0

(sorry for posting this in the wrong section before).

Hi, im not sure if this problem has already been solved in another thread but basically my computer has been infected by several viruses and i don't have a clue on how to remove them all. firstly, there is kamsoft, then there is vamsoft then theres another one called cdoosoft (but im not sure if that is a virus or not, all i know is it wasnt in my computer before). then i have things in my hard drives that i think are connected to kamsoft - with cmd and bat extentions that are preventing me from showing hidden files on my computer. there is also a process called AhnRpta.exe which keeps coming back even when i end it. now i want to remove them all but i dont know how and where to start..

thanks

2
Contributors
23
Replies
24
Views
8 Years
Discussion Span
Last Post by crunchie
Featured Replies
  • Download [b]Malwarebytes' Anti-Malware[/b] ([url]http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html[/url]) to your desktop. * Double-click [b]mbam-setup.exe[/b] and follow the prompts to install the program. * At the end, be sure to checkmark the [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click [b]Finish.[/b] * If an update is found, it will download and install the latest … Read More

1

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

Votes + Comments
i guess all i needed was to run MBA-M for an easy fix.
0

ok sorry for the late reply. here is the Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.33
Database version: 1690
Windows 5.1.2600 Service Pack 2

25/01/2009 12:01:46 PM
mbam-log-2009-01-25 (12-01-46).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 324234
Time elapsed: 2 hour(s), 25 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
F:\WINDOWS\system32\afmain0.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vamsoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\My Documents\Loi\files\sound forge\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\My Documents\Loi\files\sound forge\sf8\Sony.Sound.Forge.v8.0.Incl.Keygen-SSG\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\kamsoft.exe (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\vamsoft.exe (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\afmain0.dll (Trojan.Agent) -> Delete on reboot.
F:\WINDOWS\system32\afmain1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\afmain2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

and here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:18 PM, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Wacom_Tablet.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
F:\WINDOWS\system32\Wacom_Tablet.exe
F:\WINDOWS\AhnRpta.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\WINDOWS\vsnpstd.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\NETGEAR\WG111v2\WG111v2.exe
F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\NOTEPAD.EXE
D:\My Documents\Loi\files\Essential files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "F:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [NVRTCLK] F:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [snpstd] F:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = F:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: TabUserW.exe.lnk = F:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: ZDWLan Utility.lnk = F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://F:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://F:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://F:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - F:\Program Files\Ringz Studio\Storm Codec\stormliv.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Stormser - Unknown owner - F:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - F:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 9429 bytes
0

Doesn't look like you rebooted after running MBA-M as requested.

What anti-virus are you using?

  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • Select it and click Remove.
  • Then Download and install the newest version from here:
  • http://www.java.com/en/download/manual.jsp

==

How is the pc?

0

oh sorry.. i scanned with MBA-M and then HijackThis then clicked restart just so i can catch u coz i saw u online lol. well do i have to scan again then? i removed all java and installed the latest version of java like u told me to.

0

ok well here is a fresh log of HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:32 AM, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device 

Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Wacom_Tablet.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
F:\WINDOWS\system32\Wacom_Tablet.exe
F:\WINDOWS\vsnpstd.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\NETGEAR\WG111v2\WG111v2.exe
F:\WINDOWS\system32\WTablet\TabUserW.exe
F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\My Documents\Loi\files\Essential files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet 

Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 

F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program 

Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - 

F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 

F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} 

- F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - 

F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - 

F:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RegKillElbyCheck] "F:\Program Files\Elaborate Bytes\DVD Region 

Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [NVRTCLK] F:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [snpstd] F:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil 

/RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE 

/SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE 

/IMEName
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-

Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6

\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 

'Default user')
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common 

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = F:\Program 

Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft 

Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = F:\Program 

Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: TabUserW.exe.lnk = F:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: ZDWLan Utility.lnk = F:\Program Files\ZyDAS Technology 

Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\Program 

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program 

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://F:\Program 

Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://F:\Program 

Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1

\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://F:\Program 

Files\LeechGet 2006\\Parser.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - 

F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 

F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program 

Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - 

F:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - 

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - 

http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - 

http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - 

http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - 

http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - 

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - 

http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - 

http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex 

Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - 

F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common 

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common 

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program 

Files\Bonjour\mDNSResponder.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - F:\Program 

Files\Ringz Studio\Storm Codec\stormliv.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program 

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - 

F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program 

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, 

Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - 

F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity 

Solution\ServiceLayer.exe
O23 - Service: Stormser - Unknown owner - F:\PROGRA~1\RINGZS~1\STORMC~1

\Stormser.exe (file missing)
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - 

F:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 9336 bytes

the pc seems fine although im not sure if everything has been removed. i am now able to view hidden files compared to before.

kamsoft, vamsoft and cdoosoft has been removed from the registry. however in the

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c85a5d5e-06a5-11dd-b375-000ea671bd0e}

i saw this in under data: J:\e.cmd <-- is that safe to delete.. because i think thats connected with kamsoft too.

there is also something on my browser called a yoog search and some people think its a malware.. it wasnt there to begin with when i first had firefox.

0

Back up your registry first, then delete the entry. Make sure all is still ok after a reboot.
Never heard of yoog myself, but it looks bad from a quick google search.

==

Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap.
Highlight the entire text and post the log back here.

0

sry about that, i forgot about the wordwrap thing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:33 PM, on 27/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Wacom_Tablet.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
F:\WINDOWS\system32\Wacom_Tablet.exe
F:\WINDOWS\vsnpstd.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
F:\Program Files\NETGEAR\WG111v2\WG111v2.exe
F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Program Files\YBH\YourBountyHunter!\YourBountyHunter3.6.exe
F:\Program Files\YBH\YourBountyHunter!\YourBountyHunter3.6.exe
F:\Program Files\YBH\YourBountyHunter!\YourBountyHunter3.6.exe
F:\Program Files\Mozilla Firefox\firefox.exe
D:\My Documents\Loi\files\Essential files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RegKillElbyCheck] "F:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [NVRTCLK] F:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [snpstd] F:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] F:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = F:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: TabUserW.exe.lnk = F:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: ZDWLan Utility.lnk = F:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download using LeechGet - file://F:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://F:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://F:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - F:\Program Files\Ringz Studio\Storm Codec\stormliv.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Stormser - Unknown owner - F:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - F:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 9500 bytes
0

ok. well it seems fine now except for that yoog thing. i think the kamsoft, vamsoft stuff are usb viruses which installs autorun.inf as well as cmd and bat files on my computer to prevents me from seeing hidden files. now that its fixed. how do i keep them from going into my computer? because im pretty sure my usb sticks still have them and if insert them to my computer im pretty sure they will come back...

0

ok then. thanks for ur help man you can close this thread now. i think i can take care of that usb stick problem myself. as for the other viruses.. i think theyve been deleted from this computer by MBA-M. and that yoog problem.. i will do more research on. it seems to slow my internet browsing speed but anyway, thanks again for all your help. i will come back again if im unable to fix something myself.

0

you mean yoog? no i cant find it in add/remove. but its in the registry and thats about the only place i could find it. i cant find it in the mozilla folder. i even tried doing a search for 'yoog' in all hard drives but i got nothing.

0

ok sorry for the late reply again. here are the search results:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "yoog" 1/02/2009 9:28:14 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-507921405-884357618-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="yoog"


--------------

the thing is, no matter how many times i delete yoog from the registry, or from the browser itself.. it keeps coming back and im not able to remove it completely..

0

It's not part of an Add-on, is it?

Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click the file to run it and when asked if you want to merge with your registry, answer yes.
Reboot when done and check if the entries are gone.

0

entries are gone and the search engine doesnt show on mozilla but yoog is still there as a default search engine :@

my cable internet has been disconnecting randomly (on and off every 2 or 3 minutes) for the past 5 days and i always have to reset the modem to connect. ive already contacted my isp and they are sending a technician. though, i wonder if yoog has anything to do with this..

0

If you cannot get rid of it using FF's own preferences menu, you can try uninstalling FF and reinstalling again.

Do you have any programs installed such as Spybot or Spywareblaster that protect changes to FF's home page?

0

i have uninstalled it before and reinstalled the latest FF but it did not work. no i dont have those programs.. but my homepage is still google. however when i type something on the address bar i.e "google" normally FF would assume the '.com' and go to google straight away. but eversince that yoog problem.. whenever i type something on the address bar.. it goes to the yoog search engine (which does not appear on FF's lists of default search engine on the side and is not on the registry too)

0

Must be something in FF's configuration file that is causing this.

Open FF and type about:config into the address bar. Go down to search and see if any of the search fields show yoog.

Uploaded a screenshot of mine.

0

ok i did what u told me.. i filtered the results to 'yoog' and two things came up.

user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");

now, i typed search in the filter bar.. and mine appeared different to your SS. here is how mine looked like

(see FF.jpg below)

i changed the value of

user_pref("browser.search.selectedEngine", "Yoog Search");

to

user_pref("browser.search.selectedEngine", "Google");

and

user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");

to

user_pref("keyword.URL", "http://www.google.com/");

but at the same time i was doing some research on other sites and found that those two entries arent meant to be there so i went to:

F:\Documents and Settings\Malibiran\Application Data\Mozilla\Firefox\Profiles\tppztg22.default

and i edited prefs.js and deleted those two lines. and i also deleted user.js

now after all that i went back to FF and typed about:config and put in 'search' in the filter bar and now it looks the same to yours.

=====================

actually, i yoog is gone now. just now i opened a new tab and typed in the word "google" in the address bar and it went straight to the google website instead of defaulting to a yoog search of the word "google"

ill see if this works out and remains fixed til tomorrow. i will come back to confirm if yoog has been removed completely or if not.. we will find out

Attachments FF.JPG 123.35 KB
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.