsckugc.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\ijsifotf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\ivsqwmra.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\jlxsmcqw.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\jmepqnco.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\kkkmmnlb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\knnfyxnw.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\kqpkpvto.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\ktppamhh.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\laqjonpy.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\lgotmtds.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\lkasjkek.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\lrvynytr.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\lvwlfbaw.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\lxosoppq.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\macktujp.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\mllmm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped

C:\WINDOWS\system32\moykvage.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\mvjkdfmk.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\mxrmpqgl.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\nepyriqg.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\ocejuujm.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\ofunbucm.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\oncluhsd.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\phnkctth.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\pprxvykd.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\puvqbkmu.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\qiyfhxib.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\qlillccq.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\qnvksiyt.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\qqdhiftr.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\qthxrqfu.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\rhnngqbx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\WINDOWS\system32\rjaswuxw.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\rlubqfdx.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\rlwybcpy.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\rnutwpju.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\rxoqfqqi.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\seftaxei.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\spgcsmcm.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\sqbqjgvj.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\syqknlbc.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\tcmmbbyn.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\tgyrprog.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\tkuowica.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\uhwpaghr.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\uteeoqdo.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\uygbfwww.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\uyxongpw.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\vtarsrkj.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\vvubikcv.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\whwcskrk.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\wkmxvubc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\system32\xsqodclm.dll Infected: Trojan.Win32.BHO.bd skipped

C:\WINDOWS\system32\ybqwfxos.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\ymmdxrye.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\ypojmfkm.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\WINDOWS\system32\ysjamqhl.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\WINDOWS\Temp\mcu1E.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1E.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu1E.tmp\vso\50265027.upm Object is locked skipped

C:\WINDOWS\Temp\mcu1E.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu3.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu3.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu3.tmp\vso\50335034.upm Object is locked skipped

C:\WINDOWS\Temp\mcu3.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcu41.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu41.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcu41.tmp\vso\50755076.upm Object is locked skipped

C:\WINDOWS\Temp\mcu41.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\Temp\mcuE6.tmp\UpdReq.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcuE6.tmp\UpdResp.mcaf Object is locked skipped

C:\WINDOWS\Temp\mcuE6.tmp\vso\50245025.upm Object is locked skipped

C:\WINDOWS\Temp\mcuE6.tmp\vso\50255026.upm Object is locked skipped

C:\WINDOWS\Temp\mcuE6.tmp\vso\mcdelta.ini Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Thanks again

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 22 July 2007 - 12:31 PM

Hi marito435,
Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\achayepp.dll
C:\WINDOWS\system32\acluwmlp.exe
C:\WINDOWS\system32\afeydait.exe
C:\WINDOWS\system32\aglcifxe.exe
C:\WINDOWS\system32\ajrjkmty.exe
C:\WINDOWS\system32\almncsdv.exe
C:\WINDOWS\system32\bagfqehk.exe
C:\WINDOWS\system32\bdgncapy.dll
C:\WINDOWS\system32\bfqyvfgc.exe
C:\WINDOWS\system32\btuflmwb.dll
C:\WINDOWS\system32\ccyjingk.exe
C:\WINDOWS\system32\dhxqyabu.exe
C:\WINDOWS\system32\dntimpir.exe
C:\WINDOWS\system32\dsysxmwt.dll
C:\WINDOWS\system32\dypiufyt.exe
C:\WINDOWS\system32\eanymdwd.exe
C:\WINDOWS\system32\eqvrwuja.exe
C:\WINDOWS\system32\fccaxww.dll
C:\WINDOWS\system32\fgshhkra.exe
C:\WINDOWS\system32\fktwqvkt.dll
C:\WINDOWS\system32\fwwtumvi.exe
C:\WINDOWS\system32\gdxwmyum.exe
C:\WINDOWS\system32\gkfrecac.exe
C:\WINDOWS\system32\hchprxif.exe
C:\WINDOWS\system32\hgdlivdi.exe
C:\WINDOWS\system32\hjpxurxo.exe
C:\WINDOWS\system32\hnqqjigc.exe
C:\WINDOWS\system32\hujdjxvc.exe
C:\WINDOWS\system32\hutkugln.exe
C:\WINDOWS\system32\igyhghbo.exe
C:\WINDOWS\system32\ijsckugc.exe
C:\WINDOWS\system32\ijsifotf.exe
C:\WINDOWS\system32\ivsqwmra.exe
C:\WINDOWS\system32\jlxsmcqw.exe
C:\WINDOWS\system32\jmepqnco.exe
C:\WINDOWS\system32\kkkmmnlb.exe
C:\WINDOWS\system32\knnfyxnw.exe
C:\WINDOWS\system32\kqpkpvto.dll
C:\WINDOWS\system32\ktppamhh.dll
C:\WINDOWS\system32\laqjonpy.dll
C:\WINDOWS\system32\lgotmtds.exe
C:\WINDOWS\system32\lkasjkek.exe
C:\WINDOWS\system32\lrvynytr.exe
C:\WINDOWS\system32\lvwlfbaw.exe
C:\WINDOWS\system32\lxosoppq.exe
C:\WINDOWS\system32\macktujp.exe
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\moykvage.exe
C:\WINDOWS\system32\mvjkdfmk.exe
C:\WINDOWS\system32\mxrmpqgl.dll
C:\WINDOWS\system32\nepyriqg.exe
C:\WINDOWS\system32\ocejuujm.exe
C:\WINDOWS\system32\ofunbucm.exe
C:\WINDOWS\system32\oncluhsd.exe
C:\WINDOWS\system32\phnkctth.exe
C:\WINDOWS\system32\pprxvykd.dll
C:\WINDOWS\system32\puvqbkmu.exe
C:\WINDOWS\system32\qiyfhxib.dll
C:\WINDOWS\system32\qlillccq.exe
C:\WINDOWS\system32\qnvksiyt.dll
C:\WINDOWS\system32\qqdhiftr.dll
C:\WINDOWS\system32\qthxrqfu.exe
C:\WINDOWS\system32\rhnngqbx.dll
C:\WINDOWS\system32\rjaswuxw.exe
C:\WINDOWS\system32\rlubqfdx.exe
C:\WINDOWS\system32\rlwybcpy.exe
C:\WINDOWS\system32\rnutwpju.dll
C:\WINDOWS\system32\rxoqfqqi.exe
C:\WINDOWS\system32\seftaxei.exe
C:\WINDOWS\system32\spgcsmcm.exe
C:\WINDOWS\system32\sqbqjgvj.dll
C:\WINDOWS\system32\syqknlbc.dll
C:\WINDOWS\system32\tcmmbbyn.exe
C:\WINDOWS\system32\tgyrprog.exe
C:\WINDOWS\system32\tkuowica.dll
C:\WINDOWS\system32\uhwpaghr.dll
C:\WINDOWS\system32\uteeoqdo.exe
C:\WINDOWS\system32\uygbfwww.exe
C:\WINDOWS\system32\uyxongpw.exe
C:\WINDOWS\system32\vtarsrkj.exe
C:\WINDOWS\system32\vvubikcv.exe
C:\WINDOWS\system32\whwcskrk.exe
C:\WINDOWS\system32\wkmxvubc.exe
C:\WINDOWS\system32\xsqodclm.dll
C:\WINDOWS\system32\ybqwfxos.exe
C:\WINDOWS\system32\ymmdxrye.exe
C:\WINDOWS\system32\ypojmfkm.exe
C:\WINDOWS\system32\ysjamqhl.exe


Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

Navigate to the following directory:

C:\Documents and Settings\Emilio Arias\Application Data\Uniblue\SpyEraser\Quarantine

Then delete all of its content, using CTRL + A, then hitting Delete.

