[speedymc]

can someone help me with this


[01/18/2006, 22:35:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Henry Blaszek\Desktop\VirtumundoBeGone.exe" )
[01/18/2006, 22:36:05] - Detected System Information:
[01/18/2006, 22:36:05] - Windows Version: 5.1.2600, Service Pack 2
[01/18/2006, 22:36:05] - Current Username: Henry Blaszek (Admin)
[01/18/2006, 22:36:05] - Windows is in SAFE mode with Networking.
[01/18/2006, 22:36:05] - Searching for Browser Helper Objects:
[01/18/2006, 22:36:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/18/2006, 22:36:05] - BHO 2: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[01/18/2006, 22:36:05] - BHO 3: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[01/18/2006, 22:36:05] - Finished Searching Browser Helper Objects
[01/18/2006, 22:36:05] - Finishing up...
[01/18/2006, 22:36:05] - Nothing found! Exiting...


Logfile of HijackThis v1.99.1
Scan saved at 10:39:44 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Henry Blaszek\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123856549546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://luckynugget....get/FlashAX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

help me

[loophole]

I dont see anything wrong. What is telling you thet you have vundo c.... Microsoft antispyware?

Open Microsoft Anti Spyware. Click on tools at the top left. Click on or hover over spyware scan. In the next dropdown menu that appears select View spyware scan history
Now Single click on the last scan you ran to highlight it . Now at the bottom right click on View details of scan. Now copy and paste all of that information into this thread.

[speedymc]

Spyware Scan Details
Start Date: 1/19/2006 2:00:15 AM
End Date: 1/19/2006 2:09:01 AM
Total Time: 8 mins 46 secs

Detected Threats

Virtumondo.C Adware more information...
Status: Ignored
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\MSEvents.MSEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents\CurVer MSEvents.MSEvents.1
HKEY_CLASSES_ROOT\MSEvents.MSEvents\CLSID {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_CLASSES_ROOT\MSEvents.MSEvents\CurVer MSEvents.MSEvents.1
HKEY_CLASSES_ROOT\MSEvents.MSEvents.1
HKEY_CLASSES_ROOT\MSEvents.MSEvents.1\CLSID {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents.1\CLSID {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents\CLSID {FC148228-87E1-4D00-AC06-58DCAA52A4D1}


Detected Spyware Cookies
No spyware cookies were found during this scan.

[loophole]

Those are just leftover registry entries, and not of any harm. They can be a pain to remove but we can try if you wish. Let me know

[speedymc]

Do they effect the speed of the computer at all?

[loophole]

No. The problem lies with Microsoft antispyware not letting us remove them. As good as it is about not letting things in, it is the just the opposite if you do get infected