View Full Version : unwanted pop ups & internet explorer becomin unresponsive within 5 min's of usage
let me start by saying, "somebody PLEASE HELP ME"
basically what is happening is un wanted popups telling me my computer has been infected and showing possible programs to get rid of problem, BUT that is nothing compared to internet explorer shuting itself down after like 5 minutes of usage. it brings up an internet explorer error and then just goes down (happens every time) its driving me insane. i have read some other threads and have followed there instructions and am now up to the part were i have to paste my logs, so if anybody can help me it would be much appreciated
--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:46:01 PM 23/10/2006
+ Scan result:
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\InstHelp.exe -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\UDC6cw.exe -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\lapv.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\license.rtf -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\pv.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\readme.rtf -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\up.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\vbpv.dat -> Adware.DriveCleaner : Ignored.
C:\Program Files\Common Files\DriveCleaner 2006 Free\bak\udcpas.exe -> Adware.DriveCleaner : Ignored.
C:\Program Files\Common Files\DriveCleaner 2006 Free\bak\udcsdr.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005882.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005883.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005884.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005885.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005886.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005887.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005888.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005911.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005912.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005914.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005915.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005916.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005917.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005918.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005921.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003644.dll -> Adware.Pesttrap : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003645.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003646.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003640.dll -> Adware.Spysheriff : Ignored.
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP40\A0010148.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP40\A0010149.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\NeroCheck.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\_mzu_stonedrv3.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxvwjqfn.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003639.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003651.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003637.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003656.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003663.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003658.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003653.exe -> Downloader.Small.drh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003652.exe -> Downloader.Small.dul : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003657.exe -> Downloader.Small.dwx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP31\A0005748.exe -> Downloader.Tibs.if : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003635.exe -> Downloader.Tibs.im : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003636.exe -> Downloader.Tibs.im : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bak\_mzu_stonedrv3.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003638.exe -> Not-A-Virus.Hoax.Win32.Renos.fm : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003641.exe -> Not-A-Virus.Hoax.Win32.Renos.fm : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003710.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003625.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003650.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003655.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP32\A0005798.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP33\A0005839.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP33\A0005850.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005875.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005880.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005913.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0006934.exe -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winD53D.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winED.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003661.exe -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\image1.gif.exe -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\taskdir.exe_tobedeleted -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\MZU_DRV.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TheMatri1HasYou.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003620.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003654.exe -> Proxy.Xorpix.ao : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win4824.tmp -> Proxy.Xorpix.ar : Cleaned with backup (quarantined).
[232] C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll -> Proxy.Xorpix.ar : Error during cleaning.
C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\WINDOWS\system32\dxvwlmlw.exe -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxvwumgb.exe -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP41\A0010196.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003659.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003660.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003624.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP41\A0010197.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
::Report end
LonnyRJones
2006-10-23, 11:53
Update then run avg antimalware while the PC is in safe mode
save the log , reboot back to normal and post that log.
Post a HijackThis 1.99.1 log
First Make a new folder, example C:\AntiSpyWare
and download/Save HijackThis, to that new folder.
This is necessary to ensure you have backups should anything go wrong
http://www.merijn.org/files/HijackThis.exe
Double click HijackThis.exe, Hit None of the above, just start the program.
Hit Scan When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please show us its contents.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.
let me start by saying, "somebody PLEASE HELP ME"
basically what is happening is un wanted popups telling me my computer has been infected and showing possible programs to get rid of problem, BUT that is nothing compared to internet explorer becoming un responsive after like 5 minutes of usage, half the time just freezing and the other half just going down, its driving me insane. i have read some other threads and have followed there instructions and am now up to the part were i have to paste my logs, so if anybody can help me it would be much appreciated
(my logs will be in next post)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:46:01 PM 23/10/2006
+ Scan result:
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\InstHelp.exe -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\UDC6cw.exe -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\lapv.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\license.rtf -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\pv.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\readme.rtf -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\up.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\vbpv.dat -> Adware.DriveCleaner : Ignored.
C:\Program Files\Common Files\DriveCleaner 2006 Free\bak\udcpas.exe -> Adware.DriveCleaner : Ignored.
C:\Program Files\Common Files\DriveCleaner 2006 Free\bak\udcsdr.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005882.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005883.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005884.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005885.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005886.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005887.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005888.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005911.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005912.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005914.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005915.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005916.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005917.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005918.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005921.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003644.dll -> Adware.Pesttrap : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003645.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003646.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003640.dll -> Adware.Spysheriff : Ignored.
