Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help--


  • Please log in to reply
1 reply to this topic

#1 starbai

starbai

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 06 February 2008 - 08:33 PM

Hello all,

I have tired to follow directions I've read on here so If i mess up and didn't do something I was supposed to, please forgive me, just tell me and I will do it.

I've got something on my computer I thought it was the Virtumundo stuff, and I've ran VundoFix, and it finds a few things that it then cannot seem to remove.

I open HijackThis and "fix" a bunch of things that I know shouldn't be there but when I reboot the computer everything comes right back and I'm back to square one. Explorer restarts all the time, I get pop ups galore.

I dont even know how this thing gets on my machine, its BRAND new and I've already did a factory restore 2 times trying to get rid of this tihng, and it comes right back. Norton, Adware, and Spybot have all be completely updated and find nothing.

Here is my HijackThis log, I beg for someone to help me, I use this comp for work and I haven't gotten anything done in 2 days. Also, when I run hijack this it says that my comp wont allow it access to the hosts file... I dont know how to get around that, or if its needed for this problem


HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:19 PM, on 2/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\StarBai\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\StarBai.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qomjhih.dll,#1
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\byxuu.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\StarBai\AppData\Local\Temp\efedb.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10365 bytes


HERE IS THE KASPERSKY LOG:


Wednesday, February 06, 2008 7:32:11 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 552453


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
H:\
I:\

Scan Statistics
Total number of scanned objects 139865
Number of viruses found 2
Number of infected objects 41
Number of suspicious objects 0
Duration of the scan process 04:27:18

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\awtts.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\awvtu.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\byvwv.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\byxuu.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\byxuv.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\caxfvusf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\eectuehs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\efcbb.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\fccay.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\fsdkeptk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\kgohlqmt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\khfcb.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\ljhee.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\mllii.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\nnnkh.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\nnnnn.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\opnnm.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\sculojac.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\ssqro.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp000259f1 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp0002bbee Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp00035c04 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp0004fce4 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp00052210 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp0007339d Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\tmp000ec9f3 Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\wvuvt.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\xxyyw.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\Deckard\System Scanner\backup\Users\StarBai\AppData\Local\Temp\yayyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\Windows\temp\WER-4627629-0.sysdata.xml Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\WER-4643853-0.sysdata.xml Object is locked skipped

C:\Deckard\System Scanner\backup\Windows\temp\WER-4662152-0.sysdata.xml Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped

C:\ProgramData\Symantec\LiveUpdate\2008-02-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped

C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped

C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped

C:\ProgramData\Microsoft\User Account Pictures\Jaya Jagmohan.dat Object is locked skipped

C:\System.sav\util\App.Evt Object is locked skipped

C:\System.sav\util\Sec.Evt Object is locked skipped

C:\System.sav\util\Sys.Evt Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008020620080207\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F52A5NUM\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWEFJ82A\ptch[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWEFJ82A\ptch[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5V24J57\hctp[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IR5YHQFV\bind[2].htm Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\StarBai\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat{498e7762-d3b9-11dc-a2c4-001b24f9b939}.TM.blf Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat{498e7762-d3b9-11dc-a2c4-001b24f9b939}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows\UsrClass.dat{498e7762-d3b9-11dc-a2c4-001b24f9b939}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\InputPersonalization\edb.log Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\InputPersonalization\tmp.edb Object is locked skipped

C:\Users\StarBai\AppData\Local\Microsoft\Windows Defender\FileTracker\{D7AC1465-D5DC-4F33-989D-1C32C9A5B6FF} Object is locked skipped

C:\Users\StarBai\AppData\Local\Temp\jgbcfpsb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\Low\~DF7AE9.tmp Object is locked skipped

C:\Users\StarBai\AppData\Local\Temp\Low\~DF7B1B.tmp Object is locked skipped

C:\Users\StarBai\AppData\Local\Temp\ssctiuqc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\todwyeqt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\uloqfarv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\yvlefhki.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Users\StarBai\AppData\Local\Temp\~DF1A1A.tmp Object is locked skipped

C:\Users\StarBai\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped

C:\Users\StarBai\AppData\Roaming\PFU\ScanSnap\ScanSnap_Curr_000.prp Object is locked skipped

C:\Users\StarBai\Desktop\DESKTOP\Nations Funding Source Documents\NFSLenderList.xls Object is locked skipped

C:\Users\StarBai\NTUSER.DAT Object is locked skipped

C:\Users\StarBai\ntuser.dat.LOG1 Object is locked skipped

C:\Users\StarBai\ntuser.dat.LOG2 Object is locked skipped

C:\Users\StarBai\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\StarBai\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\StarBai\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\VundoFix Backups\qomjhih.dll.bad Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\WINDOWS\bthservsdp.dat Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Debug\sam.log Object is locked skipped

C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped

C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped

C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped

C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped

C:\WINDOWS\panther\diagerr.xml Object is locked skipped

C:\WINDOWS\panther\diagwrn.xml Object is locked skipped

C:\WINDOWS\panther\setupact.log Object is locked skipped

C:\WINDOWS\panther\setuperr.log Object is locked skipped

C:\WINDOWS\panther\UnattendGC\diagerr.xml Object is locked skipped

C:\WINDOWS\panther\UnattendGC\diagwrn.xml Object is locked skipped

C:\WINDOWS\panther\UnattendGC\setupact.log Object is locked skipped

C:\WINDOWS\panther\UnattendGC\setuperr.log Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{93B6394B-1610-40AD-AE67-18B14A6E0DE2}.crmlog Object is locked skipped

C:\WINDOWS\security\database\secedit.sdb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped

C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\WINDOWS\System32\config\COMPONENTS Object is locked skipped

C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\DEFAULT Object is locked skipped

C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\SAM Object is locked skipped

C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\SECURITY Object is locked skipped

C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\SYSTEM Object is locked skipped

C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped

C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\System32\qomjhih.dll Infected: Trojan-Downloader.Win32.Small.hsl skipped

C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped

C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped

C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped

C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped

C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped

C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped

C:\WINDOWS\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped

C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped

C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped

C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\WINDOWS\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\WINDOWS\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped

C:\WINDOWS\System32\winevt\Logs\VeriSoft.evtx Object is locked skipped

C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped

D:\$RECYCLE.BIN\Folder.htt Object is locked skipped

D:\$RECYCLE.BIN\Protect.ed Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 15 February 2008 - 05:28 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum starbai
My name is Richie and i'll be helping you to fix your problems.

Please disable UAC [User Account Control].
1. Click Start and then click the picture at the top of the right column on the Start menu,this opens the User Accounts Control Panel.
2. Click Turn User Account Control on or off,you will have to respond to a UAC prompt to complete this action.
3. Clear the Use User Account Control (UAC) to help protect your computer check box and click OK.
4. Click Restart Now when prompted,after your computer restarts,UAC will be off.
You can repeat these steps to re-enable UAC,just click to select the check box in Step 3 when we've finished.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use.

Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop


Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users