We need to purge your infected system restore points.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Check Turn off System Restore, click Apply, and then click OK.
More information on how to disable your system restore can be found here.

We want to create a new, clean restore point. Please first reboot your computer.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Uncheck "Turn off System Restore", click Apply, and then click OK.

Click Start | All Programs | Accessories | System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point - Something like "After trojan/spyware cleanup".
Click Create, and after it has created the restore point, click "Close".
Further instructions on creating a restore point can be found here

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 marito435

marito435
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 26 July 2007 - 07:54 PM

Hello again
I've been busy these days so I wasn't able to reply

VundoFix.txt:

VundoFix V6.5.6

Checking Java version...

Scan started at 08:04:33 p.m. 26/07/2007

Listing files found while scanning....

C:\windows\system32\achayepp.dll
C:\windows\system32\acluwmlp.exe
C:\windows\system32\afeydait.exe
C:\windows\system32\aglcifxe.exe
C:\windows\system32\ajrjkmty.exe
C:\windows\system32\bagfqehk.exe
C:\windows\system32\bbvmvgkt.exe
C:\windows\system32\bdgncapy.dll
C:\windows\system32\bsywpcyh.exe
C:\windows\system32\btuflmwb.dll
C:\windows\system32\bxdycglk.exe
C:\windows\system32\cdalyvur.exe
C:\windows\system32\dbrogqlw.exe
C:\windows\system32\dbyrtpkp.exe
C:\windows\system32\dhxqyabu.exe
C:\windows\system32\doeqtpqu.exe
C:\windows\system32\dreugshw.exe
C:\windows\system32\dsysxmwt.dll
C:\windows\system32\efloupdb.exe
C:\windows\system32\erkpdste.dll
C:\windows\system32\fgshhkra.exe
C:\windows\system32\fkmhuofa.exe
C:\windows\system32\fktwqvkt.dll
C:\windows\system32\fwwtumvi.exe
C:\windows\system32\gdxwmyum.exe
C:\windows\system32\gkfrecac.exe
C:\windows\system32\gqeckjps.exe
C:\windows\system32\hfnavvri.exe
C:\windows\system32\hkfunpcd.exe
C:\windows\system32\hvbvohao.exe
C:\windows\system32\iaoklbyb.exe
C:\windows\system32\iiwjmkfl.exe
C:\windows\system32\ijsckugc.exe
C:\windows\system32\ijsifotf.exe
C:\windows\system32\imayefbf.dll
C:\windows\system32\ivsqwmra.exe
C:\windows\system32\kfnlqyae.exe
C:\windows\system32\kmfrfkgb.exe
C:\windows\system32\kqpkpvto.dll
C:\windows\system32\ktppamhh.dll
C:\windows\system32\laqjonpy.dll
C:\windows\system32\lpcpador.dll
C:\windows\system32\lvwlfbaw.exe
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.tmp
C:\windows\system32\mslykybg.exe
C:\WINDOWS\system32\mxrmpqgl.dll
C:\windows\system32\nhcgmapt.exe
C:\windows\system32\nrixfdjc.exe
C:\windows\system32\omxbdxuo.dll
C:\windows\system32\orrgshet.dll
C:\windows\system32\tabihjgh.exe
C:\windows\system32\tehsgrro.ini
C:\windows\system32\tgdjvfnh.exe
C:\windows\system32\twmxsysd.ini
C:\windows\system32\uprbpenc.exe
C:\windows\system32\vsmscxit.exe
C:\windows\system32\yludqwww.exe
C:\windows\system32\yssdltdc.exe

Beginning removal...

Attempting to delete C:\windows\system32\achayepp.dll
C:\windows\system32\achayepp.dll Has been deleted!

Attempting to delete C:\windows\system32\acluwmlp.exe
C:\windows\system32\acluwmlp.exe Has been deleted!

Attempting to delete C:\windows\system32\afeydait.exe
C:\windows\system32\afeydait.exe Has been deleted!

