Please check my logs my comp may be infected.

Please do the following:
Yoog Removal

Now, Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now let's use ComboFix to remove a bunch of malware files.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\Documents and Settings\Lu-Ann\Application Data\029F71
C:\WINDOWS\rmursyaa
C:\WINDOWS\hpexcocd
C:\WINDOWS\system32\bc4cd24c-cd33-558d-e215-51f55655666d.exe
C:\WINDOWS\system32\ren247.tmp  
C:\WINDOWS\system32\ren248.tmp
c:\windows\system32\wogiregu.dll
c:\windows\Jqelego.dll
c:\windows\ebimecusura.dll

Folder::
C:\Documents and Settings\Lu-Ann\Application Data\029F71
C:\WINDOWS\rmursyaa
C:\WINDOWS\hpexcocd

AtJob::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ahofajugabor"=-
"Yqebamerihesog"=-
"CPM3b1f5b48"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You did not attach the new logs. TimW cannot continue with you until you attach them.

 

I am not seeing any references to yoog in your logs. Did you do the removal procedures in safe mode? Did you do all of the instructions? Esp. going to the profiles folder -> C:\Documents and Settings\UserName\Application Data\Mozilla\Firefox\Profiles\default.zdt?

 

Tim,

They were in the first ComboFix log and still need to be removed.

When you do additional scans with ComboFix, you need to use the Extra:: command if you want to see all supplementary scan info. Normall the Supplementary Scan output is only generated in the ComboFix.txt if the user double clicks ComboFix.exe to run it. It is not generated automatically when using CFScript.txt

 

Uninstall the below old versions of software:
Java(TM) 6 Update 13
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus - McAfee, antispyware - Spyware Doctor...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

I am not seeing any traces of yoog in your logs. If you are still having it as an issue, then you probably need to totally uninstall FireFox. Here are the instructions for removing it completely. After which, you will need to run CCleaner ( both the cleaner and the registry - making the backup when prompted):

Uninstall FireFox.

Then you can reinstall it and see if the issue persists.

 

That would be one way to go. Uninstalling FireFox as I directed would be the other way. Let me know how things work out.