I am now in serious problem, my comp cant run hijack this at all, when i double click on it, it will pop up very fast and disappear before i can read any information. Without this i will not b able to post any hijack this log, so can anyone please kindly help me with this issues please. This is very serious problem for me as I have alot of information in my comp that important to my work. Please help ~ Thank you.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. Also try to run HijackThis again and if successful, post the log.

msconfiguwe.exe;C:\WINDOWS\System32;Win32.IRC.Bot.based;Deleted.;
vtsqq.dll;C:\WINDOWS\System32;Trojan.Virtumod;Will be cured after reboot.;
pmnnm.dll;C:\WINDOWS\System32;Trojan.Virtumod;Will be cured after reboot.;
lefty.exe;C:\;Adware.DollarRevenue;;
tmp00016992;C:\Documents and Settings\QianLing\Local Settings\Temp;Trojan.Virtumod;Deleted.;
tmp00024c70;C:\Documents and Settings\Qianyu\Local Settings\Temp;Trojan.Virtumod;Deleted.;
tmp00039f9c;C:\Documents and Settings\Qianyu\Local Settings\Temp;Trojan.Virtumod;Deleted.;
tmp0005eb51;C:\Documents and Settings\Qianyu\Local Settings\Temp;Trojan.Virtumod;Deleted.;
tmp0006f714;C:\Documents and Settings\Qianyu\Local Settings\Temp;Trojan.Virtumod;Deleted.;
tmp00079f4b;C:\Documents and Settings\Qianyu\Local Settings\Temp;Trojan.Virtumod;Deleted.;
tmp0009ae35;C:\Documents and Settings\Qianyu\Local Settings\Temp;Trojan.Virtumod;Deleted.;
tmp00195cfb;C:\Documents and Settings\Qianyu\Local Settings\Temp;Trojan.Virtumod;Deleted.;
light[1].exe;C:\Documents and Settings\Qianyu\Local Settings\Temporary Internet Files\Content.IE5\01SLMRWX;Adware.DollarRevenue;;
A0002539.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP12;Win32.IRC.Bot.based;Deleted.;
A0004765.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP13;Trojan.Virtumod;Deleted.;
A0006812.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP13;Trojan.Virtumod;Deleted.;
A0010854.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP14;BackDoor.Wrag;Deleted.;
A0010872.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP14;BackDoor.Wrag;Deleted.;
A0011882.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP14;BackDoor.Wrag;Deleted.;
A0011900.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP14;BackDoor.IRC.Sdbot.637;Deleted.;
A0011909.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP14;BackDoor.Wrag;Deleted.;
A0011928.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP14;BackDoor.Wrag;Deleted.;
A0011946.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP14;Trojan.DownLoader.8548;Deleted.;
A0013965.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP15;BackDoor.Wrag;Deleted.;
A0014020.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP17;Trojan.DownLoader.8548;Deleted.;
A0014146.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP20;BackDoor.IRC.Sdbot.637;Deleted.;
A0014209.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Adware.DollarRevenue;;
A0014217.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Adware.DollarRevenue;;
A0014224.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Adware.DollarRevenue;;
A0014236.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Adware.DollarRevenue;;
A0014243.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Adware.DollarRevenue;;
A0014251.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;BackDoor.Wrag;Deleted.;
A0014256.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Adware.DollarRevenue;;
A0014263.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Adware.DollarRevenue;;
A0014265.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;BackDoor.IRC.Sdbot.637;Deleted.;
A0014294.dll;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;BackDoor.Wrag;Deleted.;
A0016305.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Win32.IRC.Bot.based;Deleted.;
A0016321.exe;C:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Trojan.DownLoader.8548;Deleted.;
gebca.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
gebyx.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
geeba.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
geeda.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
jkhhg.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
pmnnm.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
rmz.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
sstqq.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
sstqr.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
vtsqq.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
vtsts.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
tmp0007ae10;C:\WINDOWS\Temp;Trojan.Virtumod;Deleted.;
ErrorSafeFreeInstall[1].exe;D:\Documents and Settings\Qianyu\Local Settings\Temporary Internet Files\Content.IE5\QFW9UH29;Trojan.DownLoader.6550;Deleted.;
slghex.dll;D:\Program Files\Common Files\Sandlot Shared;Adware.SpywareStorm;;
F3EZSETP.DLL;D:\Program Files\FunWebProducts\Installr\2.bin;Trojan.Funweb;Deleted.;
riched20.dll;D:\Program Files\MSN Messenger;Adware.Msearch;;
F3HISTSW.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
F3HTTPCT.DLL.tcf;D:\Program Files\MyWebSearch\bar\1.bin;Trojan.Isbar.438;Deleted.;
F3PSSAVR.SCR;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
F3RESTUB.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
F3SCHMON.EXE;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
F3SCRCTR.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Trojan.DownLoader.7028;Deleted.;
F3WPHOOK.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
M3HTML.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
M3IDLE.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.MWS;;
M3OUTLCN.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
M3PLUGIN.DLL.tcf;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
MWSBAR.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.MWS;;
MWSOEMON.EXE;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Websearch;;
MWSOEPLG.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Websearch;;
NPMYWEBS.DLL;D:\Program Files\MyWebSearch\bar\1.bin;Adware.Msearch;;
MWSSRCAS.DLL;D:\Program Files\MyWebSearch\SrchAstt\1.bin;Adware.MWS;;
A0012933.DLL;D:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP15;Trojan.Isbar.438;Deleted.;
A0012935.DLL;D:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP15;Adware.Msearch;;
A0012936.exe;D:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP15;Adware.nCase;;
A0012937.dll;D:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP15;Adware.WinUpd;;
A0016346.exe;D:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Trojan.DownLoader.6550;Deleted.;
A0016347.DLL;D:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Trojan.Funweb;Deleted.;
A0016348.DLL;D:\System Volume Information\_restore{ACFD6E3E-CAE0-48A6-9D74-CFCAF8A34489}\RP21;Trojan.DownLoader.7028;Deleted.;
180ax.exe.tcf;D:\WINDOWS;Adware.nCase;;
WinTaskAdX.dll.tcf;D:\WINDOWS\Downloaded Program Files;Adware.WinUpd;;

Logfile of HijackThis v1.99.1
Scan saved at 3:13:32 AM, on 3/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Documents and Settings\Jun\My Documents\Setup\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

Not only did it clean a bunch of infections, it also left nothing to clean with HijackThis, your log looks clean.

To make sure we're not leaving anything behind, let's run an online scan.

Please do an online scan with Kaspersky WebScanner. If you have any quarantined items in your antivirus, please delete those archives before the scan.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

well, i tried to. BUt it seems that the server is down cuz i can access the website. BUt anywae yp to now, i thank u so much for ur help yar. U done mi great help. ~~~

The virus you had may have changed tampered with your hosts file or restricted sites zone, please try again after doing the following:

1) Download the Hoster Here

Unzip Hoster to your desktop

Open up the Hoster program.

• Make sure that the "make hosts writable?" button in the upper right corner is enabled.
• Click back up Host files
• then click Restore orginal host files
• close program

2) Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Then please restart your computer.

3) Also there is one item to remove in HijackThis. Open HijackThis and click Scan. Put a check next to this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm

Close all other windows except HijackThis and click Fix Checked.

4) Now try the Kaspersky scan again.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.