Recently I’ve been infected with SpySheriff I used cleanup40,ewidosetup, HijackThis to delete it. But I guess those were not deleted completely.
Ewidosetup always prompts of three infections alt.exe, browsela.dll, adsldpbf.dll even if I click CLEAN.
My Laptop is extremely slow. Its never been like this before.
I am posting my Hijackthis log here. Please help delete the virus and help me bring back my laptop the way it was a week before.
QUOTE
Logfile of HijackThis v1.99.1
Scan saved at 12:22:35 PM, on 1/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\windows\System32\svchost.exe
C:\windows\System32\wuauclt.exe
C:\windows\explorer.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\HijackThis\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - {6507E30E-0A93-2368-EA99-2130FBD78AEB} - C:\WINDOWS\System32\fxhpisnk.dll
F3 - REG:win.ini: run=C:\WINDOWS\inet20021\winlogon.exe
O1 - Hosts: 64.92.170.148 www.bankone.com
O1 - Hosts: 64.92.170.148 bankone.com
O1 - Hosts: 64.92.170.148 halifax.com
O1 - Hosts: 64.92.170.148 www.halifax.com
O1 - Hosts: 64.92.170.148 halifax.co.uk
O1 - Hosts: 64.92.170.148 www.halifax.co.uk
O1 - Hosts: 64.92.170.148 www.bankofamerica.com
O1 - Hosts: 64.92.170.148 bankofamerica.com
O1 - Hosts: 64.92.170.148 www.paypal.com
O1 - Hosts: 64.92.170.148 paypal.com
O1 - Hosts: 64.92.170.148 www.lloydstsb.com
O1 - Hosts: 64.92.170.148 lloydstsb.com
O1 - Hosts: 64.92.170.148 www.lloydstsb.co.uk
O1 - Hosts: 64.92.170.148 lloydstsb.co.uk
O1 - Hosts: 64.92.170.148 www.bbvanet.com
O1 - Hosts: 64.92.170.148 bbvanet.com
O1 - Hosts: 64.92.170.148 www.bancopostaonline.poste.it
O1 - Hosts: 64.92.170.148 bancopostaonline.poste.it
O1 - Hosts: 64.92.170.148 www.poste.it
O1 - Hosts: 64.92.170.148 poste.it
O1 - Hosts: 64.92.170.148 www.credem.it
O1 - Hosts: 64.92.170.148 credem.it
O1 - Hosts: 64.92.170.148 www.creval.it
O1 - Hosts: 64.92.170.148 creval.it
O1 - Hosts: 64.92.170.148 www.gruppocarige.it
O1 - Hosts: 64.92.170.148 gruppocarige.it
O1 - Hosts: 64.92.170.148 www.rasbank.it
O1 - Hosts: 64.92.170.148 rasbank.it
O1 - Hosts: 64.92.170.148 www.bancagenerali.it
O1 - Hosts: 64.92.170.148 bancagenerali.it
O1 - Hosts: 64.92.170.148 www.garanti.com.tr
O1 - Hosts: 64.92.170.148 garanti.com.tr
O1 - Hosts: 64.92.170.148 www.kocbank.com.tr
O1 - Hosts: 64.92.170.148 kocbank.com.tr
O1 - Hosts: 64.92.170.148 www.disbank.com.tr
O1 - Hosts: 64.92.170.148 disbank.com.tr
O1 - Hosts: 64.92.170.148 www.cassarimini.it
O1 - Hosts: 64.92.170.148 cassarimini.it
O1 - Hosts: 64.92.170.148 www.unicredit.it
O1 - Hosts: 64.92.170.148 unicredit.it
O1 - Hosts: 64.92.170.148 www.chase.com
O1 - Hosts: 64.92.170.148 chase.com
O1 - Hosts: 64.92.170.148 www.southtrust.com
O1 - Hosts: 64.92.170.148 southtrust.com
O1 - Hosts: 64.92.170.148 www.wachovia.com
O1 - Hosts: 64.92.170.148 wachovia.com
O1 - Hosts: 64.92.170.148 www.wellsfargo.com
O1 - Hosts: 64.92.170.148 wellsfargo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: sxpdr32.MyBHO - {382ED25E-FF84-4A00-ACC4-4DDADD62DDDD} - C:\WINDOWS\System32\sxpdr32.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {6507E30E-0A93-2368-EA99-2130FBD78AEB} - C:\WINDOWS\System32\fxhpisnk.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: C:\windows\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\windows\adsldpbf.dll
O2 - BHO: SuperSecretServer.Shhh - {FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} - C:\WINDOWS\System32\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63}.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\System32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\windows\System32\kwinpsap.exe CORN001
O4 - HKLM\..\Run: [{3E-E1-11-1E-ZN}] C:\windows\system32\rodsrego.exe CORN001
O4 - HKLM\..\Run: [SysRestorer] C:\WINDOWS\System32\winuc386.exe
O4 - HKLM\..\Run: [System service] C:\windows\System32\system.exe
O4 - HKLM\..\Run: [WinSysMessanger] C:\windows\System32\winsysms.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [win32.MzH] C:\windows\System32\egsrvpc32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O4 - HKCU\..\Run: [Frk] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [2052650] C:\PROGRA~1\2052650\2052650.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20021\winlogon.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\windows\alt.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinpsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.andhrajyothy.com/wfplayer/tdserver.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://intranet.cchs.net/onlinelearning/in...ers/awswaxf.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dmVudQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ijbugvl.exe (file missing)
[quote]
Scan saved at 12:22:35 PM, on 1/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\windows\System32\svchost.exe
C:\windows\System32\wuauclt.exe
C:\windows\explorer.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\HijackThis\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - {6507E30E-0A93-2368-EA99-2130FBD78AEB} - C:\WINDOWS\System32\fxhpisnk.dll
F3 - REG:win.ini: run=C:\WINDOWS\inet20021\winlogon.exe
O1 - Hosts: 64.92.170.148 www.bankone.com
O1 - Hosts: 64.92.170.148 bankone.com
O1 - Hosts: 64.92.170.148 halifax.com
O1 - Hosts: 64.92.170.148 www.halifax.com
O1 - Hosts: 64.92.170.148 halifax.co.uk
O1 - Hosts: 64.92.170.148 www.halifax.co.uk
O1 - Hosts: 64.92.170.148 www.bankofamerica.com
O1 - Hosts: 64.92.170.148 bankofamerica.com
O1 - Hosts: 64.92.170.148 www.paypal.com
O1 - Hosts: 64.92.170.148 paypal.com
O1 - Hosts: 64.92.170.148 www.lloydstsb.com
O1 - Hosts: 64.92.170.148 lloydstsb.com
O1 - Hosts: 64.92.170.148 www.lloydstsb.co.uk
O1 - Hosts: 64.92.170.148 lloydstsb.co.uk
O1 - Hosts: 64.92.170.148 www.bbvanet.com
O1 - Hosts: 64.92.170.148 bbvanet.com
O1 - Hosts: 64.92.170.148 www.bancopostaonline.poste.it
O1 - Hosts: 64.92.170.148 bancopostaonline.poste.it
O1 - Hosts: 64.92.170.148 www.poste.it
O1 - Hosts: 64.92.170.148 poste.it
O1 - Hosts: 64.92.170.148 www.credem.it
O1 - Hosts: 64.92.170.148 credem.it
O1 - Hosts: 64.92.170.148 www.creval.it
O1 - Hosts: 64.92.170.148 creval.it
O1 - Hosts: 64.92.170.148 www.gruppocarige.it
O1 - Hosts: 64.92.170.148 gruppocarige.it
O1 - Hosts: 64.92.170.148 www.rasbank.it
O1 - Hosts: 64.92.170.148 rasbank.it
O1 - Hosts: 64.92.170.148 www.bancagenerali.it
O1 - Hosts: 64.92.170.148 bancagenerali.it
O1 - Hosts: 64.92.170.148 www.garanti.com.tr
O1 - Hosts: 64.92.170.148 garanti.com.tr
O1 - Hosts: 64.92.170.148 www.kocbank.com.tr
O1 - Hosts: 64.92.170.148 kocbank.com.tr
O1 - Hosts: 64.92.170.148 www.disbank.com.tr
O1 - Hosts: 64.92.170.148 disbank.com.tr
O1 - Hosts: 64.92.170.148 www.cassarimini.it
O1 - Hosts: 64.92.170.148 cassarimini.it
O1 - Hosts: 64.92.170.148 www.unicredit.it
O1 - Hosts: 64.92.170.148 unicredit.it
O1 - Hosts: 64.92.170.148 www.chase.com
O1 - Hosts: 64.92.170.148 chase.com
O1 - Hosts: 64.92.170.148 www.southtrust.com
O1 - Hosts: 64.92.170.148 southtrust.com
O1 - Hosts: 64.92.170.148 www.wachovia.com
O1 - Hosts: 64.92.170.148 wachovia.com
O1 - Hosts: 64.92.170.148 www.wellsfargo.com
O1 - Hosts: 64.92.170.148 wellsfargo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: sxpdr32.MyBHO - {382ED25E-FF84-4A00-ACC4-4DDADD62DDDD} - C:\WINDOWS\System32\sxpdr32.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {6507E30E-0A93-2368-EA99-2130FBD78AEB} - C:\WINDOWS\System32\fxhpisnk.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: C:\windows\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\windows\adsldpbf.dll
O2 - BHO: SuperSecretServer.Shhh - {FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} - C:\WINDOWS\System32\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63}.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\System32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\windows\System32\kwinpsap.exe CORN001
O4 - HKLM\..\Run: [{3E-E1-11-1E-ZN}] C:\windows\system32\rodsrego.exe CORN001
O4 - HKLM\..\Run: [SysRestorer] C:\WINDOWS\System32\winuc386.exe
O4 - HKLM\..\Run: [System service] C:\windows\System32\system.exe
O4 - HKLM\..\Run: [WinSysMessanger] C:\windows\System32\winsysms.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [win32.MzH] C:\windows\System32\egsrvpc32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O4 - HKCU\..\Run: [Frk] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [2052650] C:\PROGRA~1\2052650\2052650.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20021\winlogon.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\windows\alt.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinpsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.andhrajyothy.com/wfplayer/tdserver.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://intranet.cchs.net/onlinelearning/in...ers/awswaxf.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dmVudQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ijbugvl.exe (file missing)
WOW !, Thats one seriously infected pc, I will check your log over now and get a fix together but Its going to involve alot of work for you because of so many different infections, You may also be sending out spam emails due to CWS.Yexe which are hidden from view, The infection sends hundreds of spam mails every minute through your pc so needs removing as soon as possible. I will reply soon