The problem seems to sovled. Here is the report from superAntiSpyware:

SUPERAntiSpyware Scan Log
Generated 04/22/2007 at 02:37 AM

Application Version : 3.6.1000

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type : Complete Scan
Total Scan Time : 00:53:11

Memory items scanned : 382
Memory threats detected : 1
Registry items scanned : 5676
Registry threats detected : 9
File items scanned : 64556
File threats detected : 4

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKHHF.DLL
C:\WINDOWS\SYSTEM32\JKHHF.DLL
HKLM\Software\Classes\CLSID\{F0C635CE-3988-423B-8F6A-8FEE8414E792}
HKCR\CLSID\{F0C635CE-3988-423B-8F6A-8FEE8414E792}
HKCR\CLSID\{F0C635CE-3988-423B-8F6A-8FEE8414E792}\InprocServer32
HKCR\CLSID\{F0C635CE-3988-423B-8F6A-8FEE8414E792}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{F0C635CE-3988-423B-8F6A-8FEE8414E792}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkhhf

Malware.RepairRegistryPro
HKLM\Software\Repair Registry Pro
HKLM\Software\Repair Registry Pro#lastfounderrors
HKLM\Software\Repair Registry Pro#DontStoreStats
C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe
C:\Program Files\Repair Registry Pro

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\PANOS\MY DOCUMENTS\BACKUP\FAVORITES\FAVORITES\FAVORITES\ANT IVIRUS TEST ONLINE.URL

Attached Files

hijackthis4.txt (5.8 KB, 1 views)

not yet, but getting there.

Have you modified your host file to include this:

66.98.148.65 auto.search.msn.es

open hjt, close all other windows, click 'perform system scan only', place a tick next to the following and click 'fix checked':


O2 - BHO: (no name) - {F0C635CE-3988-423B-8F6A-8FEE8414E792} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Next,
Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please attach C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

thanks,

v

ok. i didn't see " O2 - BHO: (no name) - {F0C635CE-3988-423B-8F6A-8FEE8414E792} - (no file) in the hjk.

Attached Files

	hijackthis.log (4.7 KB, 0 views)
	VundoFix.txt (3.4 KB, 2 views)

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\mljhedb.dll
  C:\WINDOWS\System32\vtsqn.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post a new Hijack This log.

thanks,

v

I got a "PendingFileRenameOperations prompt" prompt.

Attached Files

hijackthis.log (4.6 KB, 1 views)

getting there. I still see signs of vundo, so lets try the steps in post 8 again, only the ones regarding vundo. I'm assuming you still have it saved to your desktop, so just the following:

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please attach C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

thanks,

v