Explorere.exe closing, pop ups, etc. Hijack included

[SahDu]

Hey again. So, apparently I came down with some spyware. My computer is almost impossible to work with, as explorer.exe will randomly close and can only  be opened through the Task Manager. Similarly, I will get pop ups all over the place and Firefox will randomly decide to quit. Any and all help is greatly appreciated. As you know, I'm always thankful for help here, so this is no exception. Thanks again!

Jeff

----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:24 AM, on 2/29/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {23A4F050-D258-4EF9-9671-7DA8B9ED18DE} - C:\Windows\system32\xxyxv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqolm.dll,#1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyxv.dll,c
O4 - HKCU\..\Run: [f8212089] rundll32.exe "C:\Users\Jeff\AppData\Local\Temp\wfycfhbj.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Jeff\AppData\Local\Temp\dxdpkmni.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyxv.dll,c (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [f8212089] rundll32.exe "C:\Users\Jeff\AppData\Local\Temp\wfycfhbj.dll",b (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [MS Juan] rundll32 "C:\Users\Jeff\AppData\Local\Temp\dxdpkmni.dll",run (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8174 bytes

[guestolo]

I'm on my way to work shortly, in the meantime, can you do the following please

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {23A4F050-D258-4EF9-9671-7DA8B9ED18DE} - C:\Windows\system32\xxyxv.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqolm.dll,#1

O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup

O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyxv.dll,c
O4 - HKCU\..\Run: [f8212089] rundll32.exe "C:\Users\Jeff\AppData\Local\Temp\wfycfhbj.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Jeff\AppData\Local\Temp\dxdpkmni.dll",run

O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyxv.dll,c (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [f8212089] rundll32.exe "C:\Users\Jeff\AppData\Local\Temp\wfycfhbj.dll",b (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [MS Juan] rundll32 "C:\Users\Jeff\AppData\Local\Temp\dxdpkmni.dll",run (User '?')


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer, back in Windows

Please download Malwarebytes' Anti-Malware to your desktop from the following link
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

Select one of the Free downloads from either
MajorGeeks TX - |USA|
MajorGeeks FL - |USA|

Once saved to desktop

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click "Remove Selected".
  
• When completed, a log will open in Notepad. Please save it to a convenient location.
• Copy and Paste that log into your next reply.
[/b]

Also, post a fresh hijackthis log

[guestolo]

If you have not started the above fixes yet, can you disable Windows Defender protections so it won't interfere
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

[SahDu]

I had already completed the steps listed before seeing your last post. Sorry about that. Below are the two logs. Hopefully it didn't interfere too much. Thanks for all the help!

Jeff

-----------------------------------------------------------------

Malwarebytes' Anti-Malware 1.05
Database version: 427

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 172631
Time elapsed: 1 hour(s), 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\xxyxv.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41f544ff-e7e9-4f43-9aa6-e316d06eb787} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{41f544ff-e7e9-4f43-9aa6-e316d06eb787} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb2bbb3d-8470-4c4b-8316-815672908d52} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{eb2bbb3d-8470-4c4b-8316-815672908d52} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{45c2a50f-8f4a-496e-af02-d0207525bf5a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\javacore (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45c2a50f-8f4a-496e-af02-d0207525bf5a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxv.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\gumhqksp.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pcijvhxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yxhvjicp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmytqcls.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\slcqtymp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tdcnnrea.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aernncdt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyxv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\vxyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vxyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yhuzoxui.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\wvwtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS\NoDNS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp00009a3b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000ac45 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000ad3f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000be6e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000bf96 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000c2e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp000108e5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp00017406 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp00047dd6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp003e7031 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\b154.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\Windows\System32\rqolm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS\UnInstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:12 PM, on 2/29/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {1e99cab9-d62b-b188-1f44-dc905bdc0a7d} - {d7a0cdb5-09cd-44f1-881b-b26d9bac99e1} - C:\Windows\system32\jldbvreb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [f8212089] rundll32.exe "C:\Windows\system32\srycmiui.dll",b
O4 - HKLM\..\Run: [BMfb121315] Rundll32.exe "C:\Windows\system32\bdwlcqtn.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7094 bytes
------------------------------------------

Thanks again!

Jeff

[guestolo]

We didn't get everything yet
Can you still do the following

Ensure windows Defenders protections are disabled

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [f8212089] rundll32.exe "C:\Windows\system32\srycmiui.dll",b
O4 - HKLM\..\Run: [BMfb121315] Rundll32.exe "C:\Windows\system32\bdwlcqtn.dll",s


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Back in windows
Can you disable AVAST protections so it won't interfere with the next scan
Right click the AVAST icon by the clock and select "Stop On Access protections"
OK the prompt
Afterwards

Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
  
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    [color=\"#6666CC\"]Extended[/color]
    
• Scan Options:
  [color=\"#6666CC\"]Scan Archives[/color]
  

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

• Click OK and, under select a target to scan, select My Computer
  

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save

Post back all the following:

1. Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.
2. Run a fresh scan/save logfile with Hijackthis and post it also

[SahDu]

Here are the two logs. Thanks!

Jeff

------------------------------------------------

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Saturday, March 01, 2008 2:08:55 PM
 Operating System: Microsoft Windows Vista Professional,  (Build 6000)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  1/03/2008
 Kaspersky Anti-Virus database records: 591405
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 133334
   Number of viruses found: 3
   Number of infected objects: 102
   Number of suspicious objects: 0
   Duration of the scan process: 00:49:54

