Slow web browsing, some pages wont load.

ryamac · 2008/01/14

Hi

I have noticed that when i try to load some sites it takes a lot longer than usual, my partner tells me she cant get into facebook and yahoo mail. I started searching for spyware and malware and found a few things, but the problem hasn't been resolved. I have run HJT and removed what i thought shouldn't be there, but im not really sure what should be there. This post seemed like the right one but not exact, should i still follow it? http://www.windowsbbs.com/showthread.php?p=379257

Can anyone help?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:56:40 PM, on 1/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
B:\Downloads\HiJackThis_v2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{834700AF-CCD0-49BD-B95E-E202162FAB61}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E30AA159-E092-4194-8540-2EA37D25FDCE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9022 bytes

Thanks.

noahdfear · 2008/01/14

Welcome to WindowsBBS ryamac

You first need to get an updated version of HijackThis installed, run a scan and save the log. You won't need to post that log however, because next you will run another scanning tool that with gather the required information. That scanner is Deckard's System Scanner, and I'd like for you to post the main.txt log created with it.

Links and instructions for both are here.

ryamac · 2008/01/15

Hi noahdfear, first thanks for picking this up so quickly, this has been driving me up the wall.

Here (i hope) is the main.txt that you are looking for.

Deckard's System Scanner v20071014.68
Run by U R HOME on 2008-01-15 21:22:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 85% (more than 75%).

-- HijackThis (run as U R HOME.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:37 PM, on 1/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Google Earth\googleearth.exe
B:\Downloads\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\URHOME~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{834700AF-CCD0-49BD-B95E-E202162FAB61}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E30AA159-E092-4194-8540-2EA37D25FDCE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8957 bytes

-- Files created between 2007-12-15 and 2008-01-15 -----------------------------

2008-01-14 21:09:06 0 d-------- C:\Program Files (x86)\Trend Micro
2008-01-14 15:16:43 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-01 16:14:13 0 d-------- C:\Program Files (x86)\NoAdware5.0
2007-12-29 21:53:32 0 d-------- C:\Program Files (x86)\Lavasoft
2007-12-29 21:53:31 0 d-------- C:\Users\All Users\Lavasoft
2007-12-22 21:05:30 0 d-------- C:\perflogs
2007-12-21 14:42:56 270336 --a------ C:\Windows\xcvwer.dll <Not Verified; ; xcvwer>
2007-12-21 14:42:56 90112 --a------ C:\Windows\binret.exe
2007-12-21 14:21:17 0 d-------- C:\Program Files (x86)\MediaVideoCodec

-- Find3M Report ---------------------------------------------------------------

2008-01-15 21:21:46 0 d-------- C:\Users\U R HOME\AppData\Roaming\Skype
2008-01-14 22:51:54 12 --a------ C:\Windows\bthservsdp.dat
2008-01-14 21:59:47 9325 --a------ C:\Users\U R HOME\AppData\Roaming\Comma Separated Values (Windows).EML
2008-01-14 16:52:55 0 d-------- C:\Program Files (x86)\SpeedFan
2008-01-13 21:34:22 0 d-------- C:\Users\U R HOME\AppData\Roaming\uTorrent
2007-12-29 21:52:20 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2007-12-13 03:15:10 0 d-------- C:\Program Files (x86)\Windows Mail
2007-12-10 08:47:33 0 d-------- C:\Program Files (x86)\Microsoft Math Add-in for Word 2007
2007-12-10 08:44:54 0 d-------- C:\Program Files (x86)\MSECache
2007-12-10 08:26:52 0 d-------- C:\Users\U R HOME\AppData\Roaming\Image Zone Express
2007-11-28 09:26:48 0 d-------- C:\Program Files (x86)\Qstarz
2007-11-27 15:38:05 0 d-------- C:\Users\U R HOME\AppData\Roaming\Google
2007-11-27 15:36:34 0 d-------- C:\Program Files (x86)\Google
2007-11-27 07:54:46 0 d-------- C:\Program Files (x86)\Microsoft SQL Server
2007-11-26 21:02:41 0 d-------- C:\Program Files (x86)\Wayp2shpGUI
2007-11-26 21:02:19 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-11-26 21:02:18 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-26 16:25:25 0 d-------- C:\Program Files (x86)\gpsdll
2007-11-26 15:49:41 12 --ah----- C:\Windows\MGC-20.DAT
2007-11-26 11:46:38 0 d-------- C:\Program Files (x86)\Common Files\Merge Modules
2007-11-26 11:46:00 0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 8
2007-11-26 09:56:14 0 d-------- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2007-11-26 00:40:21 0 d-------- C:\Program Files (x86)\MSDN
2007-11-26 00:28:09 0 d-------- C:\Program Files (x86)\Microsoft.NET
2007-11-26 00:25:44 0 d-------- C:\Program Files (x86)\Microsoft Device Emulator
2007-11-26 00:25:35 0 d-------- C:\Program Files (x86)\Microsoft SQL Server 2005 Mobile Edition
2007-11-26 00:18:39 0 d-------- C:\Program Files (x86)\HTML Help Workshop
2007-11-26 00:11:52 0 d-------- C:\Program Files (x86)\Common Files\Business Objects
2007-11-26 00:09:57 0 d-------- C:\Program Files (x86)\Common Files
2007-11-26 00:09:57 0 d-------- C:\Program Files (x86)\CE Remote Tools
2007-11-25 23:55:13 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2007-11-25 23:54:54 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2007-11-25 23:39:30 0 d-------- C:\Program Files (x86)\Prolific
2007-11-25 16:28:31 0 d-------- C:\Program Files (x86)\VGPS
2007-11-23 15:09:06 0 d-------- C:\Program Files (x86)\VB Decompiler Lite
2007-11-22 20:38:23 0 d-------- C:\Program Files (x86)\Microsoft
2007-11-22 20:33:09 0 d-------- C:\Program Files (x86)\AGEIA Technologies
2007-11-22 16:31:01 0 d-------- C:\Program Files (x86)\IObit
2007-11-22 14:06:02 0 --a------ C:\Windows\system32\rstrui.exe
2007-11-22 11:03:12 0 d-------- C:\Program Files (x86)\MediaCoder
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmznr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmzhd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxyi.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxvh.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxpr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxpn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxdl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwyx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwkq.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwfj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmvtn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmuwg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmupj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmukx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmufj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtzp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtou.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtko.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsyy.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmswr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmswh.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmstz.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmssq.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsqr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsjt.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrpd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrox.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmris.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrhl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqqp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqox.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqnp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqlo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqhu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpvi.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpud.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpeo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpbo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmown.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmopg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmocx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmnwb.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmxl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmwp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmsm.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmnj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmko.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmbt.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmlut.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmlhw.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkry.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkom.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkfs.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmiyw.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmixg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhxs.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhsz.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhmu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhdc.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhbj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmfzj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmezx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdbd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdan.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdam.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcyu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcxl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcth.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmbfl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmbbx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmarn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmadv.exe
2007-11-06 20:27:16 0 --a------ C:\Windows\nsreg.dat

