Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • Please log in to reply
3 replies to this topic

#1 clfwags

clfwags

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 27 October 2004 - 12:40 PM

Don't know where to start with this one, :thumbsup: any help would be appreciated.
thanks,
clfwags

Logfile of HijackThis v1.97.7
Scan saved at 10:26:29, on 27/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\UPS\WorldShip\Wshipservicecom.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\Archivos de programa\Java\j2re1.4.2_05\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
c:\archiv~1\intern~1\iexplore.exe
C:\Archivos de programa\j2 Messenger\Dllcmd32.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Logitech\Video\FxSvr2.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\yadira\Escritorio\HijackThis.exe
C:\Documents and Settings\yadira\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ncwshekszffcemop.net/hcecxFx0FG...K1bs3V/u/G.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.witbtqurxjqfaxvimtvzwk.com/hcec...tC47rsyeHc.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2066B843-1A64-1B02-BF48-86785B2DD666} - C:\ARCHIV~1\VgaDumb\about browse.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7BA54DE5-87BA-1F5A-E971-9D9E9FF84EAA} - C:\DOCUME~1\yadira\DATOSD~1\VgaDumb\about browse.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Archivos de programa\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Archivos de programa\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [BlehTestStopAce] C:\Documents and Settings\All Users\Datos de programa\Size Build Bleh Test\chin bags.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Archivos de programa\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [acidregs] C:\DOCUME~1\yadira\DATOSD~1\FILEHO~1\Bind name.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: j2 Tray Menu.lnk = C:\Archivos de programa\j2 Messenger\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Archivos de programa\j2 Messenger\Dllcmd32.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Thanks again

BC AdBot (Login to Remove)

 


m

#2 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:40 PM

Posted 28 October 2004 - 12:24 AM

Please do this first:

Update HijackThis to version 1.98.2
To do that, do this;
• run HijackThis
select config> misc tools and select "update online". then yes.

If that doesn’t work download a new copy Here and then delete your old copy


Next:

Download Spybot - Search & Destroy Here

After installing, you MUST first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot clean all the items marked in red.

Next;

Now download Ad-Aware SE Here
After installing AAW, and before running the program, you NEED to FIRST check for updates.

Reconfigure Ad-Aware SE for a custom scan:

Launch the program, and click on the Gear at the top of the start screen.

Under "General Settings" all available options should be selected.

Click the "Scanning" button.
Under "Drives, Folders and Files," select "Scan within Archives".
Click "Drives and folders to scan" and select your installed hard drives.
Under "Memory & Registry," select all options.

Click the "Advanced" button.
Under "Logfile detail level," select all options.

Click the "Defaults" button.
If you want to keep your current settings for your homepage and searchpage,
select "Read current settings from system." Otherwise, Ad-aware will reset them.

Click the "Tweak" button.
Under "Scanning Engine," select the following:
"Unload recognized processes during scanning."
Under "Cleaning Engine," select the following:
"Always try to unload modules before deletion."
"During removal unload Explorer and IE if necessary."
"Let Windows remove files in use after reboot."
Click on "Proceed" to save these Preferences.

Run the Ad-Aware scan, making sure that the mode selected is "Use custom scanning options."

When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" Reboot when finished.

When you've done all that, re-run Hijack This, and show me a fresh log.

There may be more to do!

Edited by 12g, 28 October 2004 - 12:27 AM.


#3 clfwags

clfwags
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 28 October 2004 - 11:20 AM

12G,
thanks for your help.
I followed your instructions. Here is the new file, please let me know what steps I should take next.

Logfile of HijackThis v1.98.2
Scan saved at 9:15:51, on 28/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\UPS\WorldShip\Wshipservicecom.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Logitech\Video\LogiTray.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Java\j2re1.4.2_05\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
c:\archiv~1\intern~1\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\j2 Messenger\HotTray.exe
C:\Archivos de programa\j2 Messenger\Dllcmd32.exe
C:\Archivos de programa\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\yadira\Escritorio\Nueva carpeta\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ncwshekszffcemop.net/hcecxFx0FG...K1bs3V/u/G.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.witbtqurxjqfaxvimtvzwk.com/hcec...tC47rsyeHc.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2066B843-1A64-1B02-BF48-86785B2DD666} - C:\ARCHIV~1\VgaDumb\about browse.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7BA54DE5-87BA-1F5A-E971-9D9E9FF84EAA} - C:\DOCUME~1\yadira\DATOSD~1\VgaDumb\about browse.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Archivos de programa\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Archivos de programa\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [BlehTestStopAce] C:\Documents and Settings\All Users\Datos de programa\Size Build Bleh Test\chin bags.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARCHIV~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Archivos de programa\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [acidregs] C:\DOCUME~1\yadira\DATOSD~1\FILEHO~1\Bind name.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: j2 Tray Menu.lnk = C:\Archivos de programa\j2 Messenger\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Archivos de programa\j2 Messenger\Dllcmd32.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab


Thank you again.

#4 12g

12g

  • Members
  • 450 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:40 PM

Posted 28 October 2004 - 11:57 AM

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ncwshekszffcemop.net/hcecxFx0FG...K1bs3V/u/G.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.witbtqurxjqfaxvimtvzwk.com/hcec...tC47rsyeHc.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {2066B843-1A64-1B02-BF48-86785B2DD666} - C:\ARCHIV~1\VgaDumb\about browse.exe (file missing)

O2 - BHO: (no name) - {7BA54DE5-87BA-1F5A-E971-9D9E9FF84EAA} - C:\DOCUME~1\yadira\DATOSD~1\VgaDumb\about browse.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe" <<You have Messenger Plus installed on your computer. This software is known to install spyware when you install it. If you would like to remove it, go into the Control Panel and Then Add/Remove programs and remove Messenger Plus.

O4 - HKLM\..\Run: [BlehTestStopAce] C:\Documents and Settings\All Users\Datos de programa\Size Build Bleh Test\chin bags.exe

O4 - HKCU\..\Run: [acidregs] C:\DOCUME~1\yadira\DATOSD~1\FILEHO~1\Bind name.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

Restart your computer in
Safe Mode Also make sure you show hidden and system files Then delete the following files or folders as indicated below if they still show:

Not all or any of these may still show,

C:\DOCUME~1\yadira\DATOSD~1\VgaDumb<<Folder
C:\Documents and Settings\All Users\Datos de programa\Size Build Bleh Test<<Folder
C:\DOCUME~1\yadira\DATOSD~1\FILEHO~1\Bind name.exe Possibly the folder, check it.

Reboot in Normal Mode, then post a fresh logfile so that I can check to see if it is clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users