Attempting to delete C:\windows\system32\aglcifxe.exe
C:\windows\system32\aglcifxe.exe Has been deleted!

Attempting to delete C:\windows\system32\ajrjkmty.exe
C:\windows\system32\ajrjkmty.exe Has been deleted!

Attempting to delete C:\windows\system32\bagfqehk.exe
C:\windows\system32\bagfqehk.exe Has been deleted!

Attempting to delete C:\windows\system32\bbvmvgkt.exe
C:\windows\system32\bbvmvgkt.exe Has been deleted!

Attempting to delete C:\windows\system32\bdgncapy.dll
C:\windows\system32\bdgncapy.dll Has been deleted!

Attempting to delete C:\windows\system32\bsywpcyh.exe
C:\windows\system32\bsywpcyh.exe Has been deleted!

Attempting to delete C:\windows\system32\btuflmwb.dll
C:\windows\system32\btuflmwb.dll Has been deleted!

Attempting to delete C:\windows\system32\bxdycglk.exe
C:\windows\system32\bxdycglk.exe Has been deleted!

Attempting to delete C:\windows\system32\cdalyvur.exe
C:\windows\system32\cdalyvur.exe Has been deleted!

Attempting to delete C:\windows\system32\dbrogqlw.exe
C:\windows\system32\dbrogqlw.exe Has been deleted!

Attempting to delete C:\windows\system32\dbyrtpkp.exe
C:\windows\system32\dbyrtpkp.exe Has been deleted!

Attempting to delete C:\windows\system32\dhxqyabu.exe
C:\windows\system32\dhxqyabu.exe Has been deleted!

Attempting to delete C:\windows\system32\doeqtpqu.exe
C:\windows\system32\doeqtpqu.exe Has been deleted!

Attempting to delete C:\windows\system32\dreugshw.exe
C:\windows\system32\dreugshw.exe Has been deleted!

Attempting to delete C:\windows\system32\dsysxmwt.dll
C:\windows\system32\dsysxmwt.dll Has been deleted!

Attempting to delete C:\windows\system32\efloupdb.exe
C:\windows\system32\efloupdb.exe Has been deleted!

Attempting to delete C:\windows\system32\erkpdste.dll
C:\windows\system32\erkpdste.dll Has been deleted!

Attempting to delete C:\windows\system32\fgshhkra.exe
C:\windows\system32\fgshhkra.exe Has been deleted!

Attempting to delete C:\windows\system32\fkmhuofa.exe
C:\windows\system32\fkmhuofa.exe Has been deleted!

Attempting to delete C:\windows\system32\fktwqvkt.dll
C:\windows\system32\fktwqvkt.dll Has been deleted!

Attempting to delete C:\windows\system32\fwwtumvi.exe
C:\windows\system32\fwwtumvi.exe Has been deleted!

Attempting to delete C:\windows\system32\gdxwmyum.exe
C:\windows\system32\gdxwmyum.exe Has been deleted!

Attempting to delete C:\windows\system32\gkfrecac.exe
C:\windows\system32\gkfrecac.exe Has been deleted!

Attempting to delete C:\windows\system32\gqeckjps.exe
C:\windows\system32\gqeckjps.exe Has been deleted!

Attempting to delete C:\windows\system32\hfnavvri.exe
C:\windows\system32\hfnavvri.exe Has been deleted!

Attempting to delete C:\windows\system32\hkfunpcd.exe
C:\windows\system32\hkfunpcd.exe Has been deleted!

Attempting to delete C:\windows\system32\hvbvohao.exe
C:\windows\system32\hvbvohao.exe Has been deleted!

Attempting to delete C:\windows\system32\iaoklbyb.exe
C:\windows\system32\iaoklbyb.exe Has been deleted!

Attempting to delete C:\windows\system32\iiwjmkfl.exe
C:\windows\system32\iiwjmkfl.exe Has been deleted!

