Problem with redirection of Google searches[solved]

khanykhany Madrid - Spain
edited November 2006 in Spyware & Virus Removal
For the last couple of weeks I have been having the following problem and it's driving me crazy :

- When I click on search results from Google I am often, not always, transferred to other search sites which are more often than not a waste of time.

Having read many of the threads ib Short-Media Forums I have tried several things already but cannot get rid of the problem.

Here is what I have done so far:
- I ran AVG anti-spyware, both in normal and safe mode. It found several trojans and following instructions "quarantined" them but the problem still persists.
- I ran McAfee Antivirus: no problems found
- I ran Spybot Search & Destroy - it found and deleted spyware but then the problem still continues
- I ran Panda Active Scan and the same issues still arise

Can anyone help me please ?

I enclose the HijackThis logile.

Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 1:08:30, on 07/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe
C:\ARCHIV~1\McAfee\MSC\mclogsrv.exe
C:\ARCHIV~1\McAfee\MSC\mcupdmgr.exe
c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe
c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe
C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\ARCHIV~1\McAfee\MSC\mctskshd.exe
C:\ARCHIV~1\McAfee\MSC\mcusrmgr.exe
C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\?dobe\??erinit.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\ARCHIV~1\ARCHIV~1\McAfee\EmProxy\emproxy.exe
C:\ARCHIV~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANKK~1\CONFIG~1\Temp\Rar$EX01.470\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rfk.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.es
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {C26B6C77-FFE4-8F40-B56F-887AE5E20FE2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - (no file)
O2 - BHO: (no name) - {4C619DAF-3DFE-1A20-C977-0A4FD94E959A} - C:\WINDOWS\system32\ejtywvi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {668454DC-F647-D521-AFE7-07F1112A0093} - C:\WINDOWS\system32\mftzwgg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\archivos de programa\mcafee\virusscan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE5FFBB1-C855-4904-9BFC-0E88F9A0096A} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ejtywvi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ejtywvi.dll,zzznryc
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Rnpw] "C:\WINDOWS\STEM32~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Micidxd] C:\WINDOWS\?dobe\??erinit.exe
O4 - Global Startup: Inicio rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Crear un favorito móvil - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARCHIV~1\ARCHIV~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Archivos de programa\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Comments

  • reficul
    edited November 2006
    http://www.trendmicro.com/cwshredder/ try this, instant dl. I am really busy atm but if you are impatient you can 100% fix your problem and gain some knowledge here http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview goodluck. and do an online scan here http://www.ewido.net/en/onlinescan/ you will still most likely have some extra steps, but start there. also, dl "ccleaner"
  • reficul
    edited November 2006
    oh yeah, my bad.....i forgot AVG bought ewido....try "trojan hunter"....i believe you aregoing to need to turn system restore off before you can get rid of your problem. read about hjt http://www.castlecops.com/HijackThis.html and if and when you need help and/or havent gotten any I will help u. currently taking care of two kitties with kitty aids. (FIV)
  • khanykhany Madrid - Spain
    edited November 2006
    Sorry to hear about the FIV problem. Thanks for your help.

    I have followed your instructions.

    First I ran the CWShredder program and this found nothing. I enclose the report that was generated:

    **** Run Keys ****

    RUN: [LaunchApp] Alaunch
    RUN: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
    RUN: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
    RUN: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
    RUN: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    RUN: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    RUN: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    RUN: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    RUN: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    RUN: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    RUN: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    RUN: [EPM-DM] c:\acer\epm\epm-dm.exe
    RUN: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    RUN: [LManager] C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
    RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    RUN: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    RUN: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
    RUN: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
    RUN: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    RUN: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"
    RUN: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    RUN: [ejtywvi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ejtywvi.dll,zzznryc
    RUN: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
    RUN: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    RUN: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    RUN: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
    RUN: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    RUN: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    RUN: [Rnpw] "C:\WINDOWS\STEM32~1\wuauclt.exe" -vt yazb
    RUN: [Micidxd] C:\WINDOWS\?dobe\??erinit.exe


    **** Browser Helper Objects ****

    BHO: [Adobe PDF Reader Link Helper] C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    BHO: [Adobe PDF Reader Link Helper] C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    BHO: [Adobe PDF Reader Link Helper] C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    BHO: [Adobe PDF Reader Link Helper] C:\WINDOWS\system32\ejtywvi.dll
    BHO: [Adobe PDF Reader Link Helper] C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
    BHO: [Adobe PDF Reader Link Helper] C:\WINDOWS\system32\mftzwgg.dll
    BHO: [SSVHelper Class] C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    BHO: [scriptproxy] c:\archivos de programa\mcafee\virusscan\scriptsn.dll
    BHO: [Google Toolbar Helper] c:\archivos de programa\google\googletoolbar2.dll
    BHO: [Google Toolbar Helper] c:\archivos de programa\google\googletoolbar2.dll


    **** IE Toolbars ****

    TOOLBAR: [McAfee SiteAdvisor] C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    TOOLBAR: [&Google] c:\archivos de programa\google\googletoolbar2.dll


    **** IE Extensions ****

    IEExt: []
    IEExt: [Crear un favorito móvil]
    IEExt: [Crear un favorito móvil]
    IEExt: [Referencia]
    IEExt: [Referencia]
    IEExt: [Messenger] C:\Archivos de programa\Messenger\msmsgs.exe


    **** Hosts File Entries ****

    HOSTS: 127.0.0.1 localhost
    HOSTS: 127.0.0.1 localhost


    **** IE Settings ****

    IEBypass: <local>
    Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default Search: http://www.google.com/ie
    Local Page: C:\WINDOWS\system32\blank.htm
    Search Bar: http://www.google.com/ie
    Search Page: http://www.google.com


    **** IE Context Menu (Right click) ****

    IEContext: [E&xportar a Microsoft Excel] res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


    **** Layered Service Providers ****

    LSP: MSAFD Irda [IrDA]
    LSP: MSAFD Tcpip [TCP/IP]
    LSP: MSAFD Tcpip [UDP/IP]
    LSP: RSVP UDP Service Provider
    LSP: RSVP TCP Service Provider
    LSP: MSAFD RfComm [Bluetooth]
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79AAE5C6-8524-4DFE-8587-2DA52C28E2C7}] SEQPACKET 8
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{79AAE5C6-8524-4DFE-8587-2DA52C28E2C7}] DATAGRAM 8
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{805E4F77-7CCC-4A7E-A4E4-F29AAF4799A0}] SEQPACKET 2
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{805E4F77-7CCC-4A7E-A4E4-F29AAF4799A0}] DATAGRAM 2
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8903FB4F-94A5-406E-A30F-96F21908FC09}] SEQPACKET 1
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8903FB4F-94A5-406E-A30F-96F21908FC09}] DATAGRAM 1
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BEF10975-3E45-4C93-A147-D8379E6DF7EC}] SEQPACKET 0
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BEF10975-3E45-4C93-A147-D8379E6DF7EC}] DATAGRAM 0
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F6D9553-F681-4676-82D0-1C4BD9B681A8}] SEQPACKET 5
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F6D9553-F681-4676-82D0-1C4BD9B681A8}] DATAGRAM 5
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A39706F0-885F-40DD-8472-E608CFEFCD9E}] SEQPACKET 3
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A39706F0-885F-40DD-8472-E608CFEFCD9E}] DATAGRAM 3
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{107D86ED-85E1-476D-A95B-DCA2021130B0}] SEQPACKET 4
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{107D86ED-85E1-476D-A95B-DCA2021130B0}] DATAGRAM 4
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CAFA519-8D9D-4BDC-B84E-8990911267F2}] SEQPACKET 6
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CAFA519-8D9D-4BDC-B84E-8990911267F2}] DATAGRAM 6
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{709F52DA-A950-486A-932B-87FC15A599CC}] SEQPACKET 7
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{709F52DA-A950-486A-932B-87FC15A599CC}] DATAGRAM 7


    **** Blocked Control Panel Items ****

    BLOCKED: [ncpa.cpl] No
    BLOCKED: [odbccp32.cpl] No


    **** Downloaded Program Files ****

    {17492023-C23A-453E-A040-C7C580BBF700} [http://go.microsoft.com/fwlink/?LinkID=39204] C:\WINDOWS\system32\GWFSPidGen.DLL C:\WINDOWS\system32\LegitCheckControl.DLL
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab]
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab]
    {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab]
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


    **** Windows Services ****

    [Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
    [ALG] %SystemRoot%\System32\alg.exe
    [anbmService] C:\Acer\eManager\anbmServ.exe
    [AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
    [Ati HotKey Poller] %SystemRoot%\system32\Ati2evxx.exe
    [AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
    [BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
    [Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
    [BthServ] %SystemRoot%\system32\svchost.exe -k bthsvcs
    [CiSvc] %SystemRoot%\system32\cisvc.exe
    [ClipSrv] %SystemRoot%\system32\clipsrv.exe
    [COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    [CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
    [DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
    [Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
    [dmadmin] %SystemRoot%\System32\dmadmin.exe /com
    [dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
    [ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Eventlog] %SystemRoot%\system32\services.exe
    [EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
    [FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Fax] %systemroot%\system32\fxssvc.exe
    [helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
    [HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
    [HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
    [Imapi Helper] "C:\Archivos de programa\Alex Feinman\ISO Recorder\ImapiHelper.exe"
    [ImapiService] C:\WINDOWS\system32\imapi.exe
    [Irmon] %SystemRoot%\system32\svchost.exe -k netsvcs
    [lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
    [lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
    [LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
    [Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
    [mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
    [MSDTC] C:\WINDOWS\system32\msdtc.exe
    [MSIServer] C:\WINDOWS\system32\msiexec.exe /V
    [NetDDE] %SystemRoot%\system32\netdde.exe
    [NetDDEdsdm] %SystemRoot%\system32\netdde.exe
    [Netlogon] %SystemRoot%\system32\lsass.exe
    [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
    [NtLmSsp] %SystemRoot%\system32\lsass.exe
    [NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
    [ose] "C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE"
    [PlugPlay] %SystemRoot%\system32\services.exe
    [Pml Driver HPZ12] C:\WINDOWS\system32\HPZipm12.exe
    [PolicyAgent] %SystemRoot%\system32\lsass.exe
    [ProtectedStorage] %SystemRoot%\system32\lsass.exe
    [RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
    [RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RpcLocator] %SystemRoot%\system32\locator.exe
    [RpcSs] %SystemRoot%\system32\svchost -k rpcss
    [RSVP] %SystemRoot%\system32\rsvp.exe
    [SamSs] %SystemRoot%\system32\lsass.exe
    [SCardSvr] %SystemRoot%\System32\SCardSvr.exe
    [Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
    [seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
    [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
    [SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
    [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Spooler] %SystemRoot%\system32\spoolsv.exe
    [srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
    [SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
    [stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
    [SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{FB991F32-7579-4C23-A3EF-261293D97F19}
    [SysmonLog] %SystemRoot%\system32\smlogsvc.exe
    [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
    [TermService] %SystemRoot%\System32\svchost -k DComLaunch
    [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
    [TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
    [upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
    [UPS] %SystemRoot%\System32\ups.exe
    [usnsvc] C:\WINDOWS\system32\svchost.exe -k usnsvc
    [VSS] %SystemRoot%\System32\vssvc.exe
    [W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
    [WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
    [winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
    [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
    [WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
    [wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
    [wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
    [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
    [xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


    **** Custom IE Search Items ****

    SEARCH: [SearchAssistant] http://www.google.com/ie
    SEARCH: [SearchAssistant] http://www.google.com/ie
    SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    SEARCH: [Default_Search_URL] http://www.google.com/ie


    **** Complete IE Options ****

    IEOPT: [NoUpdateCheck]
    IEOPT: [NoJITSetup]
    IEOPT: [Disable Script Debugger] yes
    IEOPT: [Show_ChannelBand] No
    IEOPT: [Anchor Underline] yes
    IEOPT: [Cache_Update_Frequency] Once_Per_Session
    IEOPT: [Display Inline Images] yes
    IEOPT: [Do404Search]
    IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
    IEOPT: [Save_Session_History_On_Exit] no
    IEOPT: [Show_FullURL] no
    IEOPT: [Show_StatusBar] yes
    IEOPT: [Show_ToolBar] yes
    IEOPT: [Show_URLinStatusBar] yes
    IEOPT: [Show_URLToolBar] yes
    IEOPT: [Start Page] http://www.rfk.es/
    IEOPT: [Use_DlgBox_Colors] yes
    IEOPT: [Search Page] http://www.google.com
    IEOPT: [StatusBarOther]
    IEOPT: [FullScreen] no
    IEOPT: [Window_Placement] ,
    IEOPT: [AddToFavoritesExpanded]
    IEOPT: [NotifyDownloadComplete] yes
    IEOPT: [Use Search Asst] no
    IEOPT: [Search Bar] http://www.google.com/ie
    IEOPT: [Enable Browser Extensions] yes
    IEOPT: [Use FormSuggest] yes
    IEOPT: [FavoritesExportFile] C:\Documents and Settings\Frank Khan\Escritorio\Portable\bookmark sofedu.htm
    IEOPT: [FavoritesImportFolder] C:\Documents and Settings\Frank Khan\Favoritos\Sofii y Edu
    IEOPT: [Expand Alt Text] no
    IEOPT: [Move System Caret] no
    IEOPT: [NscSingleExpand]
    IEOPT: [DisableScriptDebuggerIE] yes
    IEOPT: [Force Offscreen Composition]
    IEOPT: [FavIntelliMenus] no
    IEOPT: [UseThemes]
    IEOPT: [NoWebJITSetup]
    IEOPT: [Page_Transitions]
    IEOPT: [AllowWindowReuse]
    IEOPT: [ShowGoButton] yes
    IEOPT: [Friendly http errors] yes
    IEOPT: [Error Dlg Displayed On Every Error] no
    IEOPT: [SmoothScroll]
    IEOPT: [Print_Background] no
    IEOPT: [Play_Animations] yes
    IEOPT: [Enable_MyPics_Hoverbar] yes
    IEOPT: [Enable AutoImageResize] yes
    IEOPT: [Show image placeholders]
    IEOPT: [Display Inline Videos] yes
    IEOPT: [Play_Background_Sounds] yes
    IEOPT: [LastCheckedHi]
    IEOPT: [FormSuggest PW Ask] no
    IEOPT: [AutoSearch]
    IEOPT: [XMLHTTP]
    IEOPT: [UseClearType] yes
    IEOPT: [RunOnceHasShown]
    IEOPT: [CompatibilityFlags]
    IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    IEOPT: [Default_Search_URL] http://www.google.com/ie
    IEOPT: [Search Page] http://www.google.es
    IEOPT: [Enable_Disk_Cache] yes
    IEOPT: [Cache_Percent_of_Disk]
    IEOPT: [Delete_Temp_Files_On_Exit] yes
    IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
    IEOPT: [Anchor_Visitation_Horizon]
    IEOPT: [Use_Async_DNS] yes
    IEOPT: [Placeholder_Width]
    IEOPT: [Placeholder_Height]
    IEOPT: [Start Page] http://www.msn.com
    IEOPT: [CompanyName] Microsoft Corporation
    IEOPT: [Custom_Key] MICROSO
    IEOPT: [Wizard_Version] 6.0.2600.0000
    IEOPT: [FullScreen] no


    Then I followed the "checklist" of removal programs from castlecops.com i.e.:

    -VundoFix V6.2.7 which found and removed C:\WINDOWS\system32\mftzwgg.dll

    - Smitfraud Fix

    - CCleaner

    - Spybot Search & Destroy

    - AVG-Antispyware (in SafeMode)
    AVG Anti-Spyware - Informe del análisis

    + Creado en: 11:40:33 07/11/2006

    + Resultado del análisis:



    C:\Documents and Settings\Frank Khan\Cookies\frank [email]khan@112.2o7[2].txt[/email] -> TrackingCookie.2o7 : Limpios.
    C:\Documents and Settings\Frank Khan\Cookies\frank [email]khan@homestore.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Limpios.
    C:\Documents and Settings\Frank Khan\Cookies\frank [email]khan@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Limpios.
    C:\Documents and Settings\Frank Khan\Cookies\frank [email]khan@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Limpios.
    C:\Documents and Settings\Frank Khan\Cookies\frank [email]khan@findwhat[1].txt[/email] -> TrackingCookie.Findwhat : Limpios.
    C:\Documents and Settings\Frank Khan\Cookies\frank [email]khan@mediaplex[1].txt[/email] -> TrackingCookie.Mediaplex : Limpios.
    C:\Documents and Settings\Frank Khan\Cookies\frank [email]khan@www.myaffiliateprogram[2].txt[/email] -> TrackingCookie.Myaffiliateprogram : Limpios.
    C:\Documents and Settings\Frank Khan\Cookies\frank [email]khan@tribalfusion[2].txt[/email] -> TrackingCookie.Tribalfusion : Limpios.


    ::Fin del informe

    After checking several Google search results - the redirecting to other search results pages has disappeared but I a attaching the latest HijackThis logfile just in case I have missed anything.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:40:05, on 07/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe
    C:\ARCHIV~1\McAfee\MSC\mclogsrv.exe
    C:\ARCHIV~1\McAfee\MSC\mcupdmgr.exe
    C:\WINDOWS\Explorer.EXE
    c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
    C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe
    c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
    C:\ARCHIV~1\McAfee\MSC\mctskshd.exe
    C:\ARCHIV~1\McAfee\MSC\mcusrmgr.exe
    C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
    C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
    C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\acer\epm\epm-dm.exe
    C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
    C:\Archivos de programa\QuickTime\qttask.exe
    C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\VM_STI.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Archivos de programa\Windows Defender\MSASCui.exe
    C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\?dobe\??erinit.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.exe
    C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\HPBPRO.EXE
    C:\Archivos de programa\WinRAR\WinRAR.exe
    C:\DOCUME~1\FRANKK~1\CONFIG~1\Temp\Rar$EX00.515\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rfk.es/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {C26B6C77-FFE4-8F40-B56F-887AE5E20FE2} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O2 - BHO: (no name) - {4C619DAF-3DFE-1A20-C977-0A4FD94E959A} - C:\WINDOWS\system32\ejtywvi.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {668454DC-F647-D521-AFE7-07F1112A0093} - C:\WINDOWS\system32\mftzwgg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\archivos de programa\mcafee\virusscan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AE5FFBB1-C855-4904-9BFC-0E88F9A0096A} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [ejtywvi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ejtywvi.dll,zzznryc
    O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Rnpw] "C:\WINDOWS\STEM32~1\wuauclt.exe" -vt yazb
    O4 - HKCU\..\Run: [Micidxd] C:\WINDOWS\?dobe\??erinit.exe
    O4 - Global Startup: Inicio rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Crear un favorito móvil - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARCHIV~1\ARCHIV~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Archivos de programa\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    Thanks again and I hope to hear from you soon.
  • jmoney3457jmoney3457 Maine
    edited November 2006
    hi khany:Please download VundoFix.exe
    to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above
    instructions starting from "Click the Scan for Vundo button." when
    VundoFix appears at reboot.
  • khanykhany Madrid - Spain
    edited November 2006
    Hello,

    I already ran VundoFix V6.2.7 yesterday which found and removed C:\WINDOWS\system32\mftzwgg.dll. However, following your instructions I have re-run it (no files were found) and attach the report:

    VundoFix V6.2.7

    Checking Java version...

    Sun Java not detected
    Scan started at 10:26:23 07/11/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\mftzwgg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\mftzwgg.dll
    C:\WINDOWS\system32\mftzwgg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.7

    Checking Java version...

    Sun Java not detected
    Scan started at 1:02:00 08/11/2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...


    I then ran HijackThis and am attaching the log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:10:48, on 08/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe
    C:\ARCHIV~1\McAfee\MSC\mclogsrv.exe
    C:\ARCHIV~1\McAfee\MSC\mcupdmgr.exe
    c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
    C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe
    c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\ARCHIV~1\McAfee\MSC\mctskshd.exe
    C:\ARCHIV~1\McAfee\MSC\mcusrmgr.exe
    C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
    C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
    C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
    C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\acer\epm\epm-dm.exe
    C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
    C:\Archivos de programa\QuickTime\qttask.exe
    C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Archivos de programa\Windows Defender\MSASCui.exe
    C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\?dobe\??erinit.exe
    C:\Archivos de programa\Skype\Phone\Skype.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.exe
    C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Archivos de programa\WinRAR\WinRAR.exe
    C:\DOCUME~1\FRANKK~1\CONFIG~1\Temp\Rar$EX00.608\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rfk.es/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {C26B6C77-FFE4-8F40-B56F-887AE5E20FE2} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O2 - BHO: (no name) - {4C619DAF-3DFE-1A20-C977-0A4FD94E959A} - C:\WINDOWS\system32\ejtywvi.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {668454DC-F647-D521-AFE7-07F1112A0093} - C:\WINDOWS\system32\mftzwgg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\archivos de programa\mcafee\virusscan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AE5FFBB1-C855-4904-9BFC-0E88F9A0096A} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [ejtywvi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ejtywvi.dll,zzznryc
    O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Rnpw] "C:\WINDOWS\STEM32~1\wuauclt.exe" -vt yazb
    O4 - HKCU\..\Run: [Micidxd] C:\WINDOWS\?dobe\??erinit.exe
    O4 - Global Startup: Inicio rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Crear un favorito móvil - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARCHIV~1\ARCHIV~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Archivos de programa\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    I must say that I have not experienced the google search results redirection problem that I first posted but would appreciate it if you could confirm that the latest HijackThis Log is clean.
    Thanks again

    Khany
  • jmoney3457jmoney3457 Maine
    edited November 2006
    already beat me to vundofix good job:wink: fix the following lines in HJT (make sure no windows/browsers other than hjt are open):R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {C26B6C77-FFE4-8F40-B56F-887AE5E20FE2} - (no file)
    O2 - BHO: (no name) - {4C619DAF-3DFE-1A20-C977-0A4FD94E959A} - C:\WINDOWS\system32\ejtywvi.dll
    O2 - BHO: (no name) - {668454DC-F647-D521-AFE7-07F1112A0093} - C:\WINDOWS\system32\mftzwgg.dll (file missing)     then reboot post new log:)
  • khanykhany Madrid - Spain
    edited November 2006
    hi again,

    Following your instructions I have checked and fixed the lines you mentioned.
    Rebooted and enclose new log :

    Logfile of HijackThis v1.99.1
    Scan saved at 11:31:53, on 10/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe
    C:\ARCHIV~1\McAfee\MSC\mclogsrv.exe
    C:\ARCHIV~1\McAfee\MSC\mcupdmgr.exe
    c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
    C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe
    c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
    C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\ARCHIV~1\McAfee\MSC\mctskshd.exe
    C:\WINDOWS\Explorer.EXE
    C:\ARCHIV~1\McAfee\MSC\mcusrmgr.exe
    C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
    c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
    C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
    C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
    C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\acer\epm\epm-dm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
    C:\Archivos de programa\QuickTime\qttask.exe
    C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\VM_STI.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Archivos de programa\Windows Defender\MSASCui.exe
    C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
    C:\Archivos de programa\WinRAR\WinRAR.exe
    C:\DOCUME~1\FRANKK~1\CONFIG~1\Temp\Rar$EX00.505\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rfk.es/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\archivos de programa\mcafee\virusscan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
    O2 - BHO: (no name) - {AE5FFBB1-C855-4904-9BFC-0E88F9A0096A} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Archivos de programa\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [ejtywvi.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ejtywvi.dll,zzznryc
    O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Rnpw] "C:\WINDOWS\STEM32~1\wuauclt.exe" -vt yazb
    O4 - Global Startup: Inicio rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Crear un favorito móvil - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Archivos de programa\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\4144\SiteAdv.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\ARCHIV~1\ARCHIV~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Archivos de programa\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    At the moment I am not facing the redirection of Google searh results but would still wish to confirm that everything looks clean.

    Thanks again & best regards,

    khany
  • jmoney3457jmoney3457 Maine
    edited November 2006
    you are all set i'll mark this resolved/close it..glad we could help:) and i'll leave you with these suggestions->Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
    1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

      You can find instructions on how to enable and reenable system restore here:

      Managing Windows Millenium System Restore

      or

      Windows XP System Restore Guide

      Re-enable system restore with instructions from tutorial above
      Next,

      This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

      Step 1: Delete Temp Files
      To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

      This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

      Step 2: Delete Temporary Internet Files
      Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

    2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        1. Change the Download signed ActiveX controls to Prompt
        2. Change the Download unsigned ActiveX controls to Disable
        3. Change the Initialize and script ActiveX controls not marked as safe to Disable
        4. Change the Installation of desktop items to Prompt
        5. Change the Launching programs and files in an IFRAME to Prompt
        6. Change the Navigate sub-frames across different domains to Prompt
        7. When all these settings have been made, click on the OK button.
        8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

      See this link for a listing of some online & their stand-alone antivirus programs:

      Virus, Spyware, and Malware Protection and Removal Resources

    4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

      For a tutorial on Firewalls and a listing of some available ones see the link below:

      Understanding and Using Firewalls

    6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

      A tutorial on installing & using this product can be found here:

      Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

    8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

      A tutorial on installing & using this product can be found here:

      Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

    9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    here are some additional utilities that will enhance your safety
    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software
    Hide System Files
    1. Click Start.
    2. Open My Computer.
    3. Select Tools menu
    4. Click Folder Options.
    5. Select the View Tab.
    6. Uncheck Show hidden files and foldersin the Hidden files and folders section.
    7. Select Hide protected operating system files (recommended) option.
    8. Check the Hide file extensions for known file types option.
    9. Click Yes.
    10. Click OK.
  • jmoney3457jmoney3457 Maine
    edited November 2006
    I’m going to close this thread and mark it resolved. Glad we could help, if you (original topic starter) need this thread re-opened please send a PM=>[url] http://www.short-media.com/forum/private.php?do=newpm [/url] to one of the admins/mods from this list=>[url] http://www.short-media.com/forum/showgroups.php?s= [/url] with a link to this thread and for everyone else please start your own thread thank you
This discussion has been closed.