Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvit.exe

Now reboot into safe mode and delete the following files and folders .



C:\WINDOWS\System32\wcpsvit.exe>> delete file if found

to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

Can you download the following app & run it, making sure to have one internet exploder window open. Save the log & paste the results back here.
VX2Finder

Files Found---
C:\WINDOWS\System32\aqlui.dll
C:\WINDOWS\System32\asaamon.dll


Guardian Key---
Asynchronous 000
DllName C:\WINDOWS\system32\aqlui.dll
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Version 123
ID {8539157C-3407-41F9-A686-1B84A0407626}
IDex N1

User Agent String---
{8539157C-3407-41F9-A686-1B84A0407626}



That's what I get from the VX2Finder

elfnet

Download Killbox from http://download.broadbandmedic.com/VbStuff/KillBox.zip
Unzip to your desktop.
Run Killbox.exe. From the menu click “Fix L2M� then click “Kill VX2.BetterInternet"

Restart your system

Next, type javascript:navigator.userAgent or just copy and paste it in your IE Address bar then hit enter.

Post the complete result again. (That is, VX2finder log + the IE results)

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; {8539157C-3407-41F9-A686-1B84A0407626})


this is after what you told me to do

thanks for the help by the way

Ps: Do I have to do something next?

Log for VX2.BetterInternet File Finder

Files Found---
C:\WINDOWS\System32\6go4svc.dll
C:\WINDOWS\System32\abd.dll
C:\WINDOWS\System32\afmparse.dll
C:\WINDOWS\System32\agd.dll
C:\WINDOWS\System32\aolui.dll
C:\WINDOWS\System32\aqlui.dll
C:\WINDOWS\System32\asaamon.dll
C:\WINDOWS\System32\Ay3API.DLL


Guardian Key---

User Agent String---
{8539157C-3407-41F9-A686-1B84A0407626}

This is the log after m reboot of VX2 Finder it seems worst!

Log for VX2.BetterInternet File Finder

Files Found---
C:\WINDOWS\System32\6go4svc.dll
C:\WINDOWS\System32\abd.dll
C:\WINDOWS\System32\afmparse.dll
C:\WINDOWS\System32\agd.dll
C:\WINDOWS\System32\aolui.dll
C:\WINDOWS\System32\aqlui.dll
C:\WINDOWS\System32\asaamon.dll
C:\WINDOWS\System32\Ay3API.DLL


Guardian Key---

User Agent String---
{8539157C-3407-41F9-A686-1B84A0407626}

AFter the javascript:navigator.userAgent thingy and the killbox process I run VX2 finder again and it seems worst.

elfnet

Run Killbox.exe. From the menu click “Fix L2M� then click “Kill VX2.BetterInternet"

Restart your system

Run Killbox.exe again.
From the menu click “Fix L2M� then click “Import L2M.reg�.
Click OK when you asked to “Import Registry Script?�
Then from the menu again, click “Find�. Click “User Agent String�.
Select the entry {8539157C-3407-41F9-A686-1B84A0407626} then click “Action�.
Click “Delete User Agent String�. Close Killbox.

Reboot.

Run VX2 finder once more & the IE Javascript search. Post the Log for VX2.Finder and result of javascript:navigator.userAgent.

Also include a fresh hijackthis log plz.

The option "Import L2M.reg" is not enable or so cause I can't click on it :/

elfnet

Try this instead. Download the VX2 fix here.
You must run it three times in a row to completely remove the files registry keys.

Then post another VX2 log plz.