Attempting to delete C:\windows\system32\ijsckugc.exe
C:\windows\system32\ijsckugc.exe Has been deleted!

Attempting to delete C:\windows\system32\ijsifotf.exe
C:\windows\system32\ijsifotf.exe Has been deleted!

Attempting to delete C:\windows\system32\imayefbf.dll
C:\windows\system32\imayefbf.dll Has been deleted!

Attempting to delete C:\windows\system32\ivsqwmra.exe
C:\windows\system32\ivsqwmra.exe Has been deleted!

Attempting to delete C:\windows\system32\kfnlqyae.exe
C:\windows\system32\kfnlqyae.exe Has been deleted!

Attempting to delete C:\windows\system32\kmfrfkgb.exe
C:\windows\system32\kmfrfkgb.exe Has been deleted!

Attempting to delete C:\windows\system32\kqpkpvto.dll
C:\windows\system32\kqpkpvto.dll Has been deleted!

Attempting to delete C:\windows\system32\ktppamhh.dll
C:\windows\system32\ktppamhh.dll Has been deleted!

Attempting to delete C:\windows\system32\laqjonpy.dll
C:\windows\system32\laqjonpy.dll Has been deleted!

Attempting to delete C:\windows\system32\lpcpador.dll
C:\windows\system32\lpcpador.dll Has been deleted!

Attempting to delete C:\windows\system32\lvwlfbaw.exe
C:\windows\system32\lvwlfbaw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\mmllm.tmp Has been deleted!

Attempting to delete C:\windows\system32\mslykybg.exe
C:\windows\system32\mslykybg.exe Has been deleted!

Attempting to delete C:\windows\system32\nhcgmapt.exe
C:\windows\system32\nhcgmapt.exe Has been deleted!

Attempting to delete C:\windows\system32\nrixfdjc.exe
C:\windows\system32\nrixfdjc.exe Has been deleted!

Attempting to delete C:\windows\system32\omxbdxuo.dll
C:\windows\system32\omxbdxuo.dll Has been deleted!

Attempting to delete C:\windows\system32\orrgshet.dll
C:\windows\system32\orrgshet.dll Has been deleted!

Attempting to delete C:\windows\system32\tabihjgh.exe
C:\windows\system32\tabihjgh.exe Has been deleted!

Attempting to delete C:\windows\system32\tehsgrro.ini
C:\windows\system32\tehsgrro.ini Has been deleted!

Attempting to delete C:\windows\system32\tgdjvfnh.exe
C:\windows\system32\tgdjvfnh.exe Has been deleted!

Attempting to delete C:\windows\system32\twmxsysd.ini
C:\windows\system32\twmxsysd.ini Has been deleted!

Attempting to delete C:\windows\system32\uprbpenc.exe
C:\windows\system32\uprbpenc.exe Has been deleted!

Attempting to delete C:\windows\system32\vsmscxit.exe
C:\windows\system32\vsmscxit.exe Has been deleted!

Attempting to delete C:\windows\system32\yludqwww.exe
C:\windows\system32\yludqwww.exe Has been deleted!

Attempting to delete C:\windows\system32\yssdltdc.exe
C:\windows\system32\yssdltdc.exe Has been deleted!

Performing Repairs to the registry.
Done!

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 08:50:48 p.m., on 26/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Emilio Arias\Application Data\Mozilla\Profiles\default\9n4bb4zf.slt\prefs.js)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3C3A4370-3059-EEA9-8F98-23BF5C2C5A34} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\fccaxww.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\npedqjdh.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FA7F7DEB-9C9A-42C5-9A11-F305C1A88707} - C:\WINDOWS\system32\mllmm.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fccaxww - C:\WINDOWS\SYSTEM32\fccaxww.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks again

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 27 July 2007 - 03:30 AM

VundoFix didn't find all of the Vundo infections, so we weill try to remove them another way.
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click "Scan for Vundo" button.
Once the scan is complete, right click inside the listbox (white box) and click "Add More Files"
Copy and paste the entries below into the top boxes (no arrows):

--> C:\WINDOWS\SYSTEM32\oielatfn.dll

Click "Add Files" and click "Close Window".
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your Desktop will go blank as it starts removing Vundo - this is normal.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 marito435

marito435
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 27 July 2007 - 12:18 PM

Hello again
I found the VundoFix.txt but it looks the same, I didn't find a new one

Vundofix:

VundoFix V6.5.6

Checking Java version...

