I think I got a virus and im usin vista??help! please...

[vistauser123]

well my computer is actin wierd and i think i got a virus??

I have vista home premium 32 bit.
Sp1
2gb
if you need more info then let me know

SUPERAntiSpyware Scan Log

Generated 11/25/2008 at 02:14 PM

Application Version : 4.22.1014

Core Rules Database Version : 3652
Trace Rules Database Version: 1634

Scan type       : Complete Scan
Total Scan Time : 00:30:36

Memory items scanned      : 517
Memory threats detected   : 1
Registry items scanned    : 7446
Registry threats detected : 32
File items scanned        : 17820
File threats detected     : 11

Trojan.Unclassified/SVCHost-Fake
   C:\USERS\OFFICEDEPOT\SVCHOST.EXE
   C:\USERS\OFFICEDEPOT\SVCHOST.EXE
   [Host Process] C:\USERS\OFFICEDEPOT\SVCHOST.EXE

Trojan.Vundo-Variant/Packed-GEN
   [MSServer] C:\WINDOWS\SYSTEM32\OPNKJHYS.DLL
   C:\WINDOWS\SYSTEM32\OPNKJHYS.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ADA12CEB-64E9-494A-B404-D0ECF3065519}
   HKCR\CLSID\{ADA12CEB-64E9-494A-B404-D0ECF3065519}
   HKCR\CLSID\{ADA12CEB-64E9-494A-B404-D0ECF3065519}\InprocServer32
   HKCR\CLSID\{ADA12CEB-64E9-494A-B404-D0ECF3065519}\InprocServer32#ThreadingModel

Adware.Vundo/Variant-Greek
   [MSServer] C:\USERS\OFFICE~1\APPDATA\LOCAL\TEMP\TUVTMNME.DLL
   C:\USERS\OFFICE~1\APPDATA\LOCAL\TEMP\TUVTMNME.DLL
   [cmds] C:\USERS\OFFICE~1\APPDATA\LOCAL\TEMP\HGVNEUOL.DLL
   C:\USERS\OFFICE~1\APPDATA\LOCAL\TEMP\HGVNEUOL.DLL
   C:\USERS\OFFICEDEPOT\APPDATA\LOCAL\TEMP\HGVNEUOL.DLL
   C:\USERS\OFFICEDEPOT\APPDATA\LOCAL\TEMP\TUVTMNME.DLL

Trojan.Unclassified/SmartEnhancer-AA
   HKLM\Software\Classes\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}#AppID
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}\InprocServer32
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}\InprocServer32#ThreadingModel
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}\ProgID
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}\Programmable
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}\TypeLib
   HKCR\CLSID\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}\VersionIndependentProgID
   HKCR\BrowsingAdvisor.PornPro_BHO.1
   HKCR\BrowsingAdvisor.PornPro_BHO.1\CLSID
   HKCR\BrowsingAdvisor.PornPro_BHO
   HKCR\BrowsingAdvisor.PornPro_BHO\CLSID
   HKCR\BrowsingAdvisor.PornPro_BHO\CurVer
   HKCR\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}
   HKCR\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}\1.0
   HKCR\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}\1.0\0
   HKCR\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}\1.0\0\win32
   HKCR\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}\1.0\FLAGS
   HKCR\TypeLib\{3239A0EA-4203-7BF5-CD1D-FDB0169B2778}\1.0\HELPDIR
   C:\PROGRAM FILES\BROWSINGADVISOR\BROWSINGADVISOR-2.DLL
   HKU\S-1-5-21-3843732855-291123045-3833572521-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}

Adware.MyWebSearch
   HKU\S-1-5-21-3843732855-291123045-3833572521-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-21-3843732855-291123045-3833572521-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware.Vundo/Variant
   C:\USERS\OFFICEDEPOT\APPDATA\LOCAL\TEMP\CBXQHEWN.DLL

Trojan.Unknown Origin
   C:\USERS\OFFICEDEPOT\APPDATA\LOCAL\TEMP\__4CF1.TMP

Adware.SpeedRunner
   C:\USERS\OFFICEDEPOT\APPDATA\LOCAL\TEMP\__5D53.TMP

Trojan.Fake-Alert
   C:\USERS\OFFICEDEPOT\APPDATA\LOCAL\TEMP\__E05B.TMP


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:10 PM, on 11/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Users\OfficeDepot\svchost.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\cmd.exe
C:\Windows\System32\calc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnkjHYs.dll,#1
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\OfficeDepot\svchost.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\OFFICE~1\AppData\Local\Temp\tuvTmnMe.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\OFFICE~1\AppData\Local\Temp\hGVNEUol.dll,c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\OfficeDepot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7497 bytes

[vistauser123]

help please!!

[Computer Hope Admin]

Below information generated with the help of the Computer Hope hijack log analyzer.

* Reboot the computer into Safe Mode before following any of the below steps. Information about doing this found on document CHSAFE.

What to do in HijackThis

1. Open HijackThis.
2. Click Do a system scan only
3. Check the boxes that correspond to the below lines.

- o4 - hklm\..\run: [msserver] rundll32.exe c:\windows\system32\opnkjhys.dll,#1 *
- o4 - hkcu\..\run: [host process] c:\users\officedepot\svchost.exe *
- o4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\OFFICE~1\AppData\Local\Temp\tuvTmnMe.dll,#1
- o4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\OFFICE~1\AppData\Local\Temp\hGVNEUol.dll,c
- o9 - extra button: run imvu - {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\officedepot\appdata\roaming\microsoft\windows\start menu\programs\imvu\run imvu.lnk (file missing)

* If you do not see this entry it'll need to be removed from Normal Windows mode after completing the remainder of the steps.
** This could be a valid entry verify the path and file information above before checking the box to remove it.

4. Once the above have been checked click the Fix checked button.
5. After fixed close Hijackthis.

Delete files

Delete the following files if found on the computer.

c:\users\officedepot\svchost.exe
c:\users\OFFICE~1\AppData\Local\Temp\hGVNEUol.dll
c:\users\OFFICE~1\AppData\Local\Temp\tuvTmnMe.dll
c:\windows\system32\opnkjhys.dll *

Additional malware scans

Because file infections were found we also suggest you reboot the computer after completing the above steps and install and run the free Malwarebytes' Anti-Malware utility on this computer.

Verify browser plugins up-to-date

Reboot the computer into Normal Windows mode make sure you're browser has all the latest plugins installed by viewing the each of the plugins installed on your computer through our System Information tool.

Install Antivirus

We highly recommend you install an antivirus program on your computer. We suggest installing a free antivirus and/or one of the programs listed in document CH000514. Once an antivirus has been installed we suggest running a full system scan on the computer.

Install Firewall protection

We could not detect a firewall process running on this computer. If no firewall is running on the computer we strongly suggest either enabling the Windows Firewall or installing another firewall.

After the above steps have been completed reboot the computer, let it boot as normal, and re-run HijackThis and generate a new log to be reviewed.