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-01-15 21:22:50 ------------

Thanks agian.

noahdfear · 2008/01/15

I would like to use a particular tool to do the required cleanup, which has been known to have an undesirable effect on Vista systems. It can disable the Security Center. It's repairable, but it does sometimes take a bit of patience and a few attempts. Let me know if you're willing to use the tool or if you'd prefer to try other methods, which might take a bit longer but should not have that side-effect.

BTW, what version of Vista is that?

ryamac · 2008/01/16

Either method will do. I have no preference, im going to go with what you suggest. Im running Vista Home Premium, and also sometime XP professional (dual boot). Thanks

noahdfear · 2008/01/17

OK ....... lets do it! Download ComboFix by sUBs from here, saving the file to your desktop.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\Windows\xcvwer.dll
C:\Windows\binret.exe
C:\Windows\system32\dmznr.exe
C:\Windows\system32\dmzhd.exe
C:\Windows\system32\dmxyi.exe
C:\Windows\system32\dmxvh.exe
C:\Windows\system32\dmxpr.exe
C:\Windows\system32\dmxpn.exe
C:\Windows\system32\dmxdl.exe
C:\Windows\system32\dmwyx.exe
C:\Windows\system32\dmwkq.exe
C:\Windows\system32\dmwfj.exe
C:\Windows\system32\dmvtn.exe
C:\Windows\system32\dmuwg.exe
C:\Windows\system32\dmupj.exe
C:\Windows\system32\dmukx.exe
C:\Windows\system32\dmufj.exe
C:\Windows\system32\dmtzp.exe
C:\Windows\system32\dmtou.exe
C:\Windows\system32\dmtko.exe
C:\Windows\system32\dmsyy.exe
C:\Windows\system32\dmswr.exe
C:\Windows\system32\dmswh.exe
C:\Windows\system32\dmstz.exe
C:\Windows\system32\dmssq.exe
C:\Windows\system32\dmsqr.exe
C:\Windows\system32\dmsjt.exe
C:\Windows\system32\dmrpd.exe
C:\Windows\system32\dmrox.exe
C:\Windows\system32\dmris.exe
C:\Windows\system32\dmrhl.exe
C:\Windows\system32\dmqqp.exe
C:\Windows\system32\dmqox.exe
C:\Windows\system32\dmqnp.exe
C:\Windows\system32\dmqlo.exe
C:\Windows\system32\dmqhu.exe
C:\Windows\system32\dmpvi.exe
C:\Windows\system32\dmpud.exe
C:\Windows\system32\dmpeo.exe
C:\Windows\system32\dmpbo.exe
C:\Windows\system32\dmown.exe
C:\Windows\system32\dmopg.exe
C:\Windows\system32\dmocx.exe
C:\Windows\system32\dmnwb.exe
C:\Windows\system32\dmmxl.exe
C:\Windows\system32\dmmwp.exe
C:\Windows\system32\dmmsm.exe
C:\Windows\system32\dmmnj.exe
C:\Windows\system32\dmmko.exe
C:\Windows\system32\dmmbt.exe
C:\Windows\system32\dmlut.exe
C:\Windows\system32\dmlhw.exe
C:\Windows\system32\dmkry.exe
C:\Windows\system32\dmkom.exe
C:\Windows\system32\dmkfs.exe
C:\Windows\system32\dmiyw.exe
C:\Windows\system32\dmixg.exe
C:\Windows\system32\dmhxs.exe
C:\Windows\system32\dmhsz.exe
C:\Windows\system32\dmhmu.exe
C:\Windows\system32\dmhdc.exe
C:\Windows\system32\dmhbj.exe
C:\Windows\system32\dmfzj.exe
C:\Windows\system32\dmezx.exe
C:\Windows\system32\dmdbd.exe
C:\Windows\system32\dmdan.exe
C:\Windows\system32\dmdam.exe
C:\Windows\system32\dmcyu.exe
C:\Windows\system32\dmcxl.exe
C:\Windows\system32\dmcth.exe
C:\Windows\system32\dmbfl.exe
C:\Windows\system32\dmbbx.exe
C:\Windows\system32\dmarn.exe
C:\Windows\system32\dmadv.exe
Folder::
C:\Program Files (x86)\MediaVideoCodec
Now, you need to disable UAC. Since this makes the computer more vulnerable, I recommend you physically disconnect it from the internet until UAC is re-enabled. See the following links for how to disable UAC.

http://www.howtogeek.com/howto/wind...nt-control-uac-the-easy-way-on-windows-vista/

http://www.petri.co.il/disable_uac_in_windows_vista.htm

Once you've disable UAC and rebooted the computer, continue as follows.

