Despirate need of help getting rid of whatever it is I've got

[starbai]

Hello all,

I have tired to follow directions I've read on here so If i mess up and didn't do something I was supposed to, please forgive me, just tell me and I will do it.

I've got something on my computer I thought it was the Virtumundo stuff, and I've ran VundoFix, and it finds a few things that it then cannot seem to remove.

I open HijackThis and "fix" a bunch of things that I know shouldn't be there but when I reboot the computer everything comes right back and I'm back to square one. Explorer restarts all the time, I get pop ups galore.

I dont even know how this thing gets on my machine, its BRAND new and I've already did a factory restore 2 times trying to get rid of this tihng, and it comes right back. Norton, Adware, and Spybot have all be completely updated and find nothing.

Here is my HijackThis log, I beg for someone to help me, I use this comp for work and I haven't gotten anything done in 2 days. Also, when I run hijack this it says that my comp wont allow it access to the hosts file... I dont know how to get around that, or if its needed for this problem


Please help:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:33 AM, on 2/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY......n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY......n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomjhih.dll,#1
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\byxuu.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\efedb.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10248 bytes

[Ried]

Hello starbai and welcome to TSF,

This is a Vista machine, please do not run ComboFix unless instructed to do so.

I'll need a more comprehensive scan to determine the extent the malware has infiltrated.

As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

[starbai]

scan is running now.

[Ried]

Great.

I'll review those logs as soon as I am able.

[starbai]

DONE
Deckard's System Scanner v20071014.68
Run by StarBai on 2008-02-06 12:26:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
27: 2008-02-06 15:14:14 UTC - RP79 - Windows Update
26: 2008-02-06 06:18:07 UTC - RP78 - Installed Adobe Acrobat 7.0 Professional
25: 2008-02-06 05:15:44 UTC - RP77 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
24: 2008-02-06 03:23:30 UTC - RP76 - Windows Update
23: 2008-02-06 02:46:33 UTC - RP75 - Installed Adobe Acrobat 8 Professional - English, Français, Deutsch


-- First Restore Point --
1: 2008-02-05 16:29:31 UTC - RP45 - Device Driver Package Install: KONICA MINOLTA Printers


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as StarBai.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:19 PM, on 2/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\StarBai\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\StarBai.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomjhih.dll,#1
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\byxuu.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\efedb.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10365 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_30BF103C&REV_A3\3&13C0B0C5&1&A0
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_30BF103C&REV_A3\3&13C0B0C5&1&A0
Service: NVENETFD