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP40\A0010148.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP40\A0010149.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\NeroCheck.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\_mzu_stonedrv3.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxvwjqfn.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003639.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003651.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003637.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003656.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003663.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003658.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003653.exe -> Downloader.Small.drh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003652.exe -> Downloader.Small.dul : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003657.exe -> Downloader.Small.dwx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP31\A0005748.exe -> Downloader.Tibs.if : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003635.exe -> Downloader.Tibs.im : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003636.exe -> Downloader.Tibs.im : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bak\_mzu_stonedrv3.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003638.exe -> Not-A-Virus.Hoax.Win32.Renos.fm : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003641.exe -> Not-A-Virus.Hoax.Win32.Renos.fm : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003710.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003625.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003650.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003655.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP32\A0005798.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP33\A0005839.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP33\A0005850.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005875.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005880.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005913.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0006934.exe -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winD53D.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winED.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003661.exe -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\image1.gif.exe -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\taskdir.exe_tobedeleted -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\MZU_DRV.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TheMatri1HasYou.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003620.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003654.exe -> Proxy.Xorpix.ao : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win4824.tmp -> Proxy.Xorpix.ar : Cleaned with backup (quarantined).
[232] C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll -> Proxy.Xorpix.ar : Error during cleaning.
C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\WINDOWS\system32\dxvwlmlw.exe -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxvwumgb.exe -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP41\A0010196.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003659.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003660.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003624.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP41\A0010197.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 5:58:02 PM, on 23/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C24ADC8-C996-6027-7EF4-0649A91B242B} - C:\WINDOWS\System32\gwflnpi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [jstzkpk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jstzkpk.dll,pvbormf
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dmvsvc - C:\WINDOWS\SYSTEM32\dmvsvc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: Rmbgskvo - {D04AD5F8-7AE0-7F52-8A5F-7570B1BB6DCE} - C:\WINDOWS\System32\ky.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
LonnyRJones
2006-10-24, 07:01
I joined several of your posts, confine your posts to this thread please.
See my suggestion above
thanks LonnyRJones for helping me out, here are the posts u asked for:
VG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:32:29 AM 26/10/2006
+ Scan result:
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP42\A0012307.exe -> Adware.DriveCleaner : No action taken.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP42\A0012308.exe -> Adware.DriveCleaner : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@bilbo.counted[1].txt -> TrackingCookie.Counted : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 11:34:46 AM, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C24ADC8-C996-6027-7EF4-0649A91B242B} - C:\WINDOWS\System32\gwflnpi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [jstzkpk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jstzkpk.dll,pvbormf
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dmvsvc - C:\WINDOWS\SYSTEM32\dmvsvc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: Rmbgskvo - {D04AD5F8-7AE0-7F52-8A5F-7570B1BB6DCE} - C:\WINDOWS\System32\ky.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
LonnyRJones
2006-10-26, 03:57
Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {0C24ADC8-C996-6027-7EF4-0649A91B242B} - C:\WINDOWS\System32\gwflnpi.dll
O4 - HKLM\..\Run: [jstzkpk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jstzkpk.dll,pvbormf
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O20 - AppInit_DLLs:
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: Rmbgskvo - {D04AD5F8-7AE0-7F52-8A5F-7570B1BB6DCE} - C:\WINDOWS\System32\ky.dll (file missing)
====================================
Hit fix checked and close Hijackthis. (not to worry about a hijackthis error)
Please download VundoFix.exe (http://www.atribune.org/content/view/24/2/)
to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\SYSTEM32\dmvsvc.dll
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on.
Please post the contents of C:\vundofix.txt
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
hey LonnyRJones, after i removed vundo, it prompted me to shutdown, i hit yes but my computer didnt actually shutdown it restarted, but here is the contents of vuondofix.txt, and i am about to d/l combofix.exe, i will post that log as soon as its done, thanks again for helping
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.6
Scan started at 2:43:46 PM 26/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\gwflnpi.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gwflnpi.dll
C:\WINDOWS\system32\gwflnpi.dll Has been deleted!
Performing Repairs to the registry.
Done!
HERE IS THE FIRST HALF
netspan - 06-10-26 15:19:36.17 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\netspan\My Documents\Program Setups"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\All Users\Documents\Settings
((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))
2006-10-26 14:43 88,576 --a------ C:\VundoFix.exe
2006-10-23 16:33 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-23 16:33 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-23 16:33 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-23 16:33 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-23 16:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-18 12:26 18,772 --a------ C:\WINDOWS\system32\dmvsvc.dll
2006-10-13 23:12 82,432 --a------ C:\WINDOWS\system32\dxvwllth.exe
2006-10-13 22:45 24,576 --a------ C:\WINDOWS\system32\S_SYS95.DLL
2006-10-13 22:45 106,496 --a------ C:\WINDOWS\system32\s_sysNT.dll
2006-10-13 22:44 65,536 --a------ C:\WINDOWS\IFinst27.exe
2006-10-12 11:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-12 11:52 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-12 11:52 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-12 11:52 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2006-10-11 12:11 157,184 --a------ C:\WINDOWS\system32\tzstf.dll
2006-10-11 12:10 94,720 --a------ C:\WINDOWS\system32\jstzkpk.dll
2006-10-07 12:48 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-07 12:48 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-07 12:48 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-07 12:48 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2006-10-07 12:48 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-07 12:48 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-07 12:48 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-07 12:48 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-07 12:48 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-07 12:48 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-07 12:48 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-07 12:48 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-07 12:48 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-07 12:48 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-07 12:48 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2006-10-07 12:48 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-07 12:48 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-07 12:48 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-07 12:48 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-07 12:48 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-07 12:48 2,058,888 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-07 12:48 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-07 12:48 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-07 12:47 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-10-07 12:47 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-07 12:47 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-10-07 12:47 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-10-07 12:47 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-10-07 12:47 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-10-07 12:47 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-07 12:47 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-10-07 12:47 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-10-07 12:47 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-10-07 12:47 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2006-10-07 12:47 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-10-07 12:47 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-10-07 12:47 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-10-07 12:47 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-10-07 12:47 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-10-07 12:47 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-10-07 12:47 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2006-10-07 12:47 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-10-07 12:47 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-10-07 12:47 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-10-07 12:47 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-07 12:47 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-10-07 12:47 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-10-07 12:47 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-10-07 12:47 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-07 12:47 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2006-10-07 12:47 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-10-07 12:47 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-10-07 12:47 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-10-07 12:47 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-10-07 12:47 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-10-07 12:47 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-10-07 12:47 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-10-07 12:47 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-10-07 12:47 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-10-07 12:47 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-10-07 12:47 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-07 12:47 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-10-07 12:47 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-10-07 12:47 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2006-10-07 12:47 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-10-07 12:47 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-10-07 12:47 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-10-07 12:47 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-10-07 12:47 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-07 12:47 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-10-07 12:47 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-10-07 12:47 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-10-07 12:47 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-10-07 12:47 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-10-07 12:47 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-10-07 12:47 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-10-07 12:47 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-10-07 12:47 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2006-10-07 12:47 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-10-07 12:47 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-10-07 12:47 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-07 12:47 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-10-07 12:47 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-10-07 12:47 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-10-07 12:47 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-10-07 12:47 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-10-07 12:47 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2006-10-07 12:47 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2006-10-07 12:47 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-10-07 12:47 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-10-07 12:47 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-10-07 12:47 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-07 12:47 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-10-07 12:47 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-10-07 12:10 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-07 12:10 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-07 12:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-07 12:10 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-07 12:10 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-07 12:10 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-07 12:10 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-07 12:10 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-07 12:09 9,709,568 -ra------ C:\WINDOWS\RTLCPL.EXE
2006-10-07 12:09 86,016 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2006-10-07 12:09 69,632 -ra------ C:\WINDOWS\ALCMTR.EXE
2006-10-07 12:09 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-07 12:09 4,275,712 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2006-10-07 12:09 364,544 -ra------ C:\WINDOWS\RtlUpd.exe
2006-10-07 12:09 2,879,488 -ra------ C:\WINDOWS\SkyTel.exe
2006-10-07 12:09 2,808,832 -ra------ C:\WINDOWS\ALCWZRD.EXE
2006-10-07 12:09 2,158,592 -ra------ C:\WINDOWS\MicCal.exe
2006-10-07 12:09 16,207,872 -ra------ C:\WINDOWS\RTHDCPL.EXE
2006-10-07 12:08 81,792 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2006-10-04 15:50 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-02 23:32 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-02 23:32 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-02 23:31 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-02 23:31 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-02 23:31 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-02 23:31 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-02 23:31 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-02 23:31 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-02 23:31 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-02 23:31 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-02 23:31 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-02 23:31 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-02 23:31 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-02 23:31 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-02 15:02 44,192 --a------ C:\WINDOWS\system32\drivers\PcdrNt.sys
2006-10-02 15:02 377,600 --a------ C:\WINDOWS\system32\BOCOLE.DLL
2006-10-02 15:02 167,456 --a------ C:\WINDOWS\system32\BOCOF.DLL
2006-10-02 15:02 109,056 --a------ C:\WINDOWS\UNWISE32.EXE
2006-10-02 14:56 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-02 14:56 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2006-10-02 14:55 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-10-02 14:55 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-10-02 14:55 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-02 14:55 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-02 14:55 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2006-10-02 14:52 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-02 14:52 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-02 14:52 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-02 14:52 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-02 14:52 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-02 14:52 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-02 14:50 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-10-02 14:50 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-02 14:36 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-10-02 14:27 86,912 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2006-10-02 14:27 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-02 14:27 62,976 --a------ C:\WINDOWS\system32\drivers\pci.sys
2006-10-02 14:27 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2006-10-02 14:27 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2006-10-02 14:27 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2006-10-02 14:27 23,680 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2006-10-02 14:27 19,328 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2006-10-02 14:27 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-02 14:27 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2006-10-02 14:26 21,760 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-02 14:11 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-02 14:11 0 -rahs---- C:\MSDOS.SYS
2006-10-02 14:11 0 -rahs---- C:\IO.SYS
2006-10-02 14:11 0 --a------ C:\CONFIG.SYS
2006-10-02 14:11 0 --a------ C:\AUTOEXEC.BAT
2006-10-02 14:09 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-02 14:09 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-02 14:09 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-02 14:09 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-02 14:09 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-02 14:09 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-02 14:09 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-02 14:09 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-02 14:09 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-02 14:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-02 14:09 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-02 14:09 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-02 14:09 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-02 14:09 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-02 14:09 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-02 14:09 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-02 14:08 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-02 14:08 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-02 14:08 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-02 14:08 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-02 14:08 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-02 14:08 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-02 14:08 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-02 14:08 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-02 14:08 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-02 14:08 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-02 14:08 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-02 14:08 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-02 14:08 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-02 14:08 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-02 14:08 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-02 14:07 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-02 14:07 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
HERE IS THE SECOND HALF
2006-10-02 14:07 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-02 14:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-02 14:07 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-02 14:07 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-02 14:07 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-02 14:07 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-02 14:07 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-02 14:07 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-02 14:07 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-02 14:07 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-02 14:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-02 14:07 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-02 14:07 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-02 14:07 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-02 14:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-02 14:07 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-02 14:07 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-02 14:07 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-02 14:07 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-02 14:07 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-02 14:07 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-02 14:07 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-02 14:07 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-02 14:07 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-02 14:07 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-02 14:07 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-02 14:07 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-02 14:07 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-02 14:07 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-02 14:07 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-02 14:07 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-02 14:07 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-02 14:07 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-02 14:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-02 14:07 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-02 14:07 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-02 14:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-02 14:07 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-02 14:07 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-02 14:07 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-02 14:07 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-02 14:07 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-02 14:07 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-02 14:07 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-02 14:07 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-02 14:07 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-02 14:07 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-02 14:07 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-02 14:07 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-02 14:07 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-02 14:07 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-02 14:07 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-02 14:07 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-02 14:07 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-02 14:07 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-02 14:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-02 14:07 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-02 14:07 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-02 14:07 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-02 14:07 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-02 14:07 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-02 14:07 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-02 14:07 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-02 14:07 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-02 14:07 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-02 14:07 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-02 14:07 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-02 14:07 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-02 14:07 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-02 14:07 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-02 14:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-02 14:07 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-02 14:07 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-02 14:07 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-02 14:07 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-02 14:07 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-02 14:07 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-02 14:07 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-02 14:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-02 14:07 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-02 14:07 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-02 14:06 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-02 14:06 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-02 14:06 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-26 14:41 -------- d-------- C:\Program Files\Hijackthis
2006-10-24 20:48 -------- d-------- C:\Documents and Settings\netspan\Application Data\uTorrent
2006-10-24 16:25 -------- d-------- C:\Program Files\Ultimate Defender
2006-10-23 17:45 -------- d-------- C:\Program Files\Common Files\DriveCleaner 2006 Free
2006-10-23 16:30 -------- d-------- C:\Program Files\Grisoft
2006-10-22 21:36 -------- d-------- C:\Program Files\BitTorrent
2006-10-22 21:36 -------- d-------- C:\Documents and Settings\netspan\Application Data\BitTorrent
2006-10-21 21:32 -------- d-------- C:\Program Files\SlySoft
2006-10-19 14:38 -------- d---s---- C:\Documents and Settings\netspan\Application Data\Microsoft
2006-10-19 08:28 -------- d-------- C:\Documents and Settings\netspan\Application Data\Ahead
2006-10-16 17:35 -------- d-------- C:\Program Files\Messenger
2006-10-16 12:42 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-16 12:42 -------- d-------- C:\Program Files\Common Files
2006-10-16 12:42 -------- d-------- C:\Documents and Settings\netspan\Application Data\Adobe
2006-10-16 12:41 -------- d-------- C:\Program Files\Adobe
2006-10-15 18:43 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-10-14 20:47 -------- d-------- C:\Documents and Settings\netspan\Application Data\Sun
2006-10-14 03:46 -------- d-------- C:\Program Files\Power Shutdown 4.1
2006-10-12 13:46 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-12 13:46 -------- d-------- C:\Program Files\Cyanide
2006-10-12 13:46 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-11 14:33 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-09 11:10 -------- d-------- C:\Program Files\Elaborate Bytes
2006-10-09 11:10 -------- d-------- C:\Program Files\DVD Decrypter
2006-10-07 19:50 -------- d-------- C:\Documents and Settings\netspan\Application Data\vlc
2006-10-07 17:31 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-07 17:03 -------- d-------- C:\Program Files\The Creative Assembly
2006-10-07 16:47 -------- d-------- C:\Program Files\LimeWire
2006-10-07 16:46 -------- d-------- C:\Program Files\Java
2006-10-07 16:40 -------- d-------- C:\Program Files\Common Files\Java
2006-10-07 16:37 -------- d-------- C:\Program Files\VideoLAN
2006-10-07 16:31 -------- d-------- C:\Program Files\uTorrent
2006-10-07 12:48 -------- d-------- C:\Program Files\Windows Media Player
2006-10-07 12:48 -------- d-------- C:\Program Files\Nero
2006-10-07 12:48 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-07 12:08 -------- d-------- C:\Program Files\Realtek
2006-10-04 16:44 -------- d-------- C:\Program Files\OfficeUpdate11
2006-10-04 16:29 -------- d-------- C:\Program Files\Microsoft Works
2006-10-04 16:29 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-04 15:49 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-04 15:49 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-10-04 15:49 -------- d-------- C:\Program Files\Microsoft Office
2006-10-04 15:49 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-04 15:49 -------- d-------- C:\Program Files\Common Files\System
2006-10-04 15:49 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-02 23:31 62 --ahs---- C:\Documents and Settings\netspan\Application Data\desktop.ini
2006-10-02 23:31 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-02 23:31 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-02 14:58 -------- d-------- C:\Program Files\Lavasoft
2006-10-02 14:58 -------- d-------- C:\Documents and Settings\netspan\Application Data\Lavasoft
2006-10-02 14:52 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-02 14:43 -------- d-------- C:\Documents and Settings\netspan\Application Data\Macromedia
2006-10-02 14:26 -------- d-------- C:\Program Files\Intel
2006-10-02 14:15 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-02 14:15 -------- d-------- C:\Documents and Settings\netspan\Application Data\Identities
2006-10-02 14:11 -------- d-------- C:\Program Files\xerox
2006-10-02 14:11 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-02 14:10 -------- d-------- C:\Program Files\Online Services
2006-10-02 14:10 -------- d-------- C:\Program Files\Movie Maker
2006-10-02 14:10 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 14:09 -------- d-------- C:\Program Files\Outlook Express
2006-10-02 14:09 -------- d-------- C:\Program Files\NetMeeting
2006-10-02 14:09 -------- d-------- C:\Program Files\Common Files\Services
2006-10-02 14:09 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-02 14:08 -------- d-------- C:\Program Files\Windows NT
2006-10-02 14:08 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-02 14:08 -------- d-------- C:\Program Files\MSN
2006-10-02 14:08 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"NWEReboot"=""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ElbyCheckAnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\ElbyCheck.exe\" /L AnyDVD"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmvsvc
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-10-26 15:20:04.75
C:\ComboFix.txt ... 06-10-26 15:20
LonnyRJones
2006-10-26, 09:34
You need to repeat running vundofix scan then add that file
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\SYSTEM32\dmvsvc.dll
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on.
Please post the contents of C:\vundofix.txt
Post a new hijackthis log also please
i followed your instructons but the same thing happend, my computer didnt shutdown, it just restarted, but noy sure if it helped i waited a few minutes before i loged in, here are the log, thanks
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.6
Scan started at 9:06:00 PM 26/10/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\dmvsvc.dll
C:\WINDOWS\SYSTEM32\dmvsvc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 9:10:51 PM, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
LonnyRJones
2006-10-26, 14:21
Uninstall these two programs via addremove programs then delete there prospective folders if still present
C:\Program Files\Common Files\DriveCleaner 2006 Free
C:\Program Files\Ultimate Cleaner
Go start run type in
sc delete MZU_RK
press enter or hit ok
It appears you do not have an antivirus program , why is that ?
There are three to choose from here, install only ONE, update the programs and do a full scan.
http://forums.spybot.info/showthread.php?t=279
Only after that continue >
------------------------------------------------------------------------
You had an infection which replaces legitimate files with infected ones. We need to locate the legitimate backups and restore those...
Please download the following program and save it to your desktop:
http://noahdfear.geekstogo.com/FindAWF.exe
Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.
LonnyRJones i installed Zone alarm (hopefully that is one of the 3 u advised), the two programs u told me to delete, i did but they were'nt in the addremove list so i went in and deleted the files manually and then deleted them from the recycle bin, here is the log you requested, once again thankyou
Find AWF report by noahdfear ©2006
21K files found
~~~~~~~~~
21K files found with strings
~~~~~~~~~~~~~~~~
25K files found
~~~~~~~~~
25K files found with strings
~~~~~~~~~~~~~~~~
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
29/08/2002 03:41 AM 13,312 ctfmon.exe
14/10/2006 07:03 AM 82,432 dxvwjqfn.exe
12/01/2006 04:40 PM 155,648 NeroCheck.exe
3 File(s) 251,392 bytes
Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK
01/02/2006 05:45 PM 98,304 NMBgMonitor.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK
10/11/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
13312 29 Aug 2002 "C:\WINDOWS\system32\ctfmon.exe"
13312 29 Aug 2002 "C:\WINDOWS\system32\bak\ctfmon.exe"
13312 29 Aug 2002 "C:\WINDOWS\system32\dllcache\ctfmon.exe"
82432 14 Oct 2006 "C:\WINDOWS\system32\bak\dxvwjqfn.exe"
36975 10 Nov 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
end of report
LonnyRJones
2006-10-27, 06:46
Why did you uninstall ZA ?
what antivirus program did you install ?
Put this file NeroCheck.exe
C:\WINDOWS\SYSTEM32\ < here
C:\WINDOWS\SYSTEM32\BAK < now that bak folder can be deleted
dont worry about the other two file's in it.
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\BAK
Put this file NMBgMonitor.exe in the Lib folder
then delete the BAK folder
C:\PROGRAM FILES\JAVA\JRE15~1.0_0\BIN\BAK
At that location put jusched.exe where it is supposed to be, in the LIB folder
delete the bak folder
Give me a list of the messenger folders contents ?
C:\Program Files\Messenger
How did all that go ?
all that went fine, in regard to d/l zone alert, i was thought that was an anti virus program, now wat program should i d/l and should i keep running zone alert?
here is the contents of C:\Program Files\Messenger that u requested:
bak (folder is empty)
logwin
msgslang.dll
msmsgsin
newemail
rtcimsp.dll
logo
lvback
msgsc.dll
msmsgs
newalert
online
type
thanks LonnyRJones
LonnyRJones
2006-10-28, 10:38
You can delete that bak folder
Your missing messenger (msmsgs.exe)
Do a file search on your pc to find the latest version, heres an example on my pc.
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe (1655 KB, 10/13/2004 9:21:24 AM)
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (1477 KB, 8/20/2002 3:08:38 PM)
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe (1629 KB, 8/4/2004 1:56:54 AM)
C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (1629 KB, 8/4/2004 1:56:54 AM)
Take the most recent and copy it to the c:\program files\messenger\ folder
on my pc it would be this one
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe (1655 KB, 10/13/2004 9:21:24 AM)
===============
What security programs do you have now ?
Basicly you should have one antivirus one firewall and several antispyware programs.
Post back with one more hijackthis log please.
msmsgs.exe as already in the messanger folder and could not find any others.
the virud programs i have on my pc are
hijackthis
spybot- search and destroy
ad-aware
avg-anti spyware
zone alert
if u think i need more programs, could u plz let me now wat they are and were i can d/l them form and i will d/l them staright away (anything to try and stop viruses or delete them) thankyou
here is the log u requested
Logfile of HijackThis v1.99.1
Scan saved at 6:58:31 PM, on 28/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
LonnyRJones
2006-10-28, 11:13
Ok good, mesengers there, I overlooked it being present in the proper location
Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll (file missing)
====================================
Hit fix checked and close Hijackthis.
Download and Install SpywareBlaster (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html
Download install update and do a full system scan now and once a week or so with avg antivirus
http://free.grisoft.com/doc/2/lng/us/tpl/v
thanks alot LonnyRJones, my computer seems to be working fine now, it was so bloody frustrating not beeing able to use internet explorer. did u have any other suggestions in regard to virus protection?
thanks again mate:bigthumb:
LonnyRJones
2006-10-28, 18:16
Hi
Go here and attach the file inside C:\vundofix backups
http://www.uploadmalware.com/
Post a link to this topic so they know where it is from, then that folder can be deleted.
Put in place a good hosts file
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
More information http://www.mvps.org/winhelp2002/hosts.htm
One more log:
Post a startup list from hijackthis
Start Hijackthis click config misc tools >
plcase a check in [X] list also minor sections
and [X] list empty sections, then click gernerate startuplist log.
did all the above, here is the log u requested, thanks
( FIRST HALF )
StartupList report, 29/10/2006, 6:18:25 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\netspan\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RTHDCPL = RTHDCPL.EXE
SkyTel = SkyTel.EXE
Alcmtr = ALCMTR.EXE
NWEReboot =
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
ElbyCheckAnyDVD = "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
( second half )
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
ElbyDelay: System32\Drivers\ElbyDelay.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: System32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Input and output operations: \??\C:\WINDOWS\System32\ntio256.sys (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PcdrNt: \SystemRoot\System32\drivers\PcdrNt.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver: System32\DRIVERS\Rtenicxp.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: System32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{DC89A85A-28BC-4DDE-B0C4-D8987143718C} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 31,219 bytes
Report generated in 0.094 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
LonnyRJones
2006-10-29, 09:22
You did not install an antivirus program, why is that ?
Download an unzip Registry Search, preferably to your desktop.
http://www.xs4all.nl/~fstaal01/regsearch-us.html
unzip the program and start it , at the top in the blank white box/field rightclick once then type in
ntio256.sys
at the very top in the second blank field type in
Input and output operations
then click ok and wait for a text to open, copy and paste that back here please.
i didnt install an anti virus program because i didnt know i had to, and i asked u in an earlier post if i you wanted me to download any other virus programs, to tell me were to d/l them from and i would do so starigt away, sorry
here is the log u requested, thanks again
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0
; Results at 29/10/2006 9:30:25 PM for strings:
; 'input and output operations
ntio256.sys
'
; Strings excluded from search:
; 'input and output operations
input and output operations'
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
LonnyRJones
2006-10-29, 16:10
post 20 :)
Download install update and do a full system scan now and once a week or so with avg antivirus
http://free.grisoft.com/doc/2/lng/us/tpl/v
You put 'nput and output operations in the second fild from the top
Both need to be in the top field (first and second row), easy to misunderstand
ntio256.sys
Input and output operations
Nothing goes under "enter string to exclude from results (optional)"
Try again after installing updating and running avg antivirus
LonnyRJones
2006-11-07, 16:17
dlman whats up ?
hey LonnyRJones,
im so sorry i havnt replied, i was away and just got back last week, im sorry i havnt had the chance to reply, my computer seems to be working fine now thanks to u, thanks alot for helping me out,
seriously thankyou, :bigthumb:
LonnyRJones
2006-11-13, 17:10
Ok
We can skip the redistry searchs steps but do install a hosts file and read the
so how did i get infected article.
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279