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD   Object is locked   skipped
C:\Boot\BCD.LOG   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log   Object is locked   skipped
C:\Program Files\Steam\logs\connection_log.txt   Object is locked   skipped
C:\Program Files\Steam\Steam.log   Object is locked   skipped
C:\Program Files\Steam\steamapps\winui.gcf   Object is locked   skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080229-012026-214.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.Crwl   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy28.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfE945.tmp   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfE946.tmp   Object is locked   skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\a537119c47192bc08952189ae8782f08[1].zip/b152.exe   Infected: Trojan-Dropper.Win32.Agent.eso   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\a537119c47192bc08952189ae8782f08[1].zip   ZIP: infected - 1   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\cmp638[1]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\ptch[1]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\ptch[2]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO12TB65\hctp[1]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO12TB65\tr[1]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat{45038623-e4dd-11dc-b452-0013e8484005}.TM.blf   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat{45038623-e4dd-11dc-b452-0013e8484005}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat{45038623-e4dd-11dc-b452-0013e8484005}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows Sidebar\Settings.ini   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Mozilla\Firefox\Profiles\vpqcdtlv.default\Cache\_CACHE_001_   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Mozilla\Firefox\Profiles\vpqcdtlv.default\Cache\_CACHE_002_   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Mozilla\Firefox\Profiles\vpqcdtlv.default\Cache\_CACHE_003_   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Mozilla\Firefox\Profiles\vpqcdtlv.default\Cache\_CACHE_MAP_   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Temp\aanymcwd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\aipqjmwr.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\axwiltyi.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\bpomkovx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\bpxdhkam.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\clvdrfgy.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\cwsmjmee.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dadrgdtl.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dauepkff.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dgrrxcjs.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dmwtudrg.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dxdpkmni.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dxswrbvq.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\eegnbkow.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ejpaeinh.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\eonhfuxn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\eoxjocwp.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\eukulgex.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\fmkxojjd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\frntpmpk.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\fscjhuyl.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\fxboplll.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\FXSAPIDebugLogFile.txt   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Temp\gghwbrgo.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\goybmujd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\gqmsjjgb.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ieddyaod.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ithfhihn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\javaaeiy.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\jnhugogl.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\jpacsodu.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\kbtcwyny.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\kdrcxoxn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\klkjtpvf.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\kprfbmuc.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\kxsivcvo.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\lbvnpicp.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\lelwaqei.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\leunuwuk.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\llrbexve.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\llwktply.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\lqtneyos.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\meehkugw.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\miwuqiun.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\mkycmayg.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\mnxdlikn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\nepxbwtn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\nfxdslxy.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\nnhdguhm.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\obnletnd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ogbfiifj.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\oknacpus.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\pehdqphr.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\rcqyqcjo.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\rpwddcgs.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\sauqidlq.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\sicouepx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\snraaabh.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\stcuejhx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\tgiwmfvj.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ubljdtmr.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ucmkjuuw.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ulomgtmc.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\uminqvyp.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\utxfmsmn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\uxvsbtbc.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\vkgjpbvi.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\vtuytmmj.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\wfycfhbj.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\wsklvkht.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xacracmy.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xaorxjdn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xatdwtby.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xkppdmka.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xwryxgbu.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ybjgsqlt.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ydolfhar.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yjfxpyrs.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ylgoiwub.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yscmftmx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yutejsgv.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yxxnbepg.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yyrotvlb.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\index.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\cert8.db   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\history.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\key3.db   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\parent.lock   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\search.sqlite   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\urlclassifier2.sqlite   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\call256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\callmember256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\chat512.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\chatmember256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\chatmsg256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\chatmsg512.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\contactgroup256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\dyncontent\bundle.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\index2.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\profile256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\user1024.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\user16384.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\user256.dbb   Object is locked   skipped
C:\Users\Jeff\Documents\Downloads\Avast Profesional + Serials (2008)\setupengpro.exe   Infected: Trojan.Win32.Buzus.pf   skipped
C:\Users\Jeff\NTUSER.DAT   Object is locked   skipped
C:\Users\Jeff\ntuser.dat.LOG1   Object is locked   skipped
C:\Users\Jeff\ntuser.dat.LOG2   Object is locked   skipped
C:\Users\Jeff\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf   Object is locked   skipped
C:\Users\Jeff\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Users\Jeff\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\bthservsdp.dat   Object is locked   skipped
C:\Windows\CSC\v2.0.6\pq   Object is locked   skipped
C:\Windows\Debug\PASSWD.LOG   Object is locked   skipped
C:\Windows\Debug\sam.log   Object is locked   skipped
C:\Windows\Debug\WIA\wiatrace.log   Object is locked   skipped
C:\Windows\Logs\CBS\CBS.log   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat.LOG1   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat.LOG2   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{3e2d2087-e4e0-11dc-aab6-00197edc3b20}.TM.blf   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{3e2d2087-e4e0-11dc-aab6-00197edc3b20}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{3e2d2087-e4e0-11dc-aab6-00197edc3b20}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun-24-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0   Object is locked   skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0   Object is locked   skipped
C:\Windows\System32\bdwlcqtn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\catroot2\edb.log   Object is locked   skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb   Object is locked   skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb   Object is locked   skipped
C:\Windows\System32\config\COMPONENTS   Object is locked   skipped
C:\Windows\System32\config\COMPONENTS.LOG1   Object is locked   skipped
C:\Windows\System32\config\COMPONENTS.LOG2   Object is locked   skipped
C:\Windows\System32\config\DEFAULT   Object is locked   skipped
C:\Windows\System32\config\DEFAULT.LOG1   Object is locked   skipped
C:\Windows\System32\config\DEFAULT.LOG2   Object is locked   skipped
C:\Windows\System32\config\RegBack\COMPONENTS   Object is locked   skipped
C:\Windows\System32\config\RegBack\DEFAULT   Object is locked   skipped
C:\Windows\System32\config\RegBack\SAM   Object is locked   skipped
C:\Windows\System32\config\RegBack\SECURITY   Object is locked   skipped
C:\Windows\System32\config\RegBack\SOFTWARE   Object is locked   skipped
C:\Windows\System32\config\RegBack\SYSTEM   Object is locked   skipped
C:\Windows\System32\config\SAM   Object is locked   skipped
C:\Windows\System32\config\SAM.LOG1   Object is locked   skipped
C:\Windows\System32\config\SAM.LOG2   Object is locked   skipped
C:\Windows\System32\config\SECURITY   Object is locked   skipped
C:\Windows\System32\config\SECURITY.LOG1   Object is locked   skipped
C:\Windows\System32\config\SECURITY.LOG2   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE.LOG1   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE.LOG2   Object is locked   skipped
C:\Windows\System32\config\SYSTEM   Object is locked   skipped
C:\Windows\System32\config\SYSTEM.LOG1   Object is locked   skipped
C:\Windows\System32\config\SYSTEM.LOG2   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms   Object is locked   skipped
C:\Windows\System32\fbnmhxnd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\gsrvshnr.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\jldbvreb.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\kxdyhvgc.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM   Object is locked   skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\Windows\System32\mdpjwsgo.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002   Object is locked   skipped
C:\Windows\System32\nwnjlyfx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\sldmkanx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\spool\SpoolerETW.etl   Object is locked   skipped
C:\Windows\System32\srycmiui.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\wbem\Logs\WMITracing.log   Object is locked   skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR   Object is locked   skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP   Object is locked   skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP   Object is locked   skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA   Object is locked   skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003   Object is locked   skipped
C:\Windows\System32\wfp\wfpdiag.etl   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Application.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Security.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\System.evtx   Object is locked   skipped
C:\Windows\System32\xewpidea.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\xswcywxb.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\Tasks\SCHEDLGU.TXT   Object is locked   skipped
C:\Windows\WindowsUpdate.log   Object is locked   skipped

Scan process completed.


--------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:41 PM, on 3/1/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {1e99cab9-d62b-b188-1f44-dc905bdc0a7d} - {d7a0cdb5-09cd-44f1-881b-b26d9bac99e1} - C:\Windows\system32\jldbvreb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7103 bytes

----------------------------------------------------

Thanks again!

[guestolo]

We still have some cleaning to do

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: {1e99cab9-d62b-b188-1f44-dc905bdc0a7d} - {d7a0cdb5-09cd-44f1-881b-b26d9bac99e1} - C:\Windows\system32\jldbvreb.dll


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
Right-Click on ATF-Cleaner.exe on desktop and select Run As Administrator
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
========================================================
Please download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

• Save it to your desktop.
  
• Right-Click on OTMoveit2.exe on desktop and select Run As Administrator
  
• Copy the file paths below to the clipboard in blue below by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  ==============================================================================
  
  [color=\"#0000FF\"]C:\Users\Jeff\Documents\Downloads\Avast Profesional + Serials (2008)\setupengpro.exe
  C:\Windows\System32\bdwlcqtn.dll
  C:\Windows\System32\fbnmhxnd.dll
  C:\Windows\System32\gsrvshnr.dll
  C:\Windows\System32\jldbvreb.dll
  C:\Windows\System32\kxdyhvgc.dll
  C:\Windows\System32\mdpjwsgo.dll
  C:\Windows\System32\nwnjlyfx.dll
  C:\Windows\System32\sldmkanx.dll
  C:\Windows\System32\srycmiui.dll
  C:\Windows\System32\xewpidea.dll
  C:\Windows\System32\xswcywxb.dll[/color]
  
  ==============================================================================
  
• Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  
• Click the red "[color=\"red\"]MoveIt![/color]" button.
  
• Close OTMoveIt when it has completed.
  

[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log


Post that log please along with a fresh hijackthis log

Also, can you let me know how things are running
In addition, do you know what this entry in your hijackthis log is related too?
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent

[SahDu]

Things seem to be better now. Haven't gotten a popup in a while and explorer.exe isn't closing. I'm very grateful for that. That entry is for a program I use to turn off the monitor on my laptop at night, so it should be okay. Here are the two logs that you asked for. Thanks so much for all your help!

Jeff

---------------------------------------------------------

C:\Users\Jeff\Documents\Downloads\Avast Profesional + Serials (2008)\setupengpro.exe moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\bdwlcqtn.dll
C:\Windows\System32\bdwlcqtn.dll NOT unregistered.
C:\Windows\System32\bdwlcqtn.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\fbnmhxnd.dll
C:\Windows\System32\fbnmhxnd.dll NOT unregistered.
C:\Windows\System32\fbnmhxnd.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\gsrvshnr.dll
C:\Windows\System32\gsrvshnr.dll NOT unregistered.
C:\Windows\System32\gsrvshnr.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\jldbvreb.dll
C:\Windows\System32\jldbvreb.dll NOT unregistered.
C:\Windows\System32\jldbvreb.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\kxdyhvgc.dll
C:\Windows\System32\kxdyhvgc.dll NOT unregistered.
C:\Windows\System32\kxdyhvgc.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\mdpjwsgo.dll
C:\Windows\System32\mdpjwsgo.dll NOT unregistered.
C:\Windows\System32\mdpjwsgo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\nwnjlyfx.dll
C:\Windows\System32\nwnjlyfx.dll NOT unregistered.
C:\Windows\System32\nwnjlyfx.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\sldmkanx.dll
C:\Windows\System32\sldmkanx.dll NOT unregistered.
C:\Windows\System32\sldmkanx.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\srycmiui.dll
C:\Windows\System32\srycmiui.dll NOT unregistered.
C:\Windows\System32\srycmiui.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\xewpidea.dll
C:\Windows\System32\xewpidea.dll NOT unregistered.
C:\Windows\System32\xewpidea.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\xswcywxb.dll
C:\Windows\System32\xswcywxb.dll NOT unregistered.
C:\Windows\System32\xswcywxb.dll moved successfully.
 
OTMoveIt2 v1.0.20 log created on 03022008_002741

-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:22 AM, on 3/2/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wsqmcons.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7470 bytes


-------------------------------------------------------

Thanks again!

Jeff

[guestolo]

one last log please
 supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

[SahDu]

Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
CopyTrans Suite Remove Only
Counter-Strike
DeadAIM
Dell Resource CD
Dell Touchpad
Dell Touchpad
Digital Line Detect
HijackThis 2.0.2
I8kfanGUI V3.1
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
iTunes
Kaspersky Online Scanner
Laptop Integrated Webcam Driver (1.04.01.1011)  
Malwarebytes' Anti-Malware
mCorev32.ism_new
mCPlug
mDriver
mHelp
mMHouse
Mozilla Firefox (2.0.0.12)
mPfMgr
mWMI
Notepad++
NVIDIA Drivers
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SigmaTel Audio
Skypeâ„¢ 3.6
Steam
Turn Off Monitor v1.0
Viewpoint Media Player
WD Diagnostics
WinRAR
WinSCP 4.0.6

Hope that looks ok! Let me know. Thanks so much!

Jeff

[guestolo]

Looks good

For some final cleanup, you can do the following
Delete OTMoveit.exe and the log it created

Uninstall Viewpoint Media Player


Optionally, you can either hold onto the following
ATF-Cleaner.exe <--or delete it manually

Then next 2 you can hang onto or Uninstall  them
Kaspersky Online Scanner
Malwarebytes' Anti-Malware



I would opt to run a complete virus scan with AVAST
Ensure AVAST's protections are enabled
Then, Right click on Avast icon by clock and check for updates
After updating
right click on the A in taskbar and click Start Avast! AntiVirus.
Click the little hard drive like icon in the top right corner, below the X.
For this scan, I would adjust the Slider from Standard Scan to Thorough Scan, and make sure to check "Scan Archive Files."

Then click on the Go(play) button and let it scan
Thorough scan may take awhile, but let it complete

When it's done
Reboot the computer

Back in Windows
Ensure to reset Windows Defender's protections if still disabled

Post back one last time and let me know how things are running