-- Files created between 2008-01-06 and 2008-02-06 -----------------------------

2008-02-06 11:51:45 3508 --a------ C:\Start_.cmd
2008-02-06 11:51:44 0 d-------- C:\327882R2FWJFW
2008-02-06 01:28:47 0 d-------- C:\Users\All Users\Adobe Systems
2008-02-06 01:28:44 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-05 21:41:07 0 dr------- C:\Users\Jaya Jagmohan\Searches
2008-02-05 21:40:37 0 dr------- C:\Users\Jaya Jagmohan\Contacts
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\Templates
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\Start Menu
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\SendTo
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\Recent
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\PrintHood
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\NetHood
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\My Documents
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\Local Settings
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\Cookies
2008-02-05 21:40:21 0 d--hs---- C:\Users\Jaya Jagmohan\Application Data
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Videos
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Saved Games
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Pictures
2008-02-05 21:40:20 786432 --ahs---- C:\Users\Jaya Jagmohan\NTUSER.DAT
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Music
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Links
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Favorites
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Downloads
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Documents
2008-02-05 21:40:20 0 dr------- C:\Users\Jaya Jagmohan\Desktop
2008-02-05 21:40:20 0 d--h----- C:\Users\Jaya Jagmohan\AppData
2008-02-05 20:50:07 0 d-------- C:\Program Files\Trend Micro
2008-02-05 18:19:04 0 d-------- C:\Users\All Users\LogiShrd
2008-02-05 18:13:50 0 d-------- C:\Users\All Users\Logitech
2008-02-05 18:13:44 0 d-------- C:\Program Files\Common Files\Logishrd
2008-02-05 18:13:42 0 d-------- C:\Program Files\Logitech
2008-02-05 17:42:37 0 d-------- C:\Multimedia Files
2008-02-05 17:42:07 0 d-------- C:\Program Files\Microsoft Image Composer
2008-02-05 17:41:37 0 -rahs---- C:\MSDOS.SYS
2008-02-05 17:41:37 0 -rahs---- C:\IO.SYS
2008-02-05 17:07:03 0 d-------- C:\Windows\system32\runtime
2008-02-05 17:07:01 0 d-------- C:\Users\All Users\Google
2008-02-05 17:05:47 0 d-------- C:\Users\All Users\Google Updater
2008-02-05 17:05:42 0 d-------- C:\Program Files\Google
2008-02-05 17:03:35 0 d-------- C:\Users\All Users\Viewpoint
2008-02-05 17:03:32 0 d-------- C:\Program Files\Viewpoint
2008-02-05 17:03:19 0 d-------- C:\Users\All Users\AOL
2008-02-05 17:03:19 0 d-------- C:\Users\All Users\AOL OCP
2008-02-05 17:02:58 0 d-------- C:\Program Files\Common Files\AOL
2008-02-05 17:02:39 0 d-------- C:\Program Files\AIM6
2008-02-05 16:24:48 0 d-------- C:\Program Files\Kyocera Wireless Corp
2008-02-05 16:24:27 0 d-------- C:\Program Files\Verizon Wireless
2008-02-05 16:19:52 0 d-------- C:\Program Files\Winamp
2008-02-05 15:09:44 31232 --a------ C:\Windows\system32\pfusti.dll <Not Verified; PFU; PFU pfusti>
2008-02-05 15:09:44 35328 --a------ C:\Windows\system32\pfdvmn.dll <Not Verified; PFU; PFU pfdvmn>
2008-02-05 15:09:44 32768 --a------ C:\Windows\system32\chksti.dll <Not Verified; PFU; PFU chksti>
2008-02-05 15:09:10 249856 --a------ C:\Windows\system32\PFURT.dll <Not Verified; PFU Limited.; >
2008-02-05 15:09:10 393216 --a------ C:\Windows\system32\PFUP60.dll <Not Verified; PFU Limited.; >
2008-02-05 15:09:10 69632 --a------ C:\Windows\system32\PFUIRT.dll <Not Verified; PFU Limited.; >
2008-02-05 15:05:01 21062 --a------ C:\Windows\system32\Fjmcusb.dll <Not Verified; PFU; ScanSnap>
2008-02-05 15:04:51 69632 --a------ C:\Windows\system32\distortion.dll <Not Verified; PFU LIMITED; PFU Distortio correction dll>
2008-02-05 15:04:01 0 d-------- C:\Windows\SSDriver
2008-02-05 15:03:39 0 d-------- C:\Program Files\Common Files\PFU
2008-02-05 15:02:38 0 d-------- C:\Program Files\PFU
2008-02-05 13:44:19 0 d-------- C:\Users\All Users\FLEXnet
2008-02-05 13:29:31 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-05 12:52:30 0 d-------- C:\Windows\PCHEALTH
2008-02-05 12:52:29 0 d-------- C:\Program Files\Microsoft.NET
2008-02-05 12:46:22 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-05 12:43:32 0 dr-h----- C:\MSOCache
2008-02-05 12:41:04 0 d-------- C:\Users\All Users\Lavasoft
2008-02-05 12:41:04 0 d-------- C:\Program Files\Lavasoft
2008-02-05 12:40:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 11:17:57 0 d-------- C:\VundoFix Backups
2008-02-05 11:14:27 0 d-------- C:\Program Files\Java
2008-02-05 11:14:22 0 d-------- C:\Program Files\Common Files\Java
2008-02-05 10:41:50 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-05 10:39:52 0 d-------- C:\Program Files\PowerISO
2008-02-05 10:39:50 38400 --a------ C:\Windows\system32\qomjhih.dll
2008-02-05 10:29:21 12 --a------ C:\Windows\bthservsdp.dat
2008-02-05 00:11:31 0 d--h----- C:\Windows\PIF
2008-02-05 00:10:41 176 --a------ C:\Windows\system32\drivers\RTHDAEQ1.dat
2008-02-05 00:10:10 0 d-------- C:\Program Files\MSXML 4.0
2008-02-05 00:07:30 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-04 23:38:44 0 dr------- C:\Users\StarBai\Searches
2008-02-04 23:38:31 0 dr------- C:\Users\StarBai\Contacts
2008-02-04 23:34:02 0 d-------- C:\Program Files\Bioscrypt
2008-02-04 23:33:35 0 d-------- C:\Program Files\Fingerprint Sensor
2008-02-04 23:30:08 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-02-04 23:20:15 81 --a------ C:\Windows\system32\LOG
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Videos
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\Templates
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\Start Menu
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\SendTo
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Saved Games
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\Recent
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\PrintHood
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Pictures
2008-02-04 23:20:09 2097152 --ahs---- C:\Users\StarBai\NTUSER.DAT
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\NetHood
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\My Documents
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Music
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\Local Settings
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Links
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Favorites
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Downloads
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Documents
2008-02-04 23:20:09 0 dr------- C:\Users\StarBai\Desktop
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\Cookies
2008-02-04 23:20:09 0 d--hs---- C:\Users\StarBai\Application Data
2008-02-04 23:20:09 0 d--h----- C:\Users\StarBai\AppData
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\Templates
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\Start Menu
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\SendTo
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\Recent
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\PrintHood
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\NetHood
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\My Documents
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\Local Settings
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\Cookies
2008-02-04 23:11:52 0 d--hs---- C:\Users\Default\Application Data
2008-02-04 23:11:52 0 d--hs---- C:\Users\All Users\Templates
2008-02-04 23:11:52 0 d--hs---- C:\Users\All Users\Start Menu
2008-02-04 23:11:52 0 d--hs---- C:\Users\All Users\Favorites
2008-02-04 23:11:52 0 d--hs---- C:\Users\All Users\Documents
2008-02-04 23:11:52 0 d--hs---- C:\Users\All Users\Desktop
2008-02-04 23:11:52 0 d--hs---- C:\Users\All Users\Application Data
2008-02-04 23:11:52 0 d--hs---- C:\Documents and Settings
2008-02-04 23:11:14 0 d--hs---- C:\System Volume Information <SYSTEM~1>
2008-01-20 02:07:58 33292 --a------ C:\Windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>


-- Find3M Report ---------------------------------------------------------------

2008-02-06 11:31:52 39409 --a------ C:\Users\StarBai\AppData\Roaming\nvModes.001
2008-02-06 11:17:26 0 d-------- C:\Users\StarBai\AppData\Roaming\CyberLink
2008-02-06 11:17:20 0 d-------- C:\Users\StarBai\AppData\Roaming\HP
2008-02-06 10:41:43 39409 --a------ C:\Users\StarBai\AppData\Roaming\nvModes.dat
2008-02-06 02:00:58 0 d-------- C:\Users\StarBai\AppData\Roaming\Adobe
2008-02-06 01:59:30 0 d-------- C:\Users\StarBai\AppData\Roaming\AdobeUM
2008-02-06 01:28:44 0 d-------- C:\Program Files\Common Files
2008-02-05 19:18:19 0 d-------- C:\Program Files\Norton Internet Security
2008-02-05 18:48:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-05 18:47:36 0 d-------- C:\Program Files\Hewlett-Packard
2008-02-05 18:18:41 0 d-------- C:\Users\StarBai\AppData\Roaming\Logitech
2008-02-05 17:11:36 0 d-------- C:\Users\StarBai\AppData\Roaming\acccore
2008-02-05 17:02:18 0 d-------- C:\Users\StarBai\AppData\Roaming\Winamp
2008-02-05 16:59:53 0 d-------- C:\Users\StarBai\AppData\Roaming\Google
2008-02-05 15:45:41 0 d-------- C:\Users\StarBai\AppData\Roaming\PFU
2008-02-05 15:04:48 0 d-------- C:\Users\StarBai\AppData\Roaming\WinRAR
2008-02-05 15:02:02 0 d-------- C:\Users\StarBai\AppData\Roaming\Leadertech
2008-02-05 12:56:26 0 d-------- C:\Program Files\Microsoft Works
2008-02-05 12:55:49 0 d-------- C:\Program Files\MSBuild
2008-02-05 12:39:09 0 d-------- C:\Program Files\Yahoo!
2008-02-05 12:38:55 0 d-------- C:\Program Files\Vongo
2008-02-05 12:37:32 0 d-------- C:\Program Files\HP Games
2008-02-05 10:35:29 0 d-------- C:\Users\StarBai\AppData\Roaming\Hewlett-Packard
2008-02-05 10:28:30 174 --ahs---- C:\Program Files\desktop.ini
2008-02-05 10:21:09 0 d-------- C:\Program Files\Windows Calendar
2008-02-05 10:21:07 0 d-------- C:\Program Files\Windows Mail
2008-02-05 10:05:02 0 d-------- C:\Program Files\Windows Sidebar
2008-02-05 00:30:02 0 d-------- C:\Users\StarBai\AppData\Roaming\InstallShield
2008-02-05 00:10:35 0 d-------- C:\Program Files\Realtek
2008-02-05 0031 0 d-------- C:\Program Files\Symantec
2008-02-05 00:02:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-04 23:38:35 0 d-------- C:\Users\StarBai\AppData\Roaming\Identities
2008-02-04 23:28:53 0 d-------- C:\Users\StarBai\AppData\Roaming\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/14/2007 12:25 PM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [10/08/2006 11:43 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/12/2007 10:36 PM]
"RtHDVCpl"="RtHDVCpl.exe" [03/01/2007 03:38 PM C:\WINDOWS\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 01:11 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 06:59 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2007 07:45 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 12:58 PM]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 03:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 06:12 PM]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [12/22/2003 02:12 PM]
"MSServer"="C:\Windows\system32\qomjhih.dll" [02/05/2008 10:39 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2008 02:05 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"PfuSsSct.exe"="C:\Program Files\PFU\ScanSnap\PfuSsSct.exe" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 09:40 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 09:40 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/13/2007 09:40 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 05:54 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/29/2007 02:17 AM C:\WINDOWS\KHALMNPR.Exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [09/24/2005 12:30 AM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"MSServer"="C:\Users\StarBai\AppData\Local\Temp\byxuu.dll,#1" []
"cmds"="C:\Users\StarBai\AppData\Local\Temp\efedb.dll,c" []
"MS Juan"="C:\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll,run" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2/6/2008 1:24:10 AM]
CardMinder Viewer.lnk - C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe [2/5/2008 3:09:09 PM]
Conversion to PDF with ScanSnap Organizer.lnk - C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2/5/2008 3:07:41 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/5/2008 5:05:47 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/5/2008 6:14:06 PM]
ScanSnap Manager.lnk - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe [2/5/2008 3:04:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{446624E1-B767-4443-AA6E-0F355CAFD21B}"= C:\Users\StarBai\AppData\Local\Temp\byxuu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Setup.exe -auto

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7892 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-06 12:32:09 ------------

[starbai]

Also Norton keeps informing me that its blocking
TROJAN.METAJUAN

ITS DONE THAT LIKE 3 TIMES.

thanks!!!!

[Ried]

You already tried to run ComboFix.exe. Did it complete for you? If so, post the C:\ComboFix.txt here please.

[starbai]

Quote:

Originally Posted by Ried

You already tried to run ComboFix.exe. Did it complete for you? If so, post the C:\ComboFix.txt here please.

I did try, but all it did was hang up the system--- didn't work.

I had to reboot.

Thanks For your continued help.

[Ried]

Did you receive an 'Out of Memory' message when you tried to run it?

[starbai]

Quote:

Originally Posted by Ried

Did you receive an 'Out of Memory' message when you tried to run it?

Nope. Cmd.exe came up, and it was a blank screen. nothing happened I tried to open another program computer froze had to restart.

[Ried]

Alright then, it will be quicker to use other means.


Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Close any open browsers.

--------------------------------------------------------------------

Right click HijackThis.exe and run as Administrator

Place a 'check' next to the following entries:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\efedb.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll",run

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Open notepad and copy/paste the entire text in the code box below: (don't forget to copy and paste REGEDIT4)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{446624E1-B767-4443-AA6E-0F355CAFD21B}"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

Kaspersky results
New HijackThis log
Update on system behavior

[starbai]

doing it now.

[starbai]

Running Kaspersky Now

[starbai]

holy crap, 5% scanned 30 minutes into scanning.

either way i'll let it finish and post the log when its done.

thus far my explorer keeps restarting and i' hven't been able to view anything in My Computer without it closing, every new window browser opened restarts windows explorer, however the popups seem gone.

[starbai]

Kasperksky is running, and Norton blocked MetaJuan a few more times. Immediately after the metajuan was blocked, I started getting pop ups again.

Kaspersky at 6%

[starbai]

should it really take this long? i'm still at 6% at this rate i doubt it will finish until tomorrow.

[starbai]

OK Every thing asked for is done.

I still get a crazy amount of pop ups and prompts for random .dlls that cannot be found.

UPDATED HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:19 PM, on 2/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\StarBai\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\StarBai.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomjhih.dll,#1
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\byxuu.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\efedb.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10365 bytes


HERE IS THE KASPERSKY LOG:

Wednesday, February 06, 2008 7:32:11 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 552453


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
H:\
I:\

Scan Statistics
Total number of scanned objects 139865
Number of viruses found 2
Number of infected objects 41
Number of suspicious objects 0
Duration of the scan process 04:27:18

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\awtts.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\awvtu.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\byvwv.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\byxuu.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\byxuv.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\caxfvusf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\eectuehs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\efcbb.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\fccay.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\fsdkeptk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\kgohlqmt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\khfcb.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\ljhee.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\mllii.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\nnnkh.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\nnnnn.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\opnnm.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\sculojac.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\ssqro.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp000259f1 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp0002bbee Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp00035c04 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp0004fce4 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp00052210 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp0007339d Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp000ec9f3 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\wvuvt.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\xxyyw.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\yayyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Windows\temp\WER-4627629-0.sysdata.xml Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\WER-4643853-0.sysdata.xml Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\WER-4662152-0.sysdata.xml Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped

C:\ProgramData\Symantec\LiveUpdate\2008-02-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped

C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped

C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped

C:\ProgramData\Microsoft\User Account Pictures\Jaya Jagmohan.dat Object is locked skipped

C:\System.sav\util\App.Evt Object is locked skipped

C:\System.sav\util\Sec.Evt Object is locked skipped

C:\System.sav\util\Sys.Evt Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008020620080207\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F52A5NUM\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWEFJ82A\ptch[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWEFJ82A\ptch[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5V24J57\hctp[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IR5YHQFV\bind[2].htm Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\StarBai\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat{498e7762-d3b9-11dc-a2c4-001b24f9b939}.TM.blf Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat{498e7762-d3b9-11dc-a2c4-001b24f9b939}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat{498e7762-d3b9-11dc-a2c4-001b24f9b939}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\InputPersonalization\edb.log Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\InputPersonalization\tmp.edb Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows Defender\FileTracker\{D7AC1465-D5DC-4F33-989D-1C32C9A5B6FF} Object is locked skipped

C:\Users\StarBai\AppData\Local\Temp\jgbcfpsb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\Low\~DF7AE9.tmp Object is locked skipped

C:\Users\StarBai\AppData\Local\Temp\Low\~DF7B1B.tmp Object is locked skipped

C:\Users\StarBai\AppData\Local\Temp\ssctiuqc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\todwyeqt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\uloqfarv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\yvlefhki.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\~DF1A1A.tmp Object is locked skipped

C:\Users\StarBai\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Roaming\PFU\ScanSnap\ScanSnap_Curr_000.prp Object is locked skipped

C:\Users\StarBai\Desktop\DESKTOP\Nations Funding Source Documents\NFSLenderList.xls Object is locked skipped

C:\Users\StarBai\NTUSER.DAT Object is locked skipped

C:\Users\StarBai\ntuser.dat.LOG1 Object is locked skipped

C:\Users\StarBai\ntuser.dat.LOG2 Object is locked skipped

C:\Users\StarBai\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\StarBai\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\StarBai\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\VundoFix Backups\qomjhih.dll.bad Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\WINDOWS\bthservsdp.dat Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Debug\sam.log Object is locked skipped

C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped

C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped

C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped

C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped

C:\WINDOWS\panther\diagerr.xml Object is locked skipped

C:\WINDOWS\panther\diagwrn.xml Object is locked skipped

C:\WINDOWS\panther\setupact.log Object is locked skipped

C:\WINDOWS\panther\setuperr.log Object is locked skipped

C:\WINDOWS\panther\UnattendGC\diagerr.xml Object is locked skipped

C:\WINDOWS\panther\UnattendGC\diagwrn.xml Object is locked skipped

C:\WINDOWS\panther\UnattendGC\setupact.log Object is locked skipped

C:\WINDOWS\panther\UnattendGC\setuperr.log Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{93B6394B-1610-40AD-AE67-18B14A6E0DE2}.crmlog Object is locked skipped

C:\WINDOWS\security\database\secedit.sdb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped

C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\WINDOWS\System32\config\COMPONENTS Object is locked skipped

C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\DEFAULT Object is locked skipped

C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\SAM Object is locked skipped

C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\SECURITY Object is locked skipped

C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\SYSTEM Object is locked skipped

C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\System32\qomjhih.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped

C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped

C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped

C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped

C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped

C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped

C:\WINDOWS\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped

C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped

C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped

C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\WINDOWS\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\WINDOWS\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\VeriSoft.evtx Object is locked skipped

C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped

D:\$RECYCLE.BIN\Folder.htt Object is locked skipped

D:\$RECYCLE.BIN\Protect.ed Object is locked skipped

Scan process completed.

[starbai]

ALSO

I keep getting buffer over run msgs fr explorer.exe

[starbai]

Now everytime i run something it tells me i'm not the administrator.

YES I AM!

[Ried]

Hello starbai,

That's because you're still infected--it takes time to find it all. Disabling the ConsentPromptBehaviorAdmin contributed to this infection finding it's way onto your system.

Please download OTMoveIt by OldTimer and save it to your desktop.

Next, download ATF Cleaner by Atribune.

---------------------------------------------------------

Right click OTMoveIt.exe to run it as Administrator.

• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F52A5NUM\hctp[1]
  C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWEFJ82A\ptch[1]
  C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWEFJ82A\ptch[2]
  C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5V24J57\hctp[2]
  C:\Users\StarBai\AppData\Local\Temp\jgbcfpsb.dll
  C:\Users\StarBai\AppData\Local\Temp\ssctiuqc.dll
  C:\Users\StarBai\AppData\Local\Temp\todwyeqt.dll
  C:\Users\StarBai\AppData\Local\Temp\uloqfarv.dll
  C:\Users\StarBai\AppData\Local\Temp\yvlefhki.dll
  C:\WINDOWS\System32\qomjhih.dll
  C:\VundoFix Backups
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------

Right click ATF-Cleaner.exe and select run as Administrator

• Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

-------------------------------------------------------

The HijackThis log you posted is the same as your previous run:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:19 PM, on 2/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Please run another scan with HijackThis and post that in your next reply along with the log from OTMoveIt, located here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log (Where mmddyyyy_hhmmss is the date of the tool run.)

Also, how is the system behaving now?