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Close it for now and re-enable UAC. Reboot for it to take effect and reconnect the internet connection. Post the contents of the ComboFix log located at C:\ComboFix.txt and a new HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

ryamac · 2008/01/19

I cant seem to get Combofix to work. I am running it from the desktop. It opens says it is going to run a scan that should not take longer than 10 min then about a minute later the window disappears and the internet connection is reset. it doesnt give me the option to drag and drop the file into the window. Should i drag and drop while it is doing the scan? I have disabled UAC

noahdfear · 2008/01/19

Do NOT double click on ComboFix.exe ... in other words, you are not supposed to run ComboFix.exe. Just make the CFScript.txt file as directed, then drag it onto ComboFix.exe and drop it. That will cause ComboFix.exe to launch and just follow the prompts from there.

ryamac · 2008/01/19

Hello. I place the CFScript.txt onto the Combofix.exe, It ran and i selected option 1 to continue. it then tried to create a restore point but encountered two errors

"Error saving file
"C:\Windows\erdnt\hiv-backup\software
"Continue to next file */ i selected yes/*
[RegSaveKeyEx:87]

"Error saving file
"C:\Windows\erdnt\hiv-backup\users\00000004\usrclass.dat
"Continue to next file */ i selected yes/*
[RegSaveKeyEx:87]

It then finishes trying to create the restore point, but once the progress bar disappears the Combofix window also closes. I have tried closing all programs including avast, spybot,and side bar.

Thanks

noahdfear · 2008/01/19

Lets try something else. You will need to temporarily disable TeaTimer.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident ".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Reboot.

Now highlight and copy the contents of the code box below.

Code:

attrib -r -h -s C:\Windows\xcvwer.dll
attrib -r -h -s C:\Windows\binret.exe
attrib -r -h -s C:\Windows\system32\dmznr.exe
attrib -r -h -s C:\Windows\system32\dmzhd.exe
attrib -r -h -s C:\Windows\system32\dmxyi.exe
attrib -r -h -s C:\Windows\system32\dmxvh.exe
attrib -r -h -s C:\Windows\system32\dmxpr.exe
attrib -r -h -s C:\Windows\system32\dmxpn.exe
attrib -r -h -s C:\Windows\system32\dmxdl.exe
attrib -r -h -s C:\Windows\system32\dmwyx.exe
attrib -r -h -s C:\Windows\system32\dmwkq.exe
attrib -r -h -s C:\Windows\system32\dmwfj.exe
attrib -r -h -s C:\Windows\system32\dmvtn.exe
attrib -r -h -s C:\Windows\system32\dmuwg.exe
attrib -r -h -s C:\Windows\system32\dmupj.exe
attrib -r -h -s C:\Windows\system32\dmukx.exe
attrib -r -h -s C:\Windows\system32\dmufj.exe
attrib -r -h -s C:\Windows\system32\dmtzp.exe
attrib -r -h -s C:\Windows\system32\dmtou.exe
attrib -r -h -s C:\Windows\system32\dmtko.exe
attrib -r -h -s C:\Windows\system32\dmsyy.exe
attrib -r -h -s C:\Windows\system32\dmswr.exe
attrib -r -h -s C:\Windows\system32\dmswh.exe
attrib -r -h -s C:\Windows\system32\dmstz.exe
attrib -r -h -s C:\Windows\system32\dmssq.exe
attrib -r -h -s C:\Windows\system32\dmsqr.exe
attrib -r -h -s C:\Windows\system32\dmsjt.exe
attrib -r -h -s C:\Windows\system32\dmrpd.exe
attrib -r -h -s C:\Windows\system32\dmrox.exe
attrib -r -h -s C:\Windows\system32\dmris.exe
attrib -r -h -s C:\Windows\system32\dmrhl.exe
attrib -r -h -s C:\Windows\system32\dmqqp.exe
attrib -r -h -s C:\Windows\system32\dmqox.exe
attrib -r -h -s C:\Windows\system32\dmqnp.exe
attrib -r -h -s C:\Windows\system32\dmqlo.exe
attrib -r -h -s C:\Windows\system32\dmqhu.exe
attrib -r -h -s C:\Windows\system32\dmpvi.exe
attrib -r -h -s C:\Windows\system32\dmpud.exe
attrib -r -h -s C:\Windows\system32\dmpeo.exe
attrib -r -h -s C:\Windows\system32\dmpbo.exe
attrib -r -h -s C:\Windows\system32\dmown.exe
attrib -r -h -s C:\Windows\system32\dmopg.exe
attrib -r -h -s C:\Windows\system32\dmocx.exe
attrib -r -h -s C:\Windows\system32\dmnwb.exe
attrib -r -h -s C:\Windows\system32\dmmxl.exe
attrib -r -h -s C:\Windows\system32\dmmwp.exe
attrib -r -h -s C:\Windows\system32\dmmsm.exe
attrib -r -h -s C:\Windows\system32\dmmnj.exe
attrib -r -h -s C:\Windows\system32\dmmko.exe
attrib -r -h -s C:\Windows\system32\dmmbt.exe
attrib -r -h -s C:\Windows\system32\dmlut.exe
attrib -r -h -s C:\Windows\system32\dmlhw.exe
attrib -r -h -s C:\Windows\system32\dmkry.exe
attrib -r -h -s C:\Windows\system32\dmkom.exe
attrib -r -h -s C:\Windows\system32\dmkfs.exe
attrib -r -h -s C:\Windows\system32\dmiyw.exe
attrib -r -h -s C:\Windows\system32\dmixg.exe
attrib -r -h -s C:\Windows\system32\dmhxs.exe
attrib -r -h -s C:\Windows\system32\dmhsz.exe
attrib -r -h -s C:\Windows\system32\dmhmu.exe
attrib -r -h -s C:\Windows\system32\dmhdc.exe
attrib -r -h -s C:\Windows\system32\dmhbj.exe
attrib -r -h -s C:\Windows\system32\dmfzj.exe
attrib -r -h -s C:\Windows\system32\dmezx.exe
attrib -r -h -s C:\Windows\system32\dmdbd.exe
attrib -r -h -s C:\Windows\system32\dmdan.exe
attrib -r -h -s C:\Windows\system32\dmdam.exe
attrib -r -h -s C:\Windows\system32\dmcyu.exe
attrib -r -h -s C:\Windows\system32\dmcxl.exe
attrib -r -h -s C:\Windows\system32\dmcth.exe
attrib -r -h -s C:\Windows\system32\dmbfl.exe
attrib -r -h -s C:\Windows\system32\dmbbx.exe
attrib -r -h -s C:\Windows\system32\dmarn.exe
attrib -r -h -s C:\Windows\system32\dmadv.exe
attrib -r -h -s C:\Program Files (x86)\MediaVideoCodec
del /q C:\Windows\xcvwer.dll
del /q C:\Windows\binret.exe
del /q C:\Windows\system32\dmznr.exe
del /q C:\Windows\system32\dmzhd.exe
del /q C:\Windows\system32\dmxyi.exe
del /q C:\Windows\system32\dmxvh.exe
del /q C:\Windows\system32\dmxpr.exe
del /q C:\Windows\system32\dmxpn.exe
del /q C:\Windows\system32\dmxdl.exe
del /q C:\Windows\system32\dmwyx.exe
del /q C:\Windows\system32\dmwkq.exe
del /q C:\Windows\system32\dmwfj.exe
del /q C:\Windows\system32\dmvtn.exe
del /q C:\Windows\system32\dmuwg.exe
del /q C:\Windows\system32\dmupj.exe
del /q C:\Windows\system32\dmukx.exe
del /q C:\Windows\system32\dmufj.exe
del /q C:\Windows\system32\dmtzp.exe
del /q C:\Windows\system32\dmtou.exe
del /q C:\Windows\system32\dmtko.exe
del /q C:\Windows\system32\dmsyy.exe
del /q C:\Windows\system32\dmswr.exe
del /q C:\Windows\system32\dmswh.exe
del /q C:\Windows\system32\dmstz.exe
del /q C:\Windows\system32\dmssq.exe
del /q C:\Windows\system32\dmsqr.exe
del /q C:\Windows\system32\dmsjt.exe
del /q C:\Windows\system32\dmrpd.exe
del /q C:\Windows\system32\dmrox.exe
del /q C:\Windows\system32\dmris.exe
del /q C:\Windows\system32\dmrhl.exe
del /q C:\Windows\system32\dmqqp.exe
del /q C:\Windows\system32\dmqox.exe
del /q C:\Windows\system32\dmqnp.exe
del /q C:\Windows\system32\dmqlo.exe
del /q C:\Windows\system32\dmqhu.exe
del /q C:\Windows\system32\dmpvi.exe
del /q C:\Windows\system32\dmpud.exe
del /q C:\Windows\system32\dmpeo.exe
del /q C:\Windows\system32\dmpbo.exe
del /q C:\Windows\system32\dmown.exe
del /q C:\Windows\system32\dmopg.exe
del /q C:\Windows\system32\dmocx.exe
del /q C:\Windows\system32\dmnwb.exe
del /q C:\Windows\system32\dmmxl.exe
del /q C:\Windows\system32\dmmwp.exe
del /q C:\Windows\system32\dmmsm.exe
del /q C:\Windows\system32\dmmnj.exe
del /q C:\Windows\system32\dmmko.exe
del /q C:\Windows\system32\dmmbt.exe
del /q C:\Windows\system32\dmlut.exe
del /q C:\Windows\system32\dmlhw.exe
del /q C:\Windows\system32\dmkry.exe
del /q C:\Windows\system32\dmkom.exe
del /q C:\Windows\system32\dmkfs.exe
del /q C:\Windows\system32\dmiyw.exe
del /q C:\Windows\system32\dmixg.exe
del /q C:\Windows\system32\dmhxs.exe
del /q C:\Windows\system32\dmhsz.exe
del /q C:\Windows\system32\dmhmu.exe
del /q C:\Windows\system32\dmhdc.exe
del /q C:\Windows\system32\dmhbj.exe
del /q C:\Windows\system32\dmfzj.exe
del /q C:\Windows\system32\dmezx.exe
del /q C:\Windows\system32\dmdbd.exe
del /q C:\Windows\system32\dmdan.exe
del /q C:\Windows\system32\dmdam.exe
del /q C:\Windows\system32\dmcyu.exe
del /q C:\Windows\system32\dmcxl.exe
del /q C:\Windows\system32\dmcth.exe
del /q C:\Windows\system32\dmbfl.exe
del /q C:\Windows\system32\dmbbx.exe
del /q C:\Windows\system32\dmarn.exe
del /q C:\Windows\system32\dmadv.exe
del /q   "C:\Program Files (x86)\MediaVideoCodec\*.* "
rmdir   "C:\Program Files (x86)\MediaVideoCodec "
exit
cls

Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select Paste. The command window should close on it's own.

Reboot and run a new Deckard's scan, then post the log here. You can also re-enable TeaTimer and UAC.

ryamac · 2008/01/20

Here is the report. It all ran smoothly. Still only able to load some web pages. Thanks for writing out all those commands.

Deckard's System Scanner v20071014.68
Run by U R HOME on 2008-01-21 15:53:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as U R HOME.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53, on 2008-01-21
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
B:\Downloads\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\URHOME~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{834700AF-CCD0-49BD-B95E-E202162FAB61}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E30AA159-E092-4194-8540-2EA37D25FDCE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8531 bytes

-- Files created between 2007-12-21 and 2008-01-21 -----------------------------

2008-01-14 21:09:06 0 d-------- C:\Program Files (x86)\Trend Micro
2008-01-14 15:16:43 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-01 16:14:13 0 d-------- C:\Program Files (x86)\NoAdware5.0
2007-12-29 21:53:32 0 d-------- C:\Program Files (x86)\Lavasoft
2007-12-29 21:53:31 0 d-------- C:\Users\All Users\Lavasoft
2007-12-22 21:05:30 0 d-------- C:\perflogs

-- Find3M Report ---------------------------------------------------------------

2008-01-21 15:50:35 0 d-------- C:\Users\U R HOME\AppData\Roaming\Skype
2008-01-21 15:46:10 12 --a------ C:\Windows\bthservsdp.dat
2008-01-14 21:59:47 9325 --a------ C:\Users\U R HOME\AppData\Roaming\Comma Separated Values (Windows).EML
2008-01-14 16:52:55 0 d-------- C:\Program Files (x86)\SpeedFan
2008-01-13 21:34:22 0 d-------- C:\Users\U R HOME\AppData\Roaming\uTorrent
2007-12-29 21:52:20 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2007-12-13 03:15:10 0 d-------- C:\Program Files (x86)\Windows Mail
2007-12-10 08:47:33 0 d-------- C:\Program Files (x86)\Microsoft Math Add-in for Word 2007
2007-12-10 08:44:54 0 d-------- C:\Program Files (x86)\MSECache
2007-12-10 08:26:52 0 d-------- C:\Users\U R HOME\AppData\Roaming\Image Zone Express
2007-11-28 09:26:48 0 d-------- C:\Program Files (x86)\Qstarz
2007-11-27 15:38:05 0 d-------- C:\Users\U R HOME\AppData\Roaming\Google
2007-11-27 15:36:34 0 d-------- C:\Program Files (x86)\Google
2007-11-27 07:54:46 0 d-------- C:\Program Files (x86)\Microsoft SQL Server
2007-11-26 21:02:41 0 d-------- C:\Program Files (x86)\Wayp2shpGUI
2007-11-26 21:02:19 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-11-26 21:02:18 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-26 16:25:25 0 d-------- C:\Program Files (x86)\gpsdll
2007-11-26 15:49:41 12 --ah----- C:\Windows\MGC-20.DAT
2007-11-26 11:46:38 0 d-------- C:\Program Files (x86)\Common Files\Merge Modules
2007-11-26 11:46:00 0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 8
2007-11-26 09:56:14 0 d-------- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2007-11-26 00:40:21 0 d-------- C:\Program Files (x86)\MSDN
2007-11-26 00:28:09 0 d-------- C:\Program Files (x86)\Microsoft.NET
2007-11-26 00:25:44 0 d-------- C:\Program Files (x86)\Microsoft Device Emulator
2007-11-26 00:25:35 0 d-------- C:\Program Files (x86)\Microsoft SQL Server 2005 Mobile Edition
2007-11-26 00:18:39 0 d-------- C:\Program Files (x86)\HTML Help Workshop
2007-11-26 00:11:52 0 d-------- C:\Program Files (x86)\Common Files\Business Objects
2007-11-26 00:09:57 0 d-------- C:\Program Files (x86)\Common Files
2007-11-26 00:09:57 0 d-------- C:\Program Files (x86)\CE Remote Tools
2007-11-25 23:55:13 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2007-11-25 23:54:54 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2007-11-25 23:39:30 0 d-------- C:\Program Files (x86)\Prolific
2007-11-25 16:28:31 0 d-------- C:\Program Files (x86)\VGPS
2007-11-23 15:09:06 0 d-------- C:\Program Files (x86)\VB Decompiler Lite
2007-11-22 20:38:23 0 d-------- C:\Program Files (x86)\Microsoft
2007-11-22 20:33:09 0 d-------- C:\Program Files (x86)\AGEIA Technologies
2007-11-22 16:31:01 0 d-------- C:\Program Files (x86)\IObit
2007-11-22 14:06:02 0 --a------ C:\Windows\system32\rstrui.exe
2007-11-22 11:03:12 0 d-------- C:\Program Files (x86)\MediaCoder
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmznr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmzhd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxyi.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxvh.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxpr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxpn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxdl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwyx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwkq.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwfj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmvtn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmuwg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmupj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmukx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmufj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtzp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtou.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtko.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsyy.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmswr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmswh.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmstz.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmssq.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsqr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsjt.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrpd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrox.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmris.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrhl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqqp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqox.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqnp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqlo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqhu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpvi.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpud.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpeo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpbo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmown.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmopg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmocx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmnwb.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmxl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmwp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmsm.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmnj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmko.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmbt.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmlut.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmlhw.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkry.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkom.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkfs.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmiyw.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmixg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhxs.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhsz.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhmu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhdc.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhbj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmfzj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmezx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdbd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdan.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdam.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcyu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcxl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcth.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmbfl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmbbx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmarn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmadv.exe
2007-11-06 20:27:16 0 --a------ C:\Windows\nsreg.dat

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-01-21 15:53:21 ------------

noahdfear · 2008/01/21

Nothing was removed. Did you have UAC and TeaTimer both disabled when you completed my last set of instructions? If not, please redo with both disabled then post a new dss log.

ryamac · 2008/01/21

I had both tea timer and uac disabled. I removed exit and clear screen from those commands and found that the system is saying, "file not found" or "Could not find" for all of those commands. Have they already been removed?

ryamac · 2008/01/21

here is the new scan no change

Deckard's System Scanner v20071014.68
Run by U R HOME on 2008-01-22 06:23:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as U R HOME.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:23, on 2008-01-22
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~2\MOZILL~1\FIREFOX.EXE
B:\Downloads\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\URHOME~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{834700AF-CCD0-49BD-B95E-E202162FAB61}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E30AA159-E092-4194-8540-2EA37D25FDCE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8432 bytes

-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-14 21:09:06 0 d-------- C:\Program Files (x86)\Trend Micro
2008-01-14 15:16:43 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-01 16:14:13 0 d-------- C:\Program Files (x86)\NoAdware5.0
2007-12-29 21:53:32 0 d-------- C:\Program Files (x86)\Lavasoft
2007-12-29 21:53:31 0 d-------- C:\Users\All Users\Lavasoft
2007-12-22 21:05:30 0 d-------- C:\perflogs

-- Find3M Report ---------------------------------------------------------------

2008-01-22 06:07:21 0 d-------- C:\Users\U R HOME\AppData\Roaming\Skype
2008-01-21 21:31:58 12 --a------ C:\Windows\bthservsdp.dat
2008-01-14 21:59:47 9325 --a------ C:\Users\U R HOME\AppData\Roaming\Comma Separated Values (Windows).EML
2008-01-14 16:52:55 0 d-------- C:\Program Files (x86)\SpeedFan
2008-01-13 21:34:22 0 d-------- C:\Users\U R HOME\AppData\Roaming\uTorrent
2007-12-29 21:52:20 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2007-12-13 03:15:10 0 d-------- C:\Program Files (x86)\Windows Mail
2007-12-10 08:47:33 0 d-------- C:\Program Files (x86)\Microsoft Math Add-in for Word 2007
2007-12-10 08:44:54 0 d-------- C:\Program Files (x86)\MSECache
2007-12-10 08:26:52 0 d-------- C:\Users\U R HOME\AppData\Roaming\Image Zone Express
2007-11-28 09:26:48 0 d-------- C:\Program Files (x86)\Qstarz
2007-11-27 15:38:05 0 d-------- C:\Users\U R HOME\AppData\Roaming\Google
2007-11-27 15:36:34 0 d-------- C:\Program Files (x86)\Google
2007-11-27 07:54:46 0 d-------- C:\Program Files (x86)\Microsoft SQL Server
2007-11-26 21:02:41 0 d-------- C:\Program Files (x86)\Wayp2shpGUI
2007-11-26 21:02:19 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-11-26 21:02:18 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-26 16:25:25 0 d-------- C:\Program Files (x86)\gpsdll
2007-11-26 15:49:41 12 --ah----- C:\Windows\MGC-20.DAT
2007-11-26 11:46:38 0 d-------- C:\Program Files (x86)\Common Files\Merge Modules
2007-11-26 11:46:00 0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 8
2007-11-26 09:56:14 0 d-------- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2007-11-26 00:40:21 0 d-------- C:\Program Files (x86)\MSDN
2007-11-26 00:28:09 0 d-------- C:\Program Files (x86)\Microsoft.NET
2007-11-26 00:25:44 0 d-------- C:\Program Files (x86)\Microsoft Device Emulator
2007-11-26 00:25:35 0 d-------- C:\Program Files (x86)\Microsoft SQL Server 2005 Mobile Edition
2007-11-26 00:18:39 0 d-------- C:\Program Files (x86)\HTML Help Workshop
2007-11-26 00:11:52 0 d-------- C:\Program Files (x86)\Common Files\Business Objects
2007-11-26 00:09:57 0 d-------- C:\Program Files (x86)\Common Files
2007-11-26 00:09:57 0 d-------- C:\Program Files (x86)\CE Remote Tools
2007-11-25 23:55:13 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2007-11-25 23:54:54 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2007-11-25 23:39:30 0 d-------- C:\Program Files (x86)\Prolific
2007-11-25 16:28:31 0 d-------- C:\Program Files (x86)\VGPS
2007-11-23 15:09:06 0 d-------- C:\Program Files (x86)\VB Decompiler Lite
2007-11-22 20:38:23 0 d-------- C:\Program Files (x86)\Microsoft
2007-11-22 20:33:09 0 d-------- C:\Program Files (x86)\AGEIA Technologies
2007-11-22 16:31:01 0 d-------- C:\Program Files (x86)\IObit
2007-11-22 14:06:02 0 --a------ C:\Windows\system32\rstrui.exe
2007-11-22 11:03:12 0 d-------- C:\Program Files (x86)\MediaCoder
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmznr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmzhd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxyi.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxvh.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxpr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxpn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmxdl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwyx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwkq.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmwfj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmvtn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmuwg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmupj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmukx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmufj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtzp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtou.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmtko.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsyy.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmswr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmswh.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmstz.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmssq.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsqr.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmsjt.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrpd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrox.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmris.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmrhl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqqp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqox.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqnp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqlo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmqhu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpvi.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpud.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpeo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmpbo.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmown.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmopg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmocx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmnwb.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmxl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmwp.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmsm.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmnj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmko.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmmbt.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmlut.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmlhw.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkry.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkom.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmkfs.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmiyw.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmixg.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhxs.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhsz.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhmu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhdc.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmhbj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmfzj.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmezx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdbd.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdan.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmdam.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcyu.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcxl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmcth.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmbfl.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmbbx.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmarn.exe
2007-11-15 00:06:08 68664 --a------ C:\Windows\system32\dmadv.exe
2007-11-06 20:27:16 0 --a------ C:\Windows\nsreg.dat

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-01-22 06:23:21 ------------

noahdfear · 2008/01/21

Lets try another method. Please download OTMoveIt2 by OldTimer and save it to your desktop.

Right click on OTMoveit2.exe and select 'Run as Administrator'

Highlight and copy the contents of the code box below

Code:

C:\Windows\xcvwer.dll
C:\Windows\binret.exe
C:\Windows\system32\dmznr.exe
C:\Windows\system32\dmzhd.exe
C:\Windows\system32\dmxyi.exe
C:\Windows\system32\dmxvh.exe
C:\Windows\system32\dmxpr.exe
C:\Windows\system32\dmxpn.exe
C:\Windows\system32\dmxdl.exe
C:\Windows\system32\dmwyx.exe
C:\Windows\system32\dmwkq.exe
C:\Windows\system32\dmwfj.exe
C:\Windows\system32\dmvtn.exe
C:\Windows\system32\dmuwg.exe
C:\Windows\system32\dmupj.exe
C:\Windows\system32\dmukx.exe
C:\Windows\system32\dmufj.exe
C:\Windows\system32\dmtzp.exe
C:\Windows\system32\dmtou.exe
C:\Windows\system32\dmtko.exe
C:\Windows\system32\dmsyy.exe
C:\Windows\system32\dmswr.exe
C:\Windows\system32\dmswh.exe
C:\Windows\system32\dmstz.exe
C:\Windows\system32\dmssq.exe
C:\Windows\system32\dmsqr.exe
C:\Windows\system32\dmsjt.exe
C:\Windows\system32\dmrpd.exe
C:\Windows\system32\dmrox.exe
C:\Windows\system32\dmris.exe
C:\Windows\system32\dmrhl.exe
C:\Windows\system32\dmqqp.exe
C:\Windows\system32\dmqox.exe
C:\Windows\system32\dmqnp.exe
C:\Windows\system32\dmqlo.exe
C:\Windows\system32\dmqhu.exe
C:\Windows\system32\dmpvi.exe
C:\Windows\system32\dmpud.exe
C:\Windows\system32\dmpeo.exe
C:\Windows\system32\dmpbo.exe
C:\Windows\system32\dmown.exe
C:\Windows\system32\dmopg.exe
C:\Windows\system32\dmocx.exe
C:\Windows\system32\dmnwb.exe
C:\Windows\system32\dmmxl.exe
C:\Windows\system32\dmmwp.exe
C:\Windows\system32\dmmsm.exe
C:\Windows\system32\dmmnj.exe
C:\Windows\system32\dmmko.exe
C:\Windows\system32\dmmbt.exe
C:\Windows\system32\dmlut.exe
C:\Windows\system32\dmlhw.exe
C:\Windows\system32\dmkry.exe
C:\Windows\system32\dmkom.exe
C:\Windows\system32\dmkfs.exe
C:\Windows\system32\dmiyw.exe
C:\Windows\system32\dmixg.exe
C:\Windows\system32\dmhxs.exe
C:\Windows\system32\dmhsz.exe
C:\Windows\system32\dmhmu.exe
C:\Windows\system32\dmhdc.exe
C:\Windows\system32\dmhbj.exe
C:\Windows\system32\dmfzj.exe
C:\Windows\system32\dmezx.exe
C:\Windows\system32\dmdbd.exe
C:\Windows\system32\dmdan.exe
C:\Windows\system32\dmdam.exe
C:\Windows\system32\dmcyu.exe
C:\Windows\system32\dmcxl.exe
C:\Windows\system32\dmcth.exe
C:\Windows\system32\dmbfl.exe
C:\Windows\system32\dmbbx.exe
C:\Windows\system32\dmarn.exe
C:\Windows\system32\dmadv.exe

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved " window and select Paste
Click the red Moveit! button
A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

ryamac · 2008/01/21

Hello agian.

Here is the log from OTMoveIt. It did not ask me to reboot. I also ran decards and the log is below. The file that are below are they know malware? And what other havoc have they caused? Im asking this because before i started this thread i noticed that the task manager had been disabled in the registry and i had to manually reset it before i could open the task manager. I have also noticed that windows can no longer update itself (found that out today) , as well as abobe acrobat reader, but avast can. What else have these things done to my OS?

File/Folder C:\Windows\xcvwer.dll not found.
File/Folder C:\Windows\binret.exe not found.
C:\Windows\system32\dmznr.exe moved successfully.
C:\Windows\system32\dmzhd.exe moved successfully.
C:\Windows\system32\dmxyi.exe moved successfully.
C:\Windows\system32\dmxvh.exe moved successfully.
C:\Windows\system32\dmxpr.exe moved successfully.
C:\Windows\system32\dmxpn.exe moved successfully.
C:\Windows\system32\dmxdl.exe moved successfully.
C:\Windows\system32\dmwyx.exe moved successfully.
C:\Windows\system32\dmwkq.exe moved successfully.
C:\Windows\system32\dmwfj.exe moved successfully.
C:\Windows\system32\dmvtn.exe moved successfully.
C:\Windows\system32\dmuwg.exe moved successfully.
C:\Windows\system32\dmupj.exe moved successfully.
C:\Windows\system32\dmukx.exe moved successfully.
C:\Windows\system32\dmufj.exe moved successfully.
C:\Windows\system32\dmtzp.exe moved successfully.
C:\Windows\system32\dmtou.exe moved successfully.
C:\Windows\system32\dmtko.exe moved successfully.
C:\Windows\system32\dmsyy.exe moved successfully.
C:\Windows\system32\dmswr.exe moved successfully.
C:\Windows\system32\dmswh.exe moved successfully.
C:\Windows\system32\dmstz.exe moved successfully.
C:\Windows\system32\dmssq.exe moved successfully.
C:\Windows\system32\dmsqr.exe moved successfully.
C:\Windows\system32\dmsjt.exe moved successfully.
C:\Windows\system32\dmrpd.exe moved successfully.
C:\Windows\system32\dmrox.exe moved successfully.
C:\Windows\system32\dmris.exe moved successfully.
C:\Windows\system32\dmrhl.exe moved successfully.
C:\Windows\system32\dmqqp.exe moved successfully.
C:\Windows\system32\dmqox.exe moved successfully.
C:\Windows\system32\dmqnp.exe moved successfully.
C:\Windows\system32\dmqlo.exe moved successfully.
C:\Windows\system32\dmqhu.exe moved successfully.
C:\Windows\system32\dmpvi.exe moved successfully.
C:\Windows\system32\dmpud.exe moved successfully.
C:\Windows\system32\dmpeo.exe moved successfully.
C:\Windows\system32\dmpbo.exe moved successfully.
C:\Windows\system32\dmown.exe moved successfully.
C:\Windows\system32\dmopg.exe moved successfully.
C:\Windows\system32\dmocx.exe moved successfully.
C:\Windows\system32\dmnwb.exe moved successfully.
C:\Windows\system32\dmmxl.exe moved successfully.
C:\Windows\system32\dmmwp.exe moved successfully.
C:\Windows\system32\dmmsm.exe moved successfully.
C:\Windows\system32\dmmnj.exe moved successfully.
C:\Windows\system32\dmmko.exe moved successfully.
C:\Windows\system32\dmmbt.exe moved successfully.
C:\Windows\system32\dmlut.exe moved successfully.
C:\Windows\system32\dmlhw.exe moved successfully.
C:\Windows\system32\dmkry.exe moved successfully.
C:\Windows\system32\dmkom.exe moved successfully.
C:\Windows\system32\dmkfs.exe moved successfully.
C:\Windows\system32\dmiyw.exe moved successfully.
C:\Windows\system32\dmixg.exe moved successfully.
C:\Windows\system32\dmhxs.exe moved successfully.
C:\Windows\system32\dmhsz.exe moved successfully.
C:\Windows\system32\dmhmu.exe moved successfully.
C:\Windows\system32\dmhdc.exe moved successfully.
C:\Windows\system32\dmhbj.exe moved successfully.
C:\Windows\system32\dmfzj.exe moved successfully.
C:\Windows\system32\dmezx.exe moved successfully.
C:\Windows\system32\dmdbd.exe moved successfully.
C:\Windows\system32\dmdan.exe moved successfully.
C:\Windows\system32\dmdam.exe moved successfully.
C:\Windows\system32\dmcyu.exe moved successfully.
C:\Windows\system32\dmcxl.exe moved successfully.
C:\Windows\system32\dmcth.exe moved successfully.
C:\Windows\system32\dmbfl.exe moved successfully.
C:\Windows\system32\dmbbx.exe moved successfully.
C:\Windows\system32\dmarn.exe moved successfully.
C:\Windows\system32\dmadv.exe moved successfully.

OTMoveIt2 v1.0.12 log created on 01222008_161620

/*************************************************/

Deckard's System Scanner v20071014.68
Run by U R HOME on 2008-01-22 16:19:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as U R HOME.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19, on 2008-01-22
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\U R HOME\Desktop\OTMoveIt2.exe
C:\Users\U R HOME\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\URHOME~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
O4 - HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{834700AF-CCD0-49BD-B95E-E202162FAB61}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E30AA159-E092-4194-8540-2EA37D25FDCE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8523 bytes

-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-14 21:09:06 0 d-------- C:\Program Files (x86)\Trend Micro
2008-01-14 15:16:43 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-01 16:14:13 0 d-------- C:\Program Files (x86)\NoAdware5.0
2007-12-29 21:53:32 0 d-------- C:\Program Files (x86)\Lavasoft
2007-12-29 21:53:31 0 d-------- C:\Users\All Users\Lavasoft
2007-12-22 21:05:30 0 d-------- C:\perflogs

-- Find3M Report ---------------------------------------------------------------

2008-01-22 16:08:50 0 d-------- C:\Users\U R HOME\AppData\Roaming\Skype
2008-01-22 07:48:44 12 --a------ C:\Windows\bthservsdp.dat
2008-01-14 21:59:47 9325 --a------ C:\Users\U R HOME\AppData\Roaming\Comma Separated Values (Windows).EML
2008-01-14 16:52:55 0 d-------- C:\Program Files (x86)\SpeedFan
2008-01-13 21:34:22 0 d-------- C:\Users\U R HOME\AppData\Roaming\uTorrent
2007-12-29 21:52:20 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2007-12-13 03:15:10 0 d-------- C:\Program Files (x86)\Windows Mail
2007-12-10 08:47:33 0 d-------- C:\Program Files (x86)\Microsoft Math Add-in for Word 2007
2007-12-10 08:44:54 0 d-------- C:\Program Files (x86)\MSECache
2007-12-10 08:26:52 0 d-------- C:\Users\U R HOME\AppData\Roaming\Image Zone Express
2007-11-28 09:26:48 0 d-------- C:\Program Files (x86)\Qstarz
2007-11-27 15:38:05 0 d-------- C:\Users\U R HOME\AppData\Roaming\Google
2007-11-27 15:36:34 0 d-------- C:\Program Files (x86)\Google
2007-11-27 07:54:46 0 d-------- C:\Program Files (x86)\Microsoft SQL Server
2007-11-26 21:02:41 0 d-------- C:\Program Files (x86)\Wayp2shpGUI
2007-11-26 21:02:19 286720 -----n--- C:\Windows\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-11-26 21:02:18 73216 --a------ C:\Windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-26 16:25:25 0 d-------- C:\Program Files (x86)\gpsdll
2007-11-26 15:49:41 12 --ah----- C:\Windows\MGC-20.DAT
2007-11-26 11:46:38 0 d-------- C:\Program Files (x86)\Common Files\Merge Modules
2007-11-26 11:46:00 0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 8
2007-11-26 09:56:14 0 d-------- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2007-11-26 00:40:21 0 d-------- C:\Program Files (x86)\MSDN
2007-11-26 00:28:09 0 d-------- C:\Program Files (x86)\Microsoft.NET
2007-11-26 00:25:44 0 d-------- C:\Program Files (x86)\Microsoft Device Emulator
2007-11-26 00:25:35 0 d-------- C:\Program Files (x86)\Microsoft SQL Server 2005 Mobile Edition
2007-11-26 00:18:39 0 d-------- C:\Program Files (x86)\HTML Help Workshop
2007-11-26 00:11:52 0 d-------- C:\Program Files (x86)\Common Files\Business Objects
2007-11-26 00:09:57 0 d-------- C:\Program Files (x86)\Common Files
2007-11-26 00:09:57 0 d-------- C:\Program Files (x86)\CE Remote Tools
2007-11-25 23:55:13 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2007-11-25 23:54:54 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2007-11-25 23:39:30 0 d-------- C:\Program Files (x86)\Prolific
2007-11-25 16:28:31 0 d-------- C:\Program Files (x86)\VGPS
2007-11-23 15:09:06 0 d-------- C:\Program Files (x86)\VB Decompiler Lite
2007-11-22 20:38:23 0 d-------- C:\Program Files (x86)\Microsoft
2007-11-22 20:33:09 0 d-------- C:\Program Files (x86)\AGEIA Technologies
2007-11-22 16:31:01 0 d-------- C:\Program Files (x86)\IObit
2007-11-22 14:06:02 0 --a------ C:\Windows\system32\rstrui.exe
2007-11-22 11:03:12 0 d-------- C:\Program Files (x86)\MediaCoder
2007-11-06 20:27:16 0 --a------ C:\Windows\nsreg.dat

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-01-22 16:19:23 ------------

noahdfear · 2008/01/21

binret.exe and xcvwer.dll are known malware. All of those dm???.exe files, being of same size and date, follow a pattern of known malware, though I didn't google each one to find a known match so I cannot say for sure which family of malware they belong to.

Lets see if we can get an online scan to check for anything else that might be lurking about. Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC now button

A new window will open...click the Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

Select the appropriate Yes or No to receiving marketing information

Click the Free Online Scan button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, click on My Computer to start the scan

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HijackThis log.

Let me know if you notice anything else not working properly.

ryamac · 2008/01/21

You know how i was saying that some pages dont load well panda is one of them would you like me to try another?

ryamac · 2008/01/21

And i cant load trend micro either

noahdfear · 2008/01/21

Try Kaspersky

Please do an online scan with Kaspersky WebScanner

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html (link for US and others not listed below)
http://www.kaspersky.com.au/online-scanner/# (Australian link)
http://www.kaspersky.co.uk/virusscanner (UK link)

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log

Log in or Sign up

Slow web browsing, some pages wont load.

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

ryamac Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Slow web browsing, some pages wont load.

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

noahdfear Inactive

ryamac Inactive Thread Starter

ryamac Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches