Windows Error

I've been having some problems with spyware on my computer (antivirus popups), and I possibly might have some vitumonde files, I'm not sure. When windows boots up, I get an error like this: Error loading C://WINDOWS/system32/dxtitqkt.dll (the .dll file is different sometimes but always 8 digits) and my wallpaper doesn't load. Also, sometimes the start button and toolbar will disappear and all desktop icons will disapppear. I used AVG virus scan, Trojan Killer, Spybot S&D, and ran Vundofix (it found nothing). Here's my HijackThis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:18 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dan\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.dogpile.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.dogpile.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7894F903-283E-4EF2-A49D-B4110CA0D1B5} - C:\WINDOWS\system32\opnoljHB.dll (file missing)
O2 - BHO: {81fd1f44-0313-1a3b-ded4-0d2a65d02e1a} - {a1e20d56-a2d0-4ded-b3a1-313044f1df18} - C:\WINDOWS\system32\kyoddwov.dll (file missing)
O2 - BHO: (no name) - {B1A64443-6FCA-41CE-8D51-5F8991257555} - C:\WINDOWS\system32\xxywXPFY.dll (file missing)
O2 - BHO: (no name) - {C8E90BC3-0839-40C9-8006-6C183F2D41DB} - C:\WINDOWS\system32\jkkjIYOE.dll (file missing)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3c4d632d] rundll32.exe "C:\WINDOWS\system32\cjijqmus.dll",b
O4 - HKLM\..\Run: [BM3f7e50b1] Rundll32.exe "C:\WINDOWS\system32\dxtitqkt.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [A00FC9976.exe] C:\DOCUME~1\Dan\LOCALS~1\Temp\_A00FC9976.exe
O4 - HKCU\..\Run: [A00F51A984.exe] C:\DOCUME~1\Dan\LOCALS~1\Temp\_A00F51A984.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [hin06fYdJw] C:\Documents and Settings\All Users\Application Data\hwzorejo\xinivcfo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204839501375
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: xxywXPFY - xxywXPFY.dll (file missing)
O20 - Winlogon Notify: __c007B2B8 - C:\WINDOWS\system32\__c007B2B8.dat
O21 - SSODL: msghlp - {139F4717-9BD5-E24A-50FD-07D29F848116} - C:\Program Files\egkjeke\msghlp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - c:\winself.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7234 bytes

 

dshaggy,

You most defiantly show signs of Vundo…

Run Vundofix in the Safe Mode……

Note, one must be either logged in under the Administrator account or have administrator privileges to be able to successfully complete these procedures.
Or, it will not work…

When done, post back here with a fresh HijackThis Log.

2OG

 

Hi dshaggy. I just wanted to warn you that many users have given up a fight against vundo/virtumonde infections, and instead have formatted their systems. Vundo is perhaps the most severe infection in the wild this very moment, and urgency or lack of confidence have compelled many to count on formatting their hard drive as a way to be rid of vundo. The choice is yours.

However, if you wish to fight, please download both GMER and Autoruns from Sysinternals. Post a scan log with GMER, and with Autoruns, take a screenshot of everything under the tabs of Explorer and Winlogon. One more thing: download Virtumundebegone and run it also in safe mode.

Best Regards

PS: This is optional. If you ever manage to isolate or discover the dll file of your vundo infection, could you put it in a password-protected zip file and email it to me? I'm curious about this particular variant of vundo which seems to evade Vundofix and other removal tools and antimalwares. Once you have managed to isolate it and put it in the zip file, I will give you my email address.

 

I was unable to run in safe mode. When I tried, I got a blue screen with the error message "A problem has been detected and windows has been shut down to prevent damage to your computer: IRQL_NOT_LESS_OR_EQUAL"

I again ran Vundofix in normal mode but it found nothing. Also, I have been unable to find a place to get the Virtumundebegone program everyone is talking about. I googled it and found nowhere to download it. Not sure if it would help since I can't get into safe mode. Anymore help is greatly appreciated. I'm really trying to avoid a reformat. Thanks.

 

Here is the download for VirtumundoBeGone >>> HERE
Try to get into Safe Mode but if you can’t, run it in Normal Mode and we’ll see what it turns up..

2OG

 

2old, thanks for the link. I downloaded VirtumundoBeGone and still no luck booting in safe mode. I ran it in normal mode. Not sure if it found anything, it didn't ask me to remove any files. Here's the text file:

[06/09/2008, 17:20:55] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dan\Desktop\VirtumundoBeGone.exe" )
[06/09/2008, 17:20:59] - Detected System Information:
[06/09/2008, 17:20:59] - Windows Version: 5.1.2600, Service Pack 2
[06/09/2008, 17:20:59] - Current Username: Dan (Admin)
[06/09/2008, 17:20:59] - Windows is in NORMAL mode.
[06/09/2008, 17:20:59] - Searching for Browser Helper Objects:
[06/09/2008, 17:20:59] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/09/2008, 17:20:59] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/09/2008, 17:20:59] - BHO 3: {7894F903-283E-4EF2-A49D-B4110CA0D1B5} ()
[06/09/2008, 17:20:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:20:59] - Checking for HKLM\...\Winlogon\Notify\opnoljHB
[06/09/2008, 17:20:59] - Key not found: HKLM\...\Winlogon\Notify\opnoljHB, continuing.
[06/09/2008, 17:20:59] - BHO 4: {a1e20d56-a2d0-4ded-b3a1-313044f1df18} ()
[06/09/2008, 17:20:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:20:59] - Checking for HKLM\...\Winlogon\Notify\kyoddwov
[06/09/2008, 17:20:59] - Key not found: HKLM\...\Winlogon\Notify\kyoddwov, continuing.
[06/09/2008, 17:20:59] - BHO 5: {B1A64443-6FCA-41CE-8D51-5F8991257555} ()
[06/09/2008, 17:20:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:20:59] - Checking for HKLM\...\Winlogon\Notify\xxywXPFY
[06/09/2008, 17:20:59] - Found: HKLM\...\Winlogon\Notify\xxywXPFY - This is probably Virtumundo.
[06/09/2008, 17:20:59] - Assigning {B1A64443-6FCA-41CE-8D51-5F8991257555} MSEvents Object
[06/09/2008, 17:20:59] - BHO list has been changed! Starting over...
[06/09/2008, 17:20:59] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/09/2008, 17:20:59] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/09/2008, 17:20:59] - BHO 3: {7894F903-283E-4EF2-A49D-B4110CA0D1B5} ()
[06/09/2008, 17:20:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:20:59] - Checking for HKLM\...\Winlogon\Notify\opnoljHB
[06/09/2008, 17:20:59] - Key not found: HKLM\...\Winlogon\Notify\opnoljHB, continuing.
[06/09/2008, 17:20:59] - BHO 4: {a1e20d56-a2d0-4ded-b3a1-313044f1df18} ()
[06/09/2008, 17:20:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:20:59] - Checking for HKLM\...\Winlogon\Notify\kyoddwov
[06/09/2008, 17:20:59] - Key not found: HKLM\...\Winlogon\Notify\kyoddwov, continuing.
[06/09/2008, 17:20:59] - BHO 5: {B1A64443-6FCA-41CE-8D51-5F8991257555} (MSEvents Object)
[06/09/2008, 17:20:59] - ALERT: Found MSEvents Object!
[06/09/2008, 17:20:59] - BHO 6: {C8E90BC3-0839-40C9-8006-6C183F2D41DB} ()
[06/09/2008, 17:20:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:20:59] - Checking for HKLM\...\Winlogon\Notify\jkkjIYOE
[06/09/2008, 17:20:59] - Key not found: HKLM\...\Winlogon\Notify\jkkjIYOE, continuing.
[06/09/2008, 17:20:59] - Finished Searching Browser Helper Objects
[06/09/2008, 17:20:59] - *** Detected MSEvents Object
[06/09/2008, 17:20:59] - Trying to remove MSEvents Object...
[06/09/2008, 17:21:00] - Terminating Process: IEXPLORE.EXE
[06/09/2008, 17:21:01] - Terminating Process: RUNDLL32.EXE
[06/09/2008, 17:21:01] - Disabling Automatic Shell Restart
[06/09/2008, 17:21:01] - Terminating Process: EXPLORER.EXE
[06/09/2008, 17:21:01] - Suspending the NT Session Manager System Service
[06/09/2008, 17:21:01] - Terminating Windows NT Logon/Logoff Manager
[06/09/2008, 17:21:01] - Re-enabling Automatic Shell Restart
[06/09/2008, 17:21:01] - File to disable: C:\WINDOWS\system32\xxywXPFY.dll
[06/09/2008, 17:21:01] - Removing HKLM\...\Browser Helper Objects\{B1A64443-6FCA-41CE-8D51-5F8991257555}
[06/09/2008, 17:21:01] - Removing HKCR\CLSID\{B1A64443-6FCA-41CE-8D51-5F8991257555}
[06/09/2008, 17:21:01] - Adding Kill Bit for ActiveX for GUID: {B1A64443-6FCA-41CE-8D51-5F8991257555}
[06/09/2008, 17:21:01] - Deleting ATLEvents/MSEvents Registry entries
[06/09/2008, 17:21:01] - Removing HKLM\...\Winlogon\Notify\xxywXPFY
[06/09/2008, 17:21:01] - Searching for Browser Helper Objects:
[06/09/2008, 17:21:01] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/09/2008, 17:21:01] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/09/2008, 17:21:01] - BHO 3: {7894F903-283E-4EF2-A49D-B4110CA0D1B5} ()
[06/09/2008, 17:21:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:21:01] - Checking for HKLM\...\Winlogon\Notify\opnoljHB
[06/09/2008, 17:21:01] - Key not found: HKLM\...\Winlogon\Notify\opnoljHB, continuing.
[06/09/2008, 17:21:01] - BHO 4: {a1e20d56-a2d0-4ded-b3a1-313044f1df18} ()
[06/09/2008, 17:21:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:21:01] - Checking for HKLM\...\Winlogon\Notify\kyoddwov
[06/09/2008, 17:21:01] - Key not found: HKLM\...\Winlogon\Notify\kyoddwov, continuing.
[06/09/2008, 17:21:01] - BHO 5: {C8E90BC3-0839-40C9-8006-6C183F2D41DB} ()
[06/09/2008, 17:21:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:21:01] - Checking for HKLM\...\Winlogon\Notify\jkkjIYOE
[06/09/2008, 17:21:01] - Key not found: HKLM\...\Winlogon\Notify\jkkjIYOE, continuing.
[06/09/2008, 17:21:01] - Finished Searching Browser Helper Objects
[06/09/2008, 17:21:01] - Finishing up...
[06/09/2008, 17:21:01] - A restart is needed.
[06/09/2008, 17:21:01] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/09/2008, 17:21:06] - Attempting to Restart via STOP error (Blue Screen!)

[06/09/2008, 17:23:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dan\Desktop\VirtumundoBeGone.exe" )
[06/09/2008, 17:23:55] - Detected System Information:
[06/09/2008, 17:23:55] - Windows Version: 5.1.2600, Service Pack 2
[06/09/2008, 17:23:55] - Current Username: Dan (Admin)
[06/09/2008, 17:23:55] - Windows is in NORMAL mode.
[06/09/2008, 17:23:55] - Searching for Browser Helper Objects:
[06/09/2008, 17:23:55] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/09/2008, 17:23:55] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/09/2008, 17:23:55] - BHO 3: {7894F903-283E-4EF2-A49D-B4110CA0D1B5} ()
[06/09/2008, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:23:55] - Checking for HKLM\...\Winlogon\Notify\opnoljHB
[06/09/2008, 17:23:55] - Key not found: HKLM\...\Winlogon\Notify\opnoljHB, continuing.
[06/09/2008, 17:23:55] - BHO 4: {a1e20d56-a2d0-4ded-b3a1-313044f1df18} ()
[06/09/2008, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:23:55] - Checking for HKLM\...\Winlogon\Notify\kyoddwov
[06/09/2008, 17:23:55] - Key not found: HKLM\...\Winlogon\Notify\kyoddwov, continuing.
[06/09/2008, 17:23:55] - BHO 5: {C8E90BC3-0839-40C9-8006-6C183F2D41DB} ()
[06/09/2008, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:23:55] - Checking for HKLM\...\Winlogon\Notify\jkkjIYOE
[06/09/2008, 17:23:55] - Key not found: HKLM\...\Winlogon\Notify\jkkjIYOE, continuing.
[06/09/2008, 17:23:55] - Finished Searching Browser Helper Objects
[06/09/2008, 17:23:55] - Finishing up...
[06/09/2008, 17:23:55] - Nothing found! Exiting...

[06/09/2008, 17:24:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Dan\Desktop\VirtumundoBeGone.exe" )
[06/09/2008, 17:24:47] - Detected System Information:
[06/09/2008, 17:24:47] - Windows Version: 5.1.2600, Service Pack 2
[06/09/2008, 17:24:47] - Current Username: Dan (Admin)
[06/09/2008, 17:24:47] - Windows is in NORMAL mode.
[06/09/2008, 17:24:47] - Searching for Browser Helper Objects:
[06/09/2008, 17:24:47] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/09/2008, 17:24:47] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/09/2008, 17:24:47] - BHO 3: {7894F903-283E-4EF2-A49D-B4110CA0D1B5} ()
[06/09/2008, 17:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:24:47] - Checking for HKLM\...\Winlogon\Notify\opnoljHB
[06/09/2008, 17:24:47] - Key not found: HKLM\...\Winlogon\Notify\opnoljHB, continuing.
[06/09/2008, 17:24:47] - BHO 4: {a1e20d56-a2d0-4ded-b3a1-313044f1df18} ()
[06/09/2008, 17:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:24:47] - Checking for HKLM\...\Winlogon\Notify\kyoddwov
[06/09/2008, 17:24:47] - Key not found: HKLM\...\Winlogon\Notify\kyoddwov, continuing.
[06/09/2008, 17:24:47] - BHO 5: {C8E90BC3-0839-40C9-8006-6C183F2D41DB} ()
[06/09/2008, 17:24:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/09/2008, 17:24:47] - Checking for HKLM\...\Winlogon\Notify\jkkjIYOE
[06/09/2008, 17:24:47] - Key not found: HKLM\...\Winlogon\Notify\jkkjIYOE, continuing.
[06/09/2008, 17:24:47] - Finished Searching Browser Helper Objects
[06/09/2008, 17:24:47] - Finishing up...
[06/09/2008, 17:24:47] - Nothing found! Exiting...

 

dshaggy,

I know this is a bitter pill to swallow but maybe reformat/reinstall is the best option left.
Virtumundobegone found a lot of the bad files and was unable to remove them.

One last chance before the ship goes down is to try the guys at the site >> HERE

They’re good and usually defeat this really nasty stuff. Give them a try before giving up...

2OG

 

C: \ WINDOWS \ system32 to find the virus file (should be a DLL file, consisting of letters and numbers, Kabbah should be able to check the virus but can not cut, you can find this virus in the Ka Bali documents), Right-click option unlocker unlock (the installation of software that will generate a pop-up menu on the menu unlocker). Then the virus can delete the document. Re-entering the C: \ WINDOWS \ system32 \ drivers find ×. Sys files (× before that document with the same name, but not the same extension) to use the same methods to unlock after delete. Then type REGEDIT in the run to open the registry editor, respectively
HKEY_LOCAL_MACHINE \ SYSTEM \ Controlset001 \ Services
HKEY_LOCAL_MACHINE \ SYSTEM \ Controlset002 \ Services
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services
The virus found in the file name of the item and delete the name (which is to delete the registration documents of the virus

 

Having read tghis I'm wondering if i have the same. Trying to fix a neighbours laptop - adaware and spybot seem to have cleaned everything (one of them was virtumonde)....the thing is, Windows update will not run, and defender can't update the definition file - is this a symptom?
microsoft update says it needs to reinstall or re-register the files needed to run update, but when it gets to 100% it stalls.
Any help appreciated, thanks