Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

uskyonline page keeps interrupting me in everything I do

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

uskyonline page keeps interrupting me in everything I do

Unread postby ohmeohmi4 » August 15th, 2006, 12:27 pm

Logfile of HijackThis v1.99.1
Scan saved at 1:08:54 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\thiselt.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\Utilities\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - (no file)
O2 - BHO: (no name) - {2D40423F-2A03-4296-A41A-BF63556F6AE5} - (no file)
O2 - BHO: (no name) - {2E5DE072-C71E-43A1-ADC5-270B517263C7} - (no file)
O2 - BHO: (no name) - {3851DD9C-1E22-4B66-BD24-6C0D6C089500} - (no file)
O2 - BHO: (no name) - {39B9DF03-6C9D-4CAA-A6AE-2C8870E34ADC} - (no file)
O2 - BHO: (no name) - {3D8B2318-9693-4D71-B213-44BBF42A591F} - (no file)
O2 - BHO: (no name) - {40701517-F62F-423C-9298-FB942DAB6CDA} - (no file)
O2 - BHO: (no name) - {430884DB-EFBF-44CD-82E0-95F3C4F6D934} - (no file)
O2 - BHO: (no name) - {470127A0-5186-4F73-8698-D3A0A7B1C9AD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5D35CDA2-7D5B-47D0-B0AE-2A3172D11192} - (no file)
O2 - BHO: (no name) - {65AB42F7-15D2-4482-9330-093962D838A4} - (no file)
O2 - BHO: (no name) - {67FF2895-37D3-44EE-9E1D-E8E5AA56C6B5} - (no file)
O2 - BHO: (no name) - {6D00D5BD-781B-49AB-B728-580170722ED7} - C:\Program Files\Common Files\mebok.dll (file missing)
O2 - BHO: (no name) - {7200A48D-4B3F-4A38-830A-7A27DB2F34ED} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {78DCEF1E-6EE6-A903-D3ED-37E9F57877DF} - (no file)
O2 - BHO: (no name) - {8260CAEB-0F95-46C5-AACB-70B0301DA69D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9110BC8B-2D4F-5391-1A8E-05E2E92176C5} - (no file)
O2 - BHO: (no name) - {91241ACB-4469-4818-9BFB-7D25F506CE2A} - (no file)
O2 - BHO: (no name) - {9272ADE3-0AE6-01EB-8D7A-8B6E5C40BDAF} - (no file)
O2 - BHO: (no name) - {9766573D-83A7-44DE-83A9-AF491F779EA9} - (no file)
O2 - BHO: (no name) - {99A23E1C-208A-42E0-AC9B-E92AE462A14D} - (no file)
O2 - BHO: (no name) - {9B79DFEF-F00C-418A-8716-12691E35C9DE} - (no file)
O2 - BHO: (no name) - {A19A3A2C-376F-4499-B42A-04EF21AE3079} - (no file)
O2 - BHO: (no name) - {AC8FF096-6A0A-14D6-59F4-175372091790} - (no file)
O2 - BHO: (no name) - {AD42B6A6-B9A1-4697-9B4C-A287451B9CCF} - (no file)
O2 - BHO: (no name) - {B317C117-4F1A-4BA5-861D-30C4F80D1AF7} - (no file)
O2 - BHO: (no name) - {BBFAA2F8-6934-4EE1-3920-1AB35CBA0FC3} - (no file)
O2 - BHO: (no name) - {CD9CF100-D92F-4D7C-9B73-0FDE4BD367A5} - (no file)
O2 - BHO: (no name) - {CE4D196D-EB36-461D-932A-FABCA7D0FE47} - (no file)
O2 - BHO: (no name) - {E07DC582-E194-42ED-BC7C-10FE99CD4059} - (no file)
O2 - BHO: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - (no file)
O2 - BHO: (no name) - {FF73AA95-D97B-42F9-89CF-4DAD9D3BAE8E} - (no file)
O2 - BHO: (no name) - {FF93E74C-13C0-4321-8C4B-CCFFA50A8801} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.7.2.24/a ... -en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.6.5.22/b ... -en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.0.34/b ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.22/c ... -en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.2.21/b ... -en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.7.2.24/c ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.7.0.32/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.5.5.36/c ... -en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/c ... -en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.5.36/d ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.7.0.32/v ... -en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.2.24/e ... -en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.6.1.29/b ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.2.24/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/s ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.6.4.29/h ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.5.5.29/p ... -en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.6.5.22/gin/gin-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.6.4.29/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.6.4.21/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.7.2.24/p ... -en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.7.2.24/f ... -en_US.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game1.pogo.com/applet-6.5.5.29/t ... -en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.5.5.36/p ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.5.22/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.6.3.34/p ... -en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.6.5.22/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.6.0.27/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.2.24/p ... -en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.7.2.24/h ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.6.5.31/r ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.6.1.29/s ... -en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.6.2.21/s ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/p ... -en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.7.0.32/s ... -en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.7.2.24/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.6.4.21/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.5.36/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.5.5.36/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.7.2.24/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.4.21/h ... -en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.7.2.24/p ... -en_US.cab
O16 - DPF: Tube Runner by pogo - http://www.pogo.com/applet-6.5.5.36/tube/tube-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.4.29/j ... -en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/t ... -en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.6.1.29/v ... -en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.7.2.24/m ... -en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.5.22/w ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.4.21/w ... -en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.6.5.22/w ... -en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.2.24/w ... -en_US.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.games.yahoo.com/games/c ... /ft3_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - http://zone.msn.com/binFrameWork/v10/St ... b34120.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3395600655
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} - http://www.blizzard.com/support/includes/cabs/si.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/install ... nstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3412201506
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wo ... rdcube.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} - http://www.drivershq.com/cab/prod/Drive ... Member.CAB
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - http://zone.msn.com/bingame/zpagames/zp ... b34501.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wo ... rdmojo.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ ... oupons.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} - http://go.microsoft.com/fwlink/?linkid=49480
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames.pogo.com/online2/pogop ... der_v5.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
ohmeohmi4
Active Member
 
Posts: 1
Joined: August 15th, 2006, 12:19 pm
Advertisement
Register to Remove

Unread postby Shaba » August 16th, 2006, 11:42 am

Hi

Download and unzip BFU.zip from here.
Run the program and click the Web button as shown by the blue arrow below:
Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - (no file)
O2 - BHO: (no name) - {2D40423F-2A03-4296-A41A-BF63556F6AE5} - (no file)
O2 - BHO: (no name) - {2E5DE072-C71E-43A1-ADC5-270B517263C7} - (no file)
O2 - BHO: (no name) - {3851DD9C-1E22-4B66-BD24-6C0D6C089500} - (no file)
O2 - BHO: (no name) - {39B9DF03-6C9D-4CAA-A6AE-2C8870E34ADC} - (no file)
O2 - BHO: (no name) - {3D8B2318-9693-4D71-B213-44BBF42A591F} - (no file)
O2 - BHO: (no name) - {40701517-F62F-423C-9298-FB942DAB6CDA} - (no file)
O2 - BHO: (no name) - {430884DB-EFBF-44CD-82E0-95F3C4F6D934} - (no file)
O2 - BHO: (no name) - {470127A0-5186-4F73-8698-D3A0A7B1C9AD} - (no file)
O2 - BHO: (no name) - {5D35CDA2-7D5B-47D0-B0AE-2A3172D11192} - (no file)
O2 - BHO: (no name) - {65AB42F7-15D2-4482-9330-093962D838A4} - (no file)
O2 - BHO: (no name) - {67FF2895-37D3-44EE-9E1D-E8E5AA56C6B5} - (no file)
O2 - BHO: (no name) - {6D00D5BD-781B-49AB-B728-580170722ED7} - C:\Program Files\Common Files\mebok.dll (file missing)
O2 - BHO: (no name) - {7200A48D-4B3F-4A38-830A-7A27DB2F34ED} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {78DCEF1E-6EE6-A903-D3ED-37E9F57877DF} - (no file)
O2 - BHO: (no name) - {8260CAEB-0F95-46C5-AACB-70B0301DA69D} - (no file)
O2 - BHO: (no name) - {9110BC8B-2D4F-5391-1A8E-05E2E92176C5} - (no file)
O2 - BHO: (no name) - {91241ACB-4469-4818-9BFB-7D25F506CE2A} - (no file)
O2 - BHO: (no name) - {9272ADE3-0AE6-01EB-8D7A-8B6E5C40BDAF} - (no file)
O2 - BHO: (no name) - {9766573D-83A7-44DE-83A9-AF491F779EA9} - (no file)
O2 - BHO: (no name) - {99A23E1C-208A-42E0-AC9B-E92AE462A14D} - (no file)
O2 - BHO: (no name) - {9B79DFEF-F00C-418A-8716-12691E35C9DE} - (no file)
O2 - BHO: (no name) - {A19A3A2C-376F-4499-B42A-04EF21AE3079} - (no file)
O2 - BHO: (no name) - {AC8FF096-6A0A-14D6-59F4-175372091790} - (no file)
O2 - BHO: (no name) - {AD42B6A6-B9A1-4697-9B4C-A287451B9CCF} - (no file)
O2 - BHO: (no name) - {B317C117-4F1A-4BA5-861D-30C4F80D1AF7} - (no file)
O2 - BHO: (no name) - {BBFAA2F8-6934-4EE1-3920-1AB35CBA0FC3} - (no file)
O2 - BHO: (no name) - {CD9CF100-D92F-4D7C-9B73-0FDE4BD367A5} - (no file)
O2 - BHO: (no name) - {CE4D196D-EB36-461D-932A-FABCA7D0FE47} - (no file)
O2 - BHO: (no name) - {E07DC582-E194-42ED-BC7C-10FE99CD4059} - (no file)
O2 - BHO: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - (no file)
O2 - BHO: (no name) - {FF73AA95-D97B-42F9-89CF-4DAD9D3BAE8E} - (no file)
O2 - BHO: (no name) - {FF93E74C-13C0-4321-8C4B-CCFFA50A8801} - (no file)
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - (no file)


Close all windows including browser and press fix checked.

Please download the Killbox.
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\thiselt.exe
C:\WINDOWS\system32\VSL13.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Send:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby NonSuch » August 23rd, 2006, 3:23 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware