Solve : found some virus on my computer, help?

1.	Solve : found some virus on my computer, help?
Answer» Hi, I just ran a hijack VIRUS scan on my computer and found some virus. I am clueless as to how to remove them. Can someone PLEASEEEEEEEE help me. I definitely need a knight in shining armor for this one . Thanks a mil. Here is what i found: Logfile of HijackThis v1.99.1 Scan saved at 7:49:11 PM, on 7/27/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\System32\confgldr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\winasp.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\vwgwrbds.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\ojndgbtm.exe C:\WINDOWS\System32\wumgr.exe C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\Register\Remind32.exe C:\Program Files\Microsoft Office\programs\ccwin9.exe C:\Program Files\Microsoft Office\programs\alarm.exe C:\Program Files\Microsoft Office\programs\dad9.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Netropa\OSD.exe c:\program files\common files\aol\1102561437\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\program files\common files\aol\1102561437\ee\aolsoftware.exe C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\America Online 9.0b\waol.exe C:\Program Files\America Online 9.0b\shellmon.exe C:\DOCUMENTS and Settings\Jason Grefski\My Documents\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgrhttp://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/ R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe O2 - BHO: (no name) - {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} - C:\WINDOWS\System32\pgpwsdhk.dll O2 - BHO: (no name) - {9B1620DE-F835-7274-BCB0-17E839C0AECB} - C:\WINDOWS\System32\eygdlfmr.dll O2 - BHO: (no name) - {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} - C:\WINDOWS\System32\wgpfumyy.dll (file missing) O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe O4 - HKLM\..\Run: [vwgwrbds] C:\WINDOWS\System32\vwgwrbds.exe O4 - HKLM\..\Run: [Video Process] winasp.exe O4 - HKLM\..\Run: [qyslqvcl] C:\WINDOWS\System32\qyslqvcl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ojndgbtm] C:\WINDOWS\System32\ojndgbtm.exe O4 - HKLM\..\Run: [Microsoft Update Manager] wumgr.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [Com+ Sys] csrs.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\RunServices: [Configuration Loader] confgldr.exe O4 - HKLM\..\RunServices: [Video Process] winasp.exe O4 - HKLM\..\RunServices: [Com+ Sys] csrs.exe O4 - HKLM\..\RunServices: [Microsoft Update Manager] wumgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Update Manager] wumgr.exe O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Microsoft Office\Register\Remind32.exe O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Microsoft Office\programs\ccwin9.exe O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Microsoft Office\programs\alarm.exe O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Microsoft Office\programs\dad9.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ACTIVEX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v11/ticker.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/23c1c0030ac94826fe15/netzip/RdxIE2.cab O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Configuration Loader - Unknown owner - C:\WINDOWS\System32\confgldr.exe" -service (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: ritmtqunjmkh (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing) O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Video Process - Unknown owner - C:\WINDOWS\System32\winasp.exe" -service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Ok do you have any sort of poker games on your computer ....... Tony Download, install & update... CLEANUP* Ccleaner (During install, uncheck the Yahoo Toolbar option) (After install, set Options>Advanced> 'Uncheck the 48 hour box') ANTI SPYWARE Adaware Spybot S&D ANTI VIRUS AVG Free (After install, set Options to 'scan all files') ANTI TROJAN Ewido for W2K & XP or A-squared a² for 98 & ME (Winall) Turn off System Restore if applicable. (ME & XP users) Run Ccleaner Run Ad-Aware Run Spybot Run AVG Free Run Ewido or a-squared (a²) Re-start in Safe Mode Re-run AVG Free Re-start in Normal Mode Turn on System Restore if applicable. (ME & XP users) Then come back with a fresh HJT log.Before doing anything, I'm going to have to ask you to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx Apply the update and reboot. Do NOT install SP2 at this time! Once you have done that... 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your computer, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post. And then, just to be thorough... 1. Download VirtumundoBeGone and save it to your desktop. 2. Reboot into Safe Mode. 3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions. 4. Exit when it has finished and reboot back into normal mode. 5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post. Post back with those logs, as well as a fresh HijackThis log. Also...I would advise against turning off System Restore at this point. If anything goes wrong, you won't be able to go back to a previous restore point. It may be infected, but an infected restore point is better than no restore point at all. We will worry about taking care of this after getting you cleaned up. Just MAKE sure you don't use System Restore for the time being.You should dump your other two threads and post all your actions & results in here.Hi, I apologize for not posting my response in the correct areas, I am not familiar with posting questions/answers on forums. I am in the process of removing some virus from my computer and was advised to install Service Parck 1a for windows XP, which I did. I was then advised to download Vundo Fix; however, the program found no infected files. I later downloaed VirtumundoBeGone and ran another HijfackThis scan. I was told to re-post my finding so below are these findings. I am new to forums and I receive notification indicating that my message was too long so i split it in two. Thanks a mil! Here is what I found with VirtumundoBeGone Scan: [07/28/2007, 17:47:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jason Grefski\My Documents\VirtumundoBeGone.exe" ) [07/28/2007, 17:48:10] - Detected System Information: [07/28/2007, 17:48:10] - Windows Version: 5.1.2600, [07/28/2007, 17:48:10] - Current Username: Jason Grefski (Admin) [07/28/2007, 17:48:10] - Windows is in SAFE mode with Networking. [07/28/2007, 17:48:10] - Searching for Browser Helper Objects: [07/28/2007, 17:48:10] - BHO 1: {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} () [07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\pgpwsdhk [07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\pgpwsdhk, continuing. [07/28/2007, 17:48:10] - BHO 2: {9B1620DE-F835-7274-BCB0-17E839C0AECB} () [07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\eygdlfmr [07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\eygdlfmr, continuing. [07/28/2007, 17:48:10] - BHO 3: {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} () [07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\wgpfumyy [07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\wgpfumyy, continuing. [07/28/2007, 17:48:10] - Finished Searching Browser Helper Objects [07/28/2007, 17:48:10] - Finishing up... [07/28/2007, 17:48:10] - Nothing found! Exiting...Hi, this is a continuation of the above response; its my result from Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 5:57:43 PM, on 7/28/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\System32\confgldr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\winasp.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\vwgwrbds.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\ojndgbtm.exe C:\WINDOWS\System32\wumgr.exe C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\America Online 9.0b\waol.exe C:\Program Files\Microsoft Office\Register\Remind32.exe C:\Program Files\Microsoft Office\programs\alarm.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Microsoft Office\programs\dad9.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Netropa\OSD.exe C:\WINDOWS\System32\wuauclt.exe c:\program files\common files\aol\1102561437\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\program files\common files\aol\1102561437\ee\aolsoftware.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\America Online 9.0b\shellmon.exe C:\Documents and Settings\Jason Grefski\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/http://www.yahoo.com/ext/search/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgrhttp://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/ R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe O2 - BHO: (no name) - {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} - C:\WINDOWS\System32\pgpwsdhk.dll O2 - BHO: (no name) - {9B1620DE-F835-7274-BCB0-17E839C0AECB} - C:\WINDOWS\System32\eygdlfmr.dll O2 - BHO: (no name) - {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} - C:\WINDOWS\System32\wgpfumyy.dll (file missing) O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe O4 - HKLM\..\Run: [vwgwrbds] C:\WINDOWS\System32\vwgwrbds.exe O4 - HKLM\..\Run: [Video Process] winasp.exe O4 - HKLM\..\Run: [qyslqvcl] C:\WINDOWS\System32\qyslqvcl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ojndgbtm] C:\WINDOWS\System32\ojndgbtm.exe O4 - HKLM\..\Run: [Microsoft Update Manager] wumgr.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [Com+ Sys] csrs.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Configuration Loader] confgldr.exe O4 - HKLM\..\RunServices: [Configuration Loader] confgldr.exe O4 - HKLM\..\RunServices: [Video Process] winasp.exe O4 - HKLM\..\RunServices: [Com+ Sys] csrs.exe O4 - HKLM\..\RunServices: [Microsoft Update Manager] wumgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Update Manager] wumgr.exe O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Microsoft Office\Register\Remind32.exe O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Microsoft Office\programs\ccwin9.exe O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Microsoft Office\programs\alarm.exe O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Microsoft Office\programs\dad9.exe O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v11/ticker.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/23c1c0030ac94826fe15/netzip/RdxIE2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185654450389 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185654429499 O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Configuration Loader - Unknown owner - C:\WINDOWS\System32\confgldr.exe" -service (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: ritmtqunjmkh (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing) O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Video Process - Unknown owner - C:\WINDOWS\System32\winasp.exe" -service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Quote from: Fed on July 27, 2007, 06:58:43 PM Download, install & update... CLEANUP* Ccleaner (During install, uncheck the Yahoo Toolbar option) (After install, set Options>Advanced> 'Uncheck the 48 hour box') ANTI SPYWARE Adaware Spybot S&D ANTI VIRUS AVG Free (After install, set Options to 'scan all files') ANTI TROJAN Ewido for W2K & XP or A-squared a² for 98 & ME (Winall) Turn off System Restore if applicable. (ME & XP users) Run Ccleaner Run Ad-Aware Run Spybot Run AVG Free Run Ewido or a-squared (a²) Re-start in Safe Mode Re-run AVG Free Re-start in Normal Mode Turn on System Restore if applicable. (ME & XP users) Then come back with a fresh HJT log. Did you install SP1? You HijackThis log still shows you as not having any Service Packs installed. It also still shows a Vundo infection. If VundoFix isn't catching it, then you should try ComboFix... Download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls. Also, it is very very important that you have SP1 installed! Without it, you'll be terribly vulnerable to more infections.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Answer»

Hi, I just ran a hijack VIRUS scan on my computer and found some virus. I am clueless as to how to remove them. Can someone PLEASEEEEEEEE help me. I definitely need a knight in shining armor for this one . Thanks a mil.

Here is what i found:

Logfile of HijackThis v1.99.1
Scan saved at 7:49:11 PM, on 7/27/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\confgldr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\winasp.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\vwgwrbds.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ojndgbtm.exe
C:\WINDOWS\System32\wumgr.exe
C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Register\Remind32.exe
C:\Program Files\Microsoft Office\programs\ccwin9.exe
C:\Program Files\Microsoft Office\programs\alarm.exe
C:\Program Files\Microsoft Office\programs\dad9.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Netropa\OSD.exe
c:\program files\common files\aol\1102561437\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1102561437\ee\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\DOCUMENTS and Settings\Jason Grefski\My Documents\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
O2 - BHO: (no name) - {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} - C:\WINDOWS\System32\pgpwsdhk.dll
O2 - BHO: (no name) - {9B1620DE-F835-7274-BCB0-17E839C0AECB} - C:\WINDOWS\System32\eygdlfmr.dll
O2 - BHO: (no name) - {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} - C:\WINDOWS\System32\wgpfumyy.dll (file missing)
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [vwgwrbds] C:\WINDOWS\System32\vwgwrbds.exe
O4 - HKLM\..\Run: [Video Process] winasp.exe
O4 - HKLM\..\Run: [qyslqvcl] C:\WINDOWS\System32\qyslqvcl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ojndgbtm] C:\WINDOWS\System32\ojndgbtm.exe
O4 - HKLM\..\Run: [Microsoft Update Manager] wumgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Com+ Sys] csrs.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [Configuration Loader] confgldr.exe
O4 - HKLM\..\RunServices: [Video Process] winasp.exe
O4 - HKLM\..\RunServices: [Com+ Sys] csrs.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] wumgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Manager] wumgr.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Microsoft Office\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Microsoft Office\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Microsoft Office\programs\alarm.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Microsoft Office\programs\dad9.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ACTIVEX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v11/ticker.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/23c1c0030ac94826fe15/netzip/RdxIE2.cab
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Configuration Loader - Unknown owner - C:\WINDOWS\System32\confgldr.exe" -service (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ritmtqunjmkh (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Video Process - Unknown owner - C:\WINDOWS\System32\winasp.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Ok do you have any sort of poker games on your computer .......

Tony Download, install & update...
CLEANUP
Ccleaner
(During install, uncheck the Yahoo Toolbar option)
(After install, set Options>Advanced> 'Uncheck the 48 hour box')
ANTI SPYWARE
Adaware
Spybot S&D
ANTI VIRUS
AVG Free
(After install, set Options to 'scan all files')
ANTI TROJAN
Ewido for W2K & XP
or
A-squared a² for 98 & ME
(Winall)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run AVG Free
Run Ewido or a-squared (a²)
Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)

Then come back with a fresh HJT log.Before doing anything, I'm going to have to ask you to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
Apply the update and reboot. Do NOT install SP2 at this time!

Once you have done that...

1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode.
5. The program normally produces a VBG.txt file. Please locate this file and paste the contents in your next post.

Post back with those logs, as well as a fresh HijackThis log.

Also...I would advise against turning off System Restore at this point. If anything goes wrong, you won't be able to go back to a previous restore point. It may be infected, but an infected restore point is better than no restore point at all. We will worry about taking care of this after getting you cleaned up. Just MAKE sure you don't use System Restore for the time being.You should dump your other two threads and post all your actions & results in here.Hi,

I apologize for not posting my response in the correct areas, I am not familiar with posting questions/answers on forums.

I am in the process of removing some virus from my computer and was advised to install Service Parck 1a for windows XP, which I did. I was then advised to download Vundo Fix; however, the program found no infected files. I later downloaed VirtumundoBeGone and ran another HijfackThis scan. I was told to re-post my finding so below are these findings. I am new to forums and I receive notification indicating that my message was too long so i split it in two. Thanks a mil!

Here is what I found with VirtumundoBeGone Scan:

[07/28/2007, 17:47:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jason Grefski\My Documents\VirtumundoBeGone.exe" )
[07/28/2007, 17:48:10] - Detected System Information:
[07/28/2007, 17:48:10] - Windows Version: 5.1.2600,
[07/28/2007, 17:48:10] - Current Username: Jason Grefski (Admin)
[07/28/2007, 17:48:10] - Windows is in SAFE mode with Networking.
[07/28/2007, 17:48:10] - Searching for Browser Helper Objects:
[07/28/2007, 17:48:10] - BHO 1: {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} ()
[07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\pgpwsdhk
[07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\pgpwsdhk, continuing.
[07/28/2007, 17:48:10] - BHO 2: {9B1620DE-F835-7274-BCB0-17E839C0AECB} ()
[07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\eygdlfmr
[07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\eygdlfmr, continuing.
[07/28/2007, 17:48:10] - BHO 3: {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} ()
[07/28/2007, 17:48:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/28/2007, 17:48:10] - Checking for HKLM\...\Winlogon\Notify\wgpfumyy
[07/28/2007, 17:48:10] - Key not found: HKLM\...\Winlogon\Notify\wgpfumyy, continuing.
[07/28/2007, 17:48:10] - Finished Searching Browser Helper Objects
[07/28/2007, 17:48:10] - Finishing up...
[07/28/2007, 17:48:10] - Nothing found! Exiting...Hi,

this is a continuation of the above response; its my result from Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 5:57:43 PM, on 7/28/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\confgldr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\winasp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\vwgwrbds.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ojndgbtm.exe
C:\WINDOWS\System32\wumgr.exe
C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Microsoft Office\Register\Remind32.exe
C:\Program Files\Microsoft Office\programs\alarm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\programs\dad9.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\common files\aol\1102561437\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1102561437\ee\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\Jason Grefski\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
O2 - BHO: (no name) - {26FD0383-8810-6B17-5EFB-22DA61DAB6BD} - C:\WINDOWS\System32\pgpwsdhk.dll
O2 - BHO: (no name) - {9B1620DE-F835-7274-BCB0-17E839C0AECB} - C:\WINDOWS\System32\eygdlfmr.dll
O2 - BHO: (no name) - {DEA8140A-770B-1DB4-B7E7-9E992EFFCD06} - C:\WINDOWS\System32\wgpfumyy.dll (file missing)
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [vwgwrbds] C:\WINDOWS\System32\vwgwrbds.exe
O4 - HKLM\..\Run: [Video Process] winasp.exe
O4 - HKLM\..\Run: [qyslqvcl] C:\WINDOWS\System32\qyslqvcl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ojndgbtm] C:\WINDOWS\System32\ojndgbtm.exe
O4 - HKLM\..\Run: [Microsoft Update Manager] wumgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102561437\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Com+ Sys] csrs.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Configuration Loader] confgldr.exe
O4 - HKLM\..\RunServices: [Configuration Loader] confgldr.exe
O4 - HKLM\..\RunServices: [Video Process] winasp.exe
O4 - HKLM\..\RunServices: [Com+ Sys] csrs.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] wumgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Manager] wumgr.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Microsoft Office\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Microsoft Office\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Microsoft Office\programs\alarm.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Microsoft Office\programs\dad9.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jason Grefski\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v11/ticker.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/23c1c0030ac94826fe15/netzip/RdxIE2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185654450389
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185654429499
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v12/ticker.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/lsacd_xmlwebservices/Http/OIFActiveX/ofmctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Configuration Loader - Unknown owner - C:\WINDOWS\System32\confgldr.exe" -service (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ritmtqunjmkh (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Video Process - Unknown owner - C:\WINDOWS\System32\winasp.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Quote from: Fed on July 27, 2007, 06:58:43 PM

Download, install & update...
CLEANUP
Ccleaner
(During install, uncheck the Yahoo Toolbar option)
(After install, set Options>Advanced> 'Uncheck the 48 hour box')
ANTI SPYWARE
Adaware
Spybot S&D
ANTI VIRUS
AVG Free
(After install, set Options to 'scan all files')
ANTI TROJAN
Ewido for W2K & XP
or
A-squared a² for 98 & ME
(Winall)

Turn off System Restore if applicable. (ME & XP users)

Run Ccleaner
Run Ad-Aware
Run Spybot
Run AVG Free
Run Ewido or a-squared (a²)
Re-start in Safe Mode
Re-run AVG Free

Re-start in Normal Mode
Turn on System Restore if applicable. (ME & XP users)

Then come back with a fresh HJT log.

Did you install SP1? You HijackThis log still shows you as not having any Service Packs installed. It also still shows a Vundo infection. If VundoFix isn't catching it, then you should try ComboFix...

Download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.

Also, it is very very important that you have SP1 installed! Without it, you'll be terribly vulnerable to more infections.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Solve : found some virus on my computer, help?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment