unwanted pop ups & internet explorer becomin unresponsive within 5 min's of usage

dlman · Oct 23, 2006

let me start by saying, "somebody PLEASE HELP ME"
basically what is happening is un wanted popups telling me my computer has been infected and showing possible programs to get rid of problem, BUT that is nothing compared to internet explorer shuting itself down after like 5 minutes of usage. it brings up an internet explorer error and then just goes down (happens every time) its driving me insane. i have read some other threads and have followed there instructions and am now up to the part were i have to paste my logs, so if anybody can help me it would be much appreciated

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:46:01 PM 23/10/2006

+ Scan result:

C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\InstHelp.exe -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\UDC6cw.exe -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\lapv.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\license.rtf -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\pv.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\readme.rtf -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\up.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\vbpv.dat -> Adware.DriveCleaner : Ignored.
C:\Program Files\Common Files\DriveCleaner 2006 Free\bak\udcpas.exe -> Adware.DriveCleaner : Ignored.
C:\Program Files\Common Files\DriveCleaner 2006 Free\bak\udcsdr.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005882.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005883.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005884.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005885.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005886.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005887.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005888.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005911.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005912.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005914.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005915.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005916.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005917.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005918.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005921.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003644.dll -> Adware.Pesttrap : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003645.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003646.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003640.dll -> Adware.Spysheriff : Ignored.
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP40\A0010148.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP40\A0010149.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\NeroCheck.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\_mzu_stonedrv3.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxvwjqfn.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003639.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003651.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003637.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003656.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003663.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003658.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003653.exe -> Downloader.Small.drh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003652.exe -> Downloader.Small.dul : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003657.exe -> Downloader.Small.dwx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP31\A0005748.exe -> Downloader.Tibs.if : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003635.exe -> Downloader.Tibs.im : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003636.exe -> Downloader.Tibs.im : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bak\_mzu_stonedrv3.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003638.exe -> Not-A-Virus.Hoax.Win32.Renos.fm : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003641.exe -> Not-A-Virus.Hoax.Win32.Renos.fm : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003710.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003625.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003650.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003655.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP32\A0005798.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP33\A0005839.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP33\A0005850.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005875.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005880.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005913.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0006934.exe -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winD53D.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winED.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003661.exe -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\image1.gif.exe -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\taskdir.exe_tobedeleted -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\MZU_DRV.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TheMatri1HasYou.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003620.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003654.exe -> Proxy.Xorpix.ao : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win4824.tmp -> Proxy.Xorpix.ar : Cleaned with backup (quarantined).
[232] C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll -> Proxy.Xorpix.ar : Error during cleaning.
C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\WINDOWS\system32\dxvwlmlw.exe -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxvwumgb.exe -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP41\A0010196.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003659.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003660.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003624.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP41\A0010197.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).

::Report end

LonnyRJones · Oct 23, 2006

Update then run avg antimalware while the PC is in safe mode
save the log , reboot back to normal and post that log.

Post a HijackThis 1.99.1 log
First Make a new folder, example C:\AntiSpyWare
and download/Save HijackThis, to that new folder.
This is necessary to ensure you have backups should anything go wrong
http://www.merijn.org/files/HijackThis.exe
Double click HijackThis.exe, Hit None of the above, just start the program.
Hit Scan When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please show us its contents.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

dlman · Oct 24, 2006

let me start by saying, "somebody PLEASE HELP ME"
basically what is happening is un wanted popups telling me my computer has been infected and showing possible programs to get rid of problem, BUT that is nothing compared to internet explorer becoming un responsive after like 5 minutes of usage, half the time just freezing and the other half just going down, its driving me insane. i have read some other threads and have followed there instructions and am now up to the part were i have to paste my logs, so if anybody can help me it would be much appreciated

(my logs will be in next post)

dlman · Oct 24, 2006

log 1

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:46:01 PM 23/10/2006

+ Scan result:

C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\InstHelp.exe -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\UDC6cw.exe -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\lapv.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\license.rtf -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\pv.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\readme.rtf -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\up.dat -> Adware.DriveCleaner : Ignored.
C:\Documents and Settings\netspan\Local Settings\Temp\temp.fr267E\vbpv.dat -> Adware.DriveCleaner : Ignored.
C:\Program Files\Common Files\DriveCleaner 2006 Free\bak\udcpas.exe -> Adware.DriveCleaner : Ignored.
C:\Program Files\Common Files\DriveCleaner 2006 Free\bak\udcsdr.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005882.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005883.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005884.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005885.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005886.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005887.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005888.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005911.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005912.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005914.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005915.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005916.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005917.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005918.dll -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005921.exe -> Adware.DriveCleaner : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003644.dll -> Adware.Pesttrap : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003645.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003646.dll -> Adware.SearchAssistant : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003640.dll -> Adware.Spysheriff : Ignored.
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP40\A0010148.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP40\A0010149.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\NeroCheck.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\_mzu_stonedrv3.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxvwjqfn.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003639.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003651.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003637.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003656.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003663.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003658.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003653.exe -> Downloader.Small.drh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003652.exe -> Downloader.Small.dul : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003657.exe -> Downloader.Small.dwx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP31\A0005748.exe -> Downloader.Tibs.if : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003635.exe -> Downloader.Tibs.im : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003636.exe -> Downloader.Tibs.im : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bak\_mzu_stonedrv3.exe -> Dropper.Agent.axo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003638.exe -> Not-A-Virus.Hoax.Win32.Renos.fm : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003641.exe -> Not-A-Virus.Hoax.Win32.Renos.fm : Ignored.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003710.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003625.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003650.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003655.exe -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP32\A0005798.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP33\A0005839.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP33\A0005850.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005875.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005880.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0005913.dll -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP34\A0006934.exe -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winD53D.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winED.tmp -> Proxy.Agent.kn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003661.exe -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\image1.gif.exe -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\taskdir.exe_tobedeleted -> Proxy.Lager.dt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\MZU_DRV.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TheMatri1HasYou.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003620.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003654.exe -> Proxy.Xorpix.ao : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win4824.tmp -> Proxy.Xorpix.ar : Cleaned with backup (quarantined).
[232] C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll -> Proxy.Xorpix.ar : Error during cleaning.
C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Vinces's Account\Cookies\vinces's account@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\WINDOWS\system32\dxvwlmlw.exe -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxvwumgb.exe -> Trojan.Agent.nl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP41\A0010196.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003659.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003660.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP29\A0003624.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP41\A0010197.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).

::Report end

dlman · Oct 24, 2006

log 2

Logfile of HijackThis v1.99.1
Scan saved at 5:58:02 PM, on 23/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C24ADC8-C996-6027-7EF4-0649A91B242B} - C:\WINDOWS\System32\gwflnpi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [jstzkpk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jstzkpk.dll,pvbormf
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dmvsvc - C:\WINDOWS\SYSTEM32\dmvsvc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: Rmbgskvo - {D04AD5F8-7AE0-7F52-8A5F-7570B1BB6DCE} - C:\WINDOWS\System32\ky.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

LonnyRJones · Oct 24, 2006

I joined several of your posts, confine your posts to this thread please.

See my suggestion above

dlman · Oct 26, 2006

thanks LonnyRJones for helping me out, here are the posts u asked for:

VG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:32:29 AM 26/10/2006

+ Scan result:

C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP42\A0012307.exe -> Adware.DriveCleaner : No action taken.
C:\System Volume Information\_restore{6606937C-B91A-401C-92FB-2D3514B5A464}\RP42\A0012308.exe -> Adware.DriveCleaner : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@bilbo.counted[1].txt -> TrackingCookie.Counted : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\netspan\Cookies\netspan@zedo[1].txt -> TrackingCookie.Zedo : No action taken.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:34:46 AM, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C24ADC8-C996-6027-7EF4-0649A91B242B} - C:\WINDOWS\System32\gwflnpi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [jstzkpk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jstzkpk.dll,pvbormf
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dmvsvc - C:\WINDOWS\SYSTEM32\dmvsvc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: Rmbgskvo - {D04AD5F8-7AE0-7F52-8A5F-7570B1BB6DCE} - C:\WINDOWS\System32\ky.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

LonnyRJones · Oct 26, 2006

Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {0C24ADC8-C996-6027-7EF4-0649A91B242B} - C:\WINDOWS\System32\gwflnpi.dll
O4 - HKLM\..\Run: [jstzkpk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jstzkpk.dll,pvbormf
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O20 - AppInit_DLLs:
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: Rmbgskvo - {D04AD5F8-7AE0-7F52-8A5F-7570B1BB6DCE} - C:\WINDOWS\System32\ky.dll (file missing)
====================================
Hit fix checked and close Hijackthis. (not to worry about a hijackthis error)

Please download VundoFix.exe
to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\SYSTEM32\dmvsvc.dll

Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on.
Please post the contents of C:\vundofix.txt

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

dlman · Oct 26, 2006

hey LonnyRJones, after i removed vundo, it prompted me to shutdown, i hit yes but my computer didnt actually shutdown it restarted, but here is the contents of vuondofix.txt, and i am about to d/l combofix.exe, i will post that log as soon as its done, thanks again for helping

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 2:43:46 PM 26/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\gwflnpi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gwflnpi.dll
C:\WINDOWS\system32\gwflnpi.dll Has been deleted!

Performing Repairs to the registry.
Done!

dlman · Oct 26, 2006

HERE IS THE FIRST HALF

netspan - 06-10-26 15:19:36.17 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\netspan\My Documents\Program Setups"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users\Documents\Settings

((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))

2006-10-26 14:43 88,576 --a------ C:\VundoFix.exe
2006-10-23 16:33 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-23 16:33 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-23 16:33 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-23 16:33 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-23 16:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-18 12:26 18,772 --a------ C:\WINDOWS\system32\dmvsvc.dll
2006-10-13 23:12 82,432 --a------ C:\WINDOWS\system32\dxvwllth.exe
2006-10-13 22:45 24,576 --a------ C:\WINDOWS\system32\S_SYS95.DLL
2006-10-13 22:45 106,496 --a------ C:\WINDOWS\system32\s_sysNT.dll
2006-10-13 22:44 65,536 --a------ C:\WINDOWS\IFinst27.exe
2006-10-12 11:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-12 11:52 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-12 11:52 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-12 11:52 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2006-10-11 12:11 157,184 --a------ C:\WINDOWS\system32\tzstf.dll
2006-10-11 12:10 94,720 --a------ C:\WINDOWS\system32\jstzkpk.dll
2006-10-07 12:48 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-07 12:48 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-07 12:48 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-07 12:48 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2006-10-07 12:48 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-07 12:48 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-07 12:48 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-07 12:48 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-07 12:48 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-07 12:48 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-07 12:48 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-07 12:48 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-07 12:48 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-07 12:48 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-07 12:48 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2006-10-07 12:48 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-07 12:48 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-07 12:48 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-07 12:48 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-07 12:48 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-07 12:48 2,058,888 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-07 12:48 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-07 12:48 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-07 12:47 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-10-07 12:47 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-07 12:47 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-10-07 12:47 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-10-07 12:47 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-10-07 12:47 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-10-07 12:47 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-07 12:47 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-10-07 12:47 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-10-07 12:47 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-10-07 12:47 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2006-10-07 12:47 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-10-07 12:47 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-10-07 12:47 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-10-07 12:47 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-10-07 12:47 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-10-07 12:47 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-10-07 12:47 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2006-10-07 12:47 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-10-07 12:47 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-10-07 12:47 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-10-07 12:47 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-07 12:47 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-10-07 12:47 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-10-07 12:47 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-10-07 12:47 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-07 12:47 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2006-10-07 12:47 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-10-07 12:47 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-10-07 12:47 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-10-07 12:47 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-10-07 12:47 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-10-07 12:47 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-10-07 12:47 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-10-07 12:47 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-10-07 12:47 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-10-07 12:47 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-10-07 12:47 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-07 12:47 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-10-07 12:47 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-10-07 12:47 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2006-10-07 12:47 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-10-07 12:47 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-10-07 12:47 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-10-07 12:47 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-10-07 12:47 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-07 12:47 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-10-07 12:47 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-10-07 12:47 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-10-07 12:47 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-10-07 12:47 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-10-07 12:47 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-10-07 12:47 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-10-07 12:47 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-10-07 12:47 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2006-10-07 12:47 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-10-07 12:47 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-10-07 12:47 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-07 12:47 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-10-07 12:47 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-10-07 12:47 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-10-07 12:47 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-10-07 12:47 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-10-07 12:47 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2006-10-07 12:47 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2006-10-07 12:47 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-10-07 12:47 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-10-07 12:47 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-10-07 12:47 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-07 12:47 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-10-07 12:47 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-10-07 12:10 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-07 12:10 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-07 12:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-07 12:10 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-07 12:10 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-07 12:10 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-07 12:10 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-07 12:10 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-07 12:09 9,709,568 -ra------ C:\WINDOWS\RTLCPL.EXE
2006-10-07 12:09 86,016 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2006-10-07 12:09 69,632 -ra------ C:\WINDOWS\ALCMTR.EXE
2006-10-07 12:09 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-07 12:09 4,275,712 -ra------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2006-10-07 12:09 364,544 -ra------ C:\WINDOWS\RtlUpd.exe
2006-10-07 12:09 2,879,488 -ra------ C:\WINDOWS\SkyTel.exe
2006-10-07 12:09 2,808,832 -ra------ C:\WINDOWS\ALCWZRD.EXE
2006-10-07 12:09 2,158,592 -ra------ C:\WINDOWS\MicCal.exe
2006-10-07 12:09 16,207,872 -ra------ C:\WINDOWS\RTHDCPL.EXE
2006-10-07 12:08 81,792 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2006-10-04 15:50 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-02 23:32 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-02 23:32 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-02 23:31 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-02 23:31 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-02 23:31 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-02 23:31 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-02 23:31 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-02 23:31 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-02 23:31 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-02 23:31 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-02 23:31 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-02 23:31 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-02 23:31 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-02 23:31 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-02 23:31 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-02 23:31 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-02 23:31 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-02 15:02 44,192 --a------ C:\WINDOWS\system32\drivers\PcdrNt.sys
2006-10-02 15:02 377,600 --a------ C:\WINDOWS\system32\BOCOLE.DLL
2006-10-02 15:02 167,456 --a------ C:\WINDOWS\system32\BOCOF.DLL
2006-10-02 15:02 109,056 --a------ C:\WINDOWS\UNWISE32.EXE
2006-10-02 14:56 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-02 14:56 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2006-10-02 14:55 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-10-02 14:55 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-10-02 14:55 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-10-02 14:55 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-02 14:55 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2006-10-02 14:52 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-02 14:52 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-02 14:52 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-02 14:52 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-02 14:52 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-02 14:52 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-02 14:50 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-10-02 14:50 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-02 14:36 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-10-02 14:27 86,912 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2006-10-02 14:27 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-02 14:27 62,976 --a------ C:\WINDOWS\system32\drivers\pci.sys
2006-10-02 14:27 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2006-10-02 14:27 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2006-10-02 14:27 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2006-10-02 14:27 23,680 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2006-10-02 14:27 19,328 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2006-10-02 14:27 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-02 14:27 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2006-10-02 14:26 21,760 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-02 14:11 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-02 14:11 0 -rahs---- C:\MSDOS.SYS
2006-10-02 14:11 0 -rahs---- C:\IO.SYS
2006-10-02 14:11 0 --a------ C:\CONFIG.SYS
2006-10-02 14:11 0 --a------ C:\AUTOEXEC.BAT
2006-10-02 14:09 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-02 14:09 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-02 14:09 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-02 14:09 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-02 14:09 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-02 14:09 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-02 14:09 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-02 14:09 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-02 14:09 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-02 14:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-02 14:09 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-02 14:09 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-02 14:09 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-02 14:09 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-02 14:09 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-02 14:09 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-02 14:08 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-02 14:08 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-02 14:08 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-02 14:08 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-02 14:08 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-02 14:08 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-02 14:08 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-02 14:08 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-02 14:08 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-02 14:08 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-02 14:08 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-02 14:08 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-02 14:08 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-02 14:08 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-02 14:08 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-02 14:07 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-02 14:07 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll

dlman · Oct 26, 2006

HERE IS THE SECOND HALF

2006-10-02 14:07 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-02 14:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-02 14:07 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-02 14:07 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-02 14:07 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-02 14:07 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-02 14:07 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-02 14:07 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-02 14:07 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-02 14:07 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-02 14:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-02 14:07 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-02 14:07 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-02 14:07 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-02 14:07 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-02 14:07 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-02 14:07 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-02 14:07 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-02 14:07 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-02 14:07 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-02 14:07 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-02 14:07 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-02 14:07 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-02 14:07 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-02 14:07 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-02 14:07 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-02 14:07 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-02 14:07 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-02 14:07 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-02 14:07 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-02 14:07 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-02 14:07 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-02 14:07 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-02 14:07 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-02 14:07 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-02 14:07 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-02 14:07 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-02 14:07 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-02 14:07 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-02 14:07 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-02 14:07 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-02 14:07 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-02 14:07 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-02 14:07 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-02 14:07 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-02 14:07 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-02 14:07 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-02 14:07 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-02 14:07 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-02 14:07 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-02 14:07 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-02 14:07 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-02 14:07 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-02 14:07 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-02 14:07 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-02 14:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-02 14:07 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-02 14:07 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-02 14:07 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-02 14:07 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-02 14:07 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-02 14:07 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-02 14:07 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-02 14:07 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-02 14:07 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-02 14:07 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-02 14:07 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-02 14:07 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-02 14:07 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-02 14:07 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-02 14:07 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-02 14:07 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-02 14:07 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-02 14:07 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-02 14:07 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-02 14:07 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-02 14:07 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-02 14:07 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-02 14:07 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-02 14:07 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-02 14:07 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-02 14:06 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-02 14:06 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-02 14:06 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-26 14:41 -------- d-------- C:\Program Files\Hijackthis
2006-10-24 20:48 -------- d-------- C:\Documents and Settings\netspan\Application Data\uTorrent
2006-10-24 16:25 -------- d-------- C:\Program Files\Ultimate Defender
2006-10-23 17:45 -------- d-------- C:\Program Files\Common Files\DriveCleaner 2006 Free
2006-10-23 16:30 -------- d-------- C:\Program Files\Grisoft
2006-10-22 21:36 -------- d-------- C:\Program Files\BitTorrent
2006-10-22 21:36 -------- d-------- C:\Documents and Settings\netspan\Application Data\BitTorrent
2006-10-21 21:32 -------- d-------- C:\Program Files\SlySoft
2006-10-19 14:38 -------- d---s---- C:\Documents and Settings\netspan\Application Data\Microsoft
2006-10-19 08:28 -------- d-------- C:\Documents and Settings\netspan\Application Data\Ahead
2006-10-16 17:35 -------- d-------- C:\Program Files\Messenger
2006-10-16 12:42 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-16 12:42 -------- d-------- C:\Program Files\Common Files
2006-10-16 12:42 -------- d-------- C:\Documents and Settings\netspan\Application Data\Adobe
2006-10-16 12:41 -------- d-------- C:\Program Files\Adobe
2006-10-15 18:43 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-10-14 20:47 -------- d-------- C:\Documents and Settings\netspan\Application Data\Sun
2006-10-14 03:46 -------- d-------- C:\Program Files\Power Shutdown 4.1
2006-10-12 13:46 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-12 13:46 -------- d-------- C:\Program Files\Cyanide
2006-10-12 13:46 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-11 14:33 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-09 11:10 -------- d-------- C:\Program Files\Elaborate Bytes
2006-10-09 11:10 -------- d-------- C:\Program Files\DVD Decrypter
2006-10-07 19:50 -------- d-------- C:\Documents and Settings\netspan\Application Data\vlc
2006-10-07 17:31 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-07 17:03 -------- d-------- C:\Program Files\The Creative Assembly
2006-10-07 16:47 -------- d-------- C:\Program Files\LimeWire
2006-10-07 16:46 -------- d-------- C:\Program Files\Java
2006-10-07 16:40 -------- d-------- C:\Program Files\Common Files\Java
2006-10-07 16:37 -------- d-------- C:\Program Files\VideoLAN
2006-10-07 16:31 -------- d-------- C:\Program Files\uTorrent
2006-10-07 12:48 -------- d-------- C:\Program Files\Windows Media Player
2006-10-07 12:48 -------- d-------- C:\Program Files\Nero
2006-10-07 12:48 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-07 12:08 -------- d-------- C:\Program Files\Realtek
2006-10-04 16:44 -------- d-------- C:\Program Files\OfficeUpdate11
2006-10-04 16:29 -------- d-------- C:\Program Files\Microsoft Works
2006-10-04 16:29 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-04 15:49 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-04 15:49 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-10-04 15:49 -------- d-------- C:\Program Files\Microsoft Office
2006-10-04 15:49 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-04 15:49 -------- d-------- C:\Program Files\Common Files\System
2006-10-04 15:49 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-02 23:31 62 --ahs---- C:\Documents and Settings\netspan\Application Data\desktop.ini
2006-10-02 23:31 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-02 23:31 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-02 14:58 -------- d-------- C:\Program Files\Lavasoft
2006-10-02 14:58 -------- d-------- C:\Documents and Settings\netspan\Application Data\Lavasoft
2006-10-02 14:52 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-02 14:43 -------- d-------- C:\Documents and Settings\netspan\Application Data\Macromedia
2006-10-02 14:26 -------- d-------- C:\Program Files\Intel
2006-10-02 14:15 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-02 14:15 -------- d-------- C:\Documents and Settings\netspan\Application Data\Identities
2006-10-02 14:11 -------- d-------- C:\Program Files\xerox
2006-10-02 14:11 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-02 14:10 -------- d-------- C:\Program Files\Online Services
2006-10-02 14:10 -------- d-------- C:\Program Files\Movie Maker
2006-10-02 14:10 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 14:09 -------- d-------- C:\Program Files\Outlook Express
2006-10-02 14:09 -------- d-------- C:\Program Files\NetMeeting
2006-10-02 14:09 -------- d-------- C:\Program Files\Common Files\Services
2006-10-02 14:09 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-02 14:08 -------- d-------- C:\Program Files\Windows NT
2006-10-02 14:08 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-02 14:08 -------- d-------- C:\Program Files\MSN
2006-10-02 14:08 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"NWEReboot"=""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ElbyCheckAnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\ElbyCheck.exe\" /L AnyDVD"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmvsvc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-26 15:20:04.75
C:\ComboFix.txt ... 06-10-26 15:20

LonnyRJones · Oct 26, 2006

You need to repeat running vundofix scan then add that file
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\SYSTEM32\dmvsvc.dll

Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on.
Please post the contents of C:\vundofix.txt

Post a new hijackthis log also please

dlman · Oct 26, 2006

i followed your instructons but the same thing happend, my computer didnt shutdown, it just restarted, but noy sure if it helped i waited a few minutes before i loged in, here are the log, thanks

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 9:06:00 PM 26/10/2006

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\dmvsvc.dll
C:\WINDOWS\SYSTEM32\dmvsvc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 9:10:51 PM, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

LonnyRJones · Oct 26, 2006

Uninstall these two programs via addremove programs then delete there prospective folders if still present
C:\Program Files\Common Files\DriveCleaner 2006 Free
C:\Program Files\Ultimate Cleaner

Go start run type in
sc delete MZU_RK
press enter or hit ok

It appears you do not have an antivirus program , why is that ?
There are three to choose from here, install only ONE, update the programs and do a full scan.
http://forums.spybot.info/showthread.php?t=279
Only after that continue >

------------------------------------------------------------------------

You had an infection which replaces legitimate files with infected ones. We need to locate the legitimate backups and restore those...
Please download the following program and save it to your desktop:
http://noahdfear.geekstogo.com/FindAWF.exe
Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.

dlman · Oct 27, 2006

LonnyRJones i installed Zone alarm (hopefully that is one of the 3 u advised), the two programs u told me to delete, i did but they were'nt in the addremove list so i went in and deleted the files manually and then deleted them from the recycle bin, here is the log you requested, once again thankyou

Find AWF report by noahdfear ©2006

21K files found
~~~~~~~~~

21K files found with strings
~~~~~~~~~~~~~~~~

25K files found
~~~~~~~~~

25K files found with strings
~~~~~~~~~~~~~~~~

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

29/08/2002 03:41 AM 13,312 ctfmon.exe
14/10/2006 07:03 AM 82,432 dxvwjqfn.exe
12/01/2006 04:40 PM 155,648 NeroCheck.exe
3 File(s) 251,392 bytes

Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK

01/02/2006 05:45 PM 98,304 NMBgMonitor.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

10/11/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

13312 29 Aug 2002 "C:\WINDOWS\system32\ctfmon.exe"
13312 29 Aug 2002 "C:\WINDOWS\system32\bak\ctfmon.exe"
13312 29 Aug 2002 "C:\WINDOWS\system32\dllcache\ctfmon.exe"
82432 14 Oct 2006 "C:\WINDOWS\system32\bak\dxvwjqfn.exe"
36975 10 Nov 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"

end of report

LonnyRJones · Oct 27, 2006

Why did you uninstall ZA ?
what antivirus program did you install ?

Put this file NeroCheck.exe
C:\WINDOWS\SYSTEM32\ < here
C:\WINDOWS\SYSTEM32\BAK < now that bak folder can be deleted
dont worry about the other two file's in it.
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\BAK
Put this file NMBgMonitor.exe in the Lib folder
then delete the BAK folder
C:\PROGRAM FILES\JAVA\JRE15~1.0_0\BIN\BAK
At that location put jusched.exe where it is supposed to be, in the LIB folder
delete the bak folder

Give me a list of the messenger folders contents ?
C:\Program Files\Messenger

How did all that go ?

dlman · Oct 28, 2006

all that went fine, in regard to d/l zone alert, i was thought that was an anti virus program, now wat program should i d/l and should i keep running zone alert?
here is the contents of C:\Program Files\Messenger that u requested:

bak (folder is empty)
logwin
msgslang.dll
msmsgsin
newemail
rtcimsp.dll
logo
lvback
msgsc.dll
msmsgs
newalert
online
type

thanks LonnyRJones

LonnyRJones · Oct 28, 2006

You can delete that bak folder
Your missing messenger (msmsgs.exe)
Do a file search on your pc to find the latest version, heres an example on my pc.

C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe (1655 KB, 10/13/2004 9:21:24 AM)
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (1477 KB, 8/20/2002 3:08:38 PM)
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe (1629 KB, 8/4/2004 1:56:54 AM)
C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (1629 KB, 8/4/2004 1:56:54 AM)

Take the most recent and copy it to the c:\program files\messenger\ folder
on my pc it would be this one
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe (1655 KB, 10/13/2004 9:21:24 AM)
===============

What security programs do you have now ?
Basicly you should have one antivirus one firewall and several antispyware programs.

Post back with one more hijackthis log please.

dlman · Oct 28, 2006

msmsgs.exe as already in the messanger folder and could not find any others.
the virud programs i have on my pc are
hijackthis
spybot- search and destroy
ad-aware
avg-anti spyware
zone alert

if u think i need more programs, could u plz let me now wat they are and were i can d/l them form and i will d/l them staright away (anything to try and stop viruses or delete them) thankyou
here is the log u requested

Logfile of HijackThis v1.99.1
Scan saved at 6:58:31 PM, on 28/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159764722390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159764778093
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

LonnyRJones · Oct 28, 2006

Ok good, mesengers there, I overlooked it being present in the proper location

Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {612048ce-85d9-412e-ade0-336b2bcc4641} - C:\WINDOWS\system32\dmvsvc.dll (file missing)
====================================
Hit fix checked and close Hijackthis.

Download and Install SpywareBlaster (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html

Download install update and do a full system scan now and once a week or so with avg antivirus
http://free.grisoft.com/doc/2/lng/us/tpl/v

unwanted pop ups & internet explorer becomin unresponsive within 5 min's of usage

New member

Security Expert-Emeritus

New member

New member

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

New member

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus