How to remove DMVlite?

Although this is probably not a new query, I am a new user of this site. Are there any postings/directions for the removal of this nuisance? Thx

 

The needed download links are all in Quicklinks in my signature.

Download, update, and run first Ad-aware SE. Do a full scan and check all items found for removal. The same with Spybot and in addition to removals with it, also use the immunize feature.

Download Hijackthis and unzip it to a regular folder (so not a temp folder and not the desktop). Run it to scan and create a log then post the log here. Don't do any removals with HJT since it shows running processes with no attempt to sort good from bad. We'll give specific removal instructions based on what shows up in the log file.

 

help me remove dmvlite, please.

Logfile of HijackThis v1.99.0
Scan saved at 21:52:33, on 1/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\HpMmKbd.exe
C:\WINNT\system32\wsxsvc\wsxsvc.exe
C:\Program Files\Meteorlogix\AviationSentry\WxSentry.exe
C:\Program Files\Meteorlogix\AviationSentry\LtgManager.exe
C:\Program Files\Meteorlogix\Server\ingstmgr.exe
C:\Program Files\Meteorlogix\Server\FileCnvtServer.exe
C:\Program Files\Meteorlogix\Server\MediaConvert.exe
C:\Program Files\Meteorlogix\Server\UsbSource.exe
C:\Program Files\Meteorlogix\Server\WxEditor.exe
C:\Program Files\Meteorlogix\Server\IngstMon.exe
C:\Program Files\Meteorlogix\Server\DatamgrServer.exe
C:\Program Files\Meteorlogix\Server\AlertServer.exe
C:\Program Files\Meteorlogix\Server\AlertMgr.exe
C:\Program Files\Meteorlogix\Server\UpdateManager.exe
C:\Program Files\Meteorlogix\Server\DcdServer.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rpcat32.exe
C:\WINNT\system32\rtilib.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Administrator\My Documents\hijackthis\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINNT\Helper101.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SDWin32 Class - {31A613E9-7014-4772-99BE-A2CCE4B7BA9B} - C:\WINNT\system32\kxupv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SDWin32 Class - {7EE0BE95-A73E-44DB-B656-B5CD737CC6BF} - C:\WINNT\system32\xeznj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MetWork] C:\Program Files\Meteorlogix\Server\Metwork.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [yzjjvqlfzl] C:\WINNT\system32\pinlsvjx.exe
O4 - HKLM\..\Run: [kxupvc] C:\WINNT\system32\kxupvc.exe
O4 - HKLM\..\Run: [xeznjc] C:\WINNT\system32\xeznjc.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [pp9P36g] rtilib.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1 "
O4 - HKCU\..\Run: [YEqFRWM7O] rpcat32.exe
O4 - Global Startup: AviationSentry.lnk = C:\Program Files\Meteorlogix\AviationSentry\WxSentry.exe
O4 - Global Startup: Lightning Manager.lnk = C:\Program Files\Meteorlogix\AviationSentry\LtgManager.exe
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

 

You should print this out and/or save it to text where you can access it in safe mode.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R3 - Default URLSearchHook is missing
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINNT\Helper101.dll
O2 - BHO: SDWin32 Class - {31A613E9-7014-4772-99BE-A2CCE4B7BA9B} - C:\WINNT\system32\kxupv.dll
O2 - BHO: SDWin32 Class - {7EE0BE95-A73E-44DB-B656-B5CD737CC6BF} - C:\WINNT\system32\xeznj.dll
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [yzjjvqlfzl] C:\WINNT\system32\pinlsvjx.exe
O4 - HKLM\..\Run: [kxupvc] C:\WINNT\system32\kxupvc.exe
O4 - HKLM\..\Run: [xeznjc] C:\WINNT\system32\xeznjc.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [pp9P36g] rtilib.exe
O4 - HKCU\..\Run: [YEqFRWM7O] rpcat32.exe

Restart your computer in safe mode. Logon to your user account.

Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.

Search the drive for the files rtilib.exe and rpcat32.exe. Delete if found.
Open C:\WINNT\system32 and delete the files pinlsvjx.exe, kxupvc.exe, and xeznjc.exe, and the folder wsxsvc.
Open C:\Program Files and delete the folder CSBB.
Open C:\Temp if present, select all and delete.
Open C:\WINNT\Temp, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content. Then open the Java Plug-in, click the cache tab and then clear. This will only apply if you have installed Sun Java.
Open Ad-aware and run in full scan mode. Delete all it finds.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.
Rebot back into Windows.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.

 

Final Chapter?

Scan started at 1/31/2005 22:16:03

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINNT\Downloaded Program Files\rdgUS990.exe - Trojan:Win32/Dialer.AX -> Infected
C:\WINNT\Downloaded Program Files\CONFLICT.1\rdgUS990.exe - Trojan:Win32/Dialer.AX -> Infected
C:\WINNT\Downloaded Program Files\CONFLICT.2\rdgUS990.exe - Trojan:Win32/Dialer.AX -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBOBVKLK\VerifierBug[1].class - Java/Bytverify -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv420[1].jar->Counter.class - Trojan:Java/ClassLoader -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv420[1].jar->Matrix.class - TrojanDownloader:Java/OpenStream.C -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv420[1].jar->Parser.class - Java/Bytverify -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv413[1].jar->Counter.class - Trojan:Java/ClassLoader -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv413[1].jar->Matrix.class - TrojanDownloader:Java/OpenStream.C -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv413[1].jar->Parser.class - Java/Bytverify -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\AOILZ54G\rdgUS990[1].exe - Trojan:Win32/Dialer.AX -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\1[1].htm - Exploit:HTML/MhtRedir.gen* -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\md[1].htm->(SCRIPT0000) - JS/DialogArg.B* -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\loaderadv412[1].jar->Counter.class - Trojan:Java/ClassLoader -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\loaderadv412[1].jar->Matrix.class - TrojanDownloader:Java/OpenStream.C -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\loaderadv412[1].jar->Parser.class - Java/Bytverify -> Infected
C:\windows\bundles\saie1101.exe - TrojanDropper:Win32/Small.NO -> Infected
C:\windows\bundles\SSK_B5.EXE - TrojanDropper:Win32/Small.NF -> Infected
C:\windows\bundles\shopinst.exe - TrojanDownloader:Win32/Small.ZT -> Infected
C:\windows\bundles\HelperInstaller.exe - TrojanDropper:Win32/Delf -> Infected
C:\windows\bundles\videoinst.exe - TrojanDownloader:Win32/Small.ZT -> Infected

Scanned
============================
Objects: 35854
Directories: 941
Archives: 4671
Size(Kb): 517608
Infected files: 21

Found
============================
Viruses found: 10
Suspicious files: 0
Disinfected files: 0
Mail files: 35

Logfile of HijackThis v1.99.0
Scan saved at 23:23:54, on 1/31/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\HpMmKbd.exe
C:\Program Files\Meteorlogix\AviationSentry\WxSentry.exe
C:\Program Files\Meteorlogix\AviationSentry\LtgManager.exe
C:\Program Files\Meteorlogix\Server\ingstmgr.exe
C:\Program Files\Meteorlogix\Server\FileCnvtServer.exe
C:\Program Files\Meteorlogix\Server\MediaConvert.exe
C:\Program Files\Meteorlogix\Server\UsbSource.exe
C:\Program Files\Meteorlogix\Server\WxEditor.exe
C:\Program Files\Meteorlogix\Server\IngstMon.exe
C:\Program Files\Meteorlogix\Server\DatamgrServer.exe
C:\Program Files\Meteorlogix\Server\AlertServer.exe
C:\Program Files\Meteorlogix\Server\AlertMgr.exe
C:\Program Files\Meteorlogix\Server\UpdateManager.exe
C:\Program Files\Meteorlogix\Server\DcdServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\My Documents\hijackthis\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MetWork] C:\Program Files\Meteorlogix\Server\Metwork.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: AviationSentry.lnk = C:\Program Files\Meteorlogix\AviationSentry\WxSentry.exe
O4 - Global Startup: Lightning Manager.lnk = C:\Program Files\Meteorlogix\AviationSentry\LtgManager.exe
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

 

Reboot into safe mode. Logon to the Administrator account.

Open C:\windows and delete the folder bundles.

Open C:\WINNT\Downloaded Program Files and delete the file rdgUS990.exe and folders CONFLICT.1 and CONFLICT.2

Open C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5, select all from edit on the toolbar and delete.

Empty the recycle bin and reboot back into Windows. Run RAV again and let us know the results.

 

any more dmvlite?

Logfile of HijackThis v1.99.0
Scan saved at 08:20:42, on 2/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\HpMmKbd.exe
C:\Program Files\Meteorlogix\AviationSentry\LtgManager.exe
C:\Program Files\Meteorlogix\Server\ingstmgr.exe
C:\Program Files\Meteorlogix\Server\FileCnvtServer.exe
C:\Program Files\Meteorlogix\Server\MediaConvert.exe
C:\Program Files\Meteorlogix\Server\UsbSource.exe
C:\Program Files\Meteorlogix\Server\WxEditor.exe
C:\Program Files\Meteorlogix\Server\IngstMon.exe
C:\Program Files\Meteorlogix\Server\DatamgrServer.exe
C:\Program Files\Meteorlogix\Server\AlertServer.exe
C:\Program Files\Meteorlogix\Server\AlertMgr.exe
C:\Program Files\Meteorlogix\Server\UpdateManager.exe
C:\Program Files\Meteorlogix\Server\DcdServer.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Meteorlogix\AviationSentry\WxSentry.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\hijackthis\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MetWork] C:\Program Files\Meteorlogix\Server\Metwork.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: AviationSentry.lnk = C:\Program Files\Meteorlogix\AviationSentry\WxSentry.exe
O4 - Global Startup: Lightning Manager.lnk = C:\Program Files\Meteorlogix\AviationSentry\LtgManager.exe
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe


Scan started at 2/9/2005 02:23:21

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINNT\Downloaded Program Files\rdgUS990.exe - Trojan:Win32/Dialer.AX -> Infected
C:\WINNT\Downloaded Program Files\CONFLICT.1\rdgUS990.exe - Trojan:Win32/Dialer.AX -> Infected
C:\WINNT\Downloaded Program Files\CONFLICT.2\rdgUS990.exe - Trojan:Win32/Dialer.AX -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBOBVKLK\VerifierBug[1].class - Java/Bytverify -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv420[1].jar->Counter.class - Trojan:Java/ClassLoader -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv420[1].jar->Matrix.class - TrojanDownloader:Java/OpenStream.C -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv420[1].jar->Parser.class - Java/Bytverify -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv413[1].jar->Counter.class - Trojan:Java/ClassLoader -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv413[1].jar->Matrix.class - TrojanDownloader:Java/OpenStream.C -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VIV99DJN\loaderadv413[1].jar->Parser.class - Java/Bytverify -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\AOILZ54G\rdgUS990[1].exe - Trojan:Win32/Dialer.AX -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\1[1].htm - Exploit:HTML/MhtRedir.gen* -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\md[1].htm->(SCRIPT0000) - JS/DialogArg.B* -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\loaderadv412[1].jar->Counter.class - Trojan:Java/ClassLoader -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\loaderadv412[1].jar->Matrix.class - TrojanDownloader:Java/OpenStream.C -> Infected
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\1BNHZTVC\loaderadv412[1].jar->Parser.class - Java/Bytverify -> Infected

Scanned
============================
Objects: 36756
Directories: 955
Archives: 4671
Size(Kb): 814926
Infected files: 16

Found
============================
Viruses found: 6
Suspicious files: 0
Disinfected files: 0
Mail files: 39

 

The only real difference I see is that the bundles folder is gone. Did you do as instructed in my last post?