Scan started at 08:04:33 p.m. 26/07/2007

Listing files found while scanning....

C:\windows\system32\achayepp.dll
C:\windows\system32\acluwmlp.exe
C:\windows\system32\afeydait.exe
C:\windows\system32\aglcifxe.exe
C:\windows\system32\ajrjkmty.exe
C:\windows\system32\bagfqehk.exe
C:\windows\system32\bbvmvgkt.exe
C:\windows\system32\bdgncapy.dll
C:\windows\system32\bsywpcyh.exe
C:\windows\system32\btuflmwb.dll
C:\windows\system32\bxdycglk.exe
C:\windows\system32\cdalyvur.exe
C:\windows\system32\dbrogqlw.exe
C:\windows\system32\dbyrtpkp.exe
C:\windows\system32\dhxqyabu.exe
C:\windows\system32\doeqtpqu.exe
C:\windows\system32\dreugshw.exe
C:\windows\system32\dsysxmwt.dll
C:\windows\system32\efloupdb.exe
C:\windows\system32\erkpdste.dll
C:\windows\system32\fgshhkra.exe
C:\windows\system32\fkmhuofa.exe
C:\windows\system32\fktwqvkt.dll
C:\windows\system32\fwwtumvi.exe
C:\windows\system32\gdxwmyum.exe
C:\windows\system32\gkfrecac.exe
C:\windows\system32\gqeckjps.exe
C:\windows\system32\hfnavvri.exe
C:\windows\system32\hkfunpcd.exe
C:\windows\system32\hvbvohao.exe
C:\windows\system32\iaoklbyb.exe
C:\windows\system32\iiwjmkfl.exe
C:\windows\system32\ijsckugc.exe
C:\windows\system32\ijsifotf.exe
C:\windows\system32\imayefbf.dll
C:\windows\system32\ivsqwmra.exe
C:\windows\system32\kfnlqyae.exe
C:\windows\system32\kmfrfkgb.exe
C:\windows\system32\kqpkpvto.dll
C:\windows\system32\ktppamhh.dll
C:\windows\system32\laqjonpy.dll
C:\windows\system32\lpcpador.dll
C:\windows\system32\lvwlfbaw.exe
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.tmp
C:\windows\system32\mslykybg.exe
C:\WINDOWS\system32\mxrmpqgl.dll
C:\windows\system32\nhcgmapt.exe
C:\windows\system32\nrixfdjc.exe
C:\windows\system32\omxbdxuo.dll
C:\windows\system32\orrgshet.dll
C:\windows\system32\tabihjgh.exe
C:\windows\system32\tehsgrro.ini
C:\windows\system32\tgdjvfnh.exe
C:\windows\system32\twmxsysd.ini
C:\windows\system32\uprbpenc.exe
C:\windows\system32\vsmscxit.exe
C:\windows\system32\yludqwww.exe
C:\windows\system32\yssdltdc.exe

Beginning removal...

Attempting to delete C:\windows\system32\achayepp.dll
C:\windows\system32\achayepp.dll Has been deleted!

Attempting to delete C:\windows\system32\acluwmlp.exe
C:\windows\system32\acluwmlp.exe Has been deleted!

Attempting to delete C:\windows\system32\afeydait.exe
C:\windows\system32\afeydait.exe Has been deleted!

Attempting to delete C:\windows\system32\aglcifxe.exe
C:\windows\system32\aglcifxe.exe Has been deleted!

Attempting to delete C:\windows\system32\ajrjkmty.exe
C:\windows\system32\ajrjkmty.exe Has been deleted!

Attempting to delete C:\windows\system32\bagfqehk.exe
C:\windows\system32\bagfqehk.exe Has been deleted!

Attempting to delete C:\windows\system32\bbvmvgkt.exe
C:\windows\system32\bbvmvgkt.exe Has been deleted!

Attempting to delete C:\windows\system32\bdgncapy.dll
C:\windows\system32\bdgncapy.dll Has been deleted!

Attempting to delete C:\windows\system32\bsywpcyh.exe
C:\windows\system32\bsywpcyh.exe Has been deleted!

Attempting to delete C:\windows\system32\btuflmwb.dll
C:\windows\system32\btuflmwb.dll Has been deleted!

Attempting to delete C:\windows\system32\bxdycglk.exe
C:\windows\system32\bxdycglk.exe Has been deleted!

Attempting to delete C:\windows\system32\cdalyvur.exe
C:\windows\system32\cdalyvur.exe Has been deleted!

Attempting to delete C:\windows\system32\dbrogqlw.exe
C:\windows\system32\dbrogqlw.exe Has been deleted!

Attempting to delete C:\windows\system32\dbyrtpkp.exe
C:\windows\system32\dbyrtpkp.exe Has been deleted!

Attempting to delete C:\windows\system32\dhxqyabu.exe
C:\windows\system32\dhxqyabu.exe Has been deleted!

Attempting to delete C:\windows\system32\doeqtpqu.exe
C:\windows\system32\doeqtpqu.exe Has been deleted!

Attempting to delete C:\windows\system32\dreugshw.exe
C:\windows\system32\dreugshw.exe Has been deleted!

Attempting to delete C:\windows\system32\dsysxmwt.dll
C:\windows\system32\dsysxmwt.dll Has been deleted!

Attempting to delete C:\windows\system32\efloupdb.exe
C:\windows\system32\efloupdb.exe Has been deleted!

Attempting to delete C:\windows\system32\erkpdste.dll
C:\windows\system32\erkpdste.dll Has been deleted!

Attempting to delete C:\windows\system32\fgshhkra.exe
C:\windows\system32\fgshhkra.exe Has been deleted!

Attempting to delete C:\windows\system32\fkmhuofa.exe
C:\windows\system32\fkmhuofa.exe Has been deleted!

Attempting to delete C:\windows\system32\fktwqvkt.dll
C:\windows\system32\fktwqvkt.dll Has been deleted!

Attempting to delete C:\windows\system32\fwwtumvi.exe
C:\windows\system32\fwwtumvi.exe Has been deleted!

Attempting to delete C:\windows\system32\gdxwmyum.exe
C:\windows\system32\gdxwmyum.exe Has been deleted!

Attempting to delete C:\windows\system32\gkfrecac.exe
C:\windows\system32\gkfrecac.exe Has been deleted!

Attempting to delete C:\windows\system32\gqeckjps.exe
C:\windows\system32\gqeckjps.exe Has been deleted!

Attempting to delete C:\windows\system32\hfnavvri.exe
C:\windows\system32\hfnavvri.exe Has been deleted!

Attempting to delete C:\windows\system32\hkfunpcd.exe
C:\windows\system32\hkfunpcd.exe Has been deleted!

Attempting to delete C:\windows\system32\hvbvohao.exe
C:\windows\system32\hvbvohao.exe Has been deleted!

Attempting to delete C:\windows\system32\iaoklbyb.exe
C:\windows\system32\iaoklbyb.exe Has been deleted!

Attempting to delete C:\windows\system32\iiwjmkfl.exe
C:\windows\system32\iiwjmkfl.exe Has been deleted!

Attempting to delete C:\windows\system32\ijsckugc.exe
C:\windows\system32\ijsckugc.exe Has been deleted!

Attempting to delete C:\windows\system32\ijsifotf.exe
C:\windows\system32\ijsifotf.exe Has been deleted!

Attempting to delete C:\windows\system32\imayefbf.dll
C:\windows\system32\imayefbf.dll Has been deleted!

Attempting to delete C:\windows\system32\ivsqwmra.exe
C:\windows\system32\ivsqwmra.exe Has been deleted!

Attempting to delete C:\windows\system32\kfnlqyae.exe
C:\windows\system32\kfnlqyae.exe Has been deleted!

Attempting to delete C:\windows\system32\kmfrfkgb.exe
C:\windows\system32\kmfrfkgb.exe Has been deleted!

Attempting to delete C:\windows\system32\kqpkpvto.dll
C:\windows\system32\kqpkpvto.dll Has been deleted!

Attempting to delete C:\windows\system32\ktppamhh.dll
C:\windows\system32\ktppamhh.dll Has been deleted!

Attempting to delete C:\windows\system32\laqjonpy.dll
C:\windows\system32\laqjonpy.dll Has been deleted!

Attempting to delete C:\windows\system32\lpcpador.dll
C:\windows\system32\lpcpador.dll Has been deleted!

Attempting to delete C:\windows\system32\lvwlfbaw.exe
C:\windows\system32\lvwlfbaw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\mmllm.tmp Has been deleted!

Attempting to delete C:\windows\system32\mslykybg.exe
C:\windows\system32\mslykybg.exe Has been deleted!

Attempting to delete C:\windows\system32\nhcgmapt.exe
C:\windows\system32\nhcgmapt.exe Has been deleted!

Attempting to delete C:\windows\system32\nrixfdjc.exe
C:\windows\system32\nrixfdjc.exe Has been deleted!

Attempting to delete C:\windows\system32\omxbdxuo.dll
C:\windows\system32\omxbdxuo.dll Has been deleted!

Attempting to delete C:\windows\system32\orrgshet.dll
C:\windows\system32\orrgshet.dll Has been deleted!

Attempting to delete C:\windows\system32\tabihjgh.exe
C:\windows\system32\tabihjgh.exe Has been deleted!

Attempting to delete C:\windows\system32\tehsgrro.ini
C:\windows\system32\tehsgrro.ini Has been deleted!

Attempting to delete C:\windows\system32\tgdjvfnh.exe
C:\windows\system32\tgdjvfnh.exe Has been deleted!

Attempting to delete C:\windows\system32\twmxsysd.ini
C:\windows\system32\twmxsysd.ini Has been deleted!

Attempting to delete C:\windows\system32\uprbpenc.exe
C:\windows\system32\uprbpenc.exe Has been deleted!

Attempting to delete C:\windows\system32\vsmscxit.exe
C:\windows\system32\vsmscxit.exe Has been deleted!

Attempting to delete C:\windows\system32\yludqwww.exe
C:\windows\system32\yludqwww.exe Has been deleted!

Attempting to delete C:\windows\system32\yssdltdc.exe
C:\windows\system32\yssdltdc.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Scan started at 12:31:58 p.m. 27/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\pmkjj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Has been deleted!

Performing Repairs to the registry.
Done!

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 01:15:43 p.m., on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Emilio Arias\Application Data\Mozilla\Profiles\default\9n4bb4zf.slt\prefs.js)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\qyaofewf.dll",sitypnow
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 27 July 2007 - 02:36 PM

Try deleting the old log, then using my instructions to run it once more. A new log should be created ...

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 marito435

marito435
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 27 July 2007 - 05:57 PM

Here is the new VundoFix Log:

VundoFix V6.5.6

Checking Java version...

Scan started at 05:32:10 p.m. 27/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.ini
C:\windows\system32\figomcqq.exe
C:\WINDOWS\system32\pmkhe.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini Has been deleted!

Attempting to delete C:\windows\system32\figomcqq.exe
C:\windows\system32\figomcqq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhe.dll Has been deleted!

Performing Repairs to the registry.
Done!

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users