I get popups and Trojans, AVG and S&B dn't remove them, or they reappear

**miekiemoes** · 2007-06-12, 07:15

The JSLG_ABC looks like it was already removed, just leftovers in that folder.
So, for that, you can delete the folder manually: C:\KA\JSLG_ABC
For the Max Payne folder - you can - or reinstall it and then uninstall it - or just delete the May Payne folder manually.

To get rid of their uninstall entries in add/remove,

Open HiJackThis
Click on the "Config..." button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Uninstall Manager"
Click on the entry you wish to delete (ABC Learning, Max Tools & Max payne)
Click on Delete this entry
Click "Yes"

Do NOT do this for any other entries there!

**ruckus** · 2007-06-12, 07:50

I just did a defrag and now internet is r-e-a-l-l-y s-l-o-w
and... another problem I should have mentioned earlier...
when i click start and go to 'all programs' it takes about a minute for the programs list to appear!
This lag is also in all of the menus in 'start' 'all programs'
Also, on start up it takes the task bar a little bit long to appear and also it takes a while for all the icons on desktop to appear.
When I open 'control panel' it takes to long for the icons to appear.. and takes way to long for the list to populate when I open 'add/remove programs'
It was because of this lag that I ran the defrag... but that seems to have slowed my internet down somehow.
But programs open as quick as they should and so do the windows when I open folders.

P.S. I will follow your prior instructions now, I was waiting for the defrag to finish.

**miekiemoes** · 2007-06-12, 17:16

Have you been using the cleanup utility in XP? I mean cleaning the internet cache, cleaning the temp folders, cookies, recycle bin etc etc.. Because that's normal behavior after you performed that cleanup.
This since prefetch folder was emptied as well and your internet cache was emptied. So right after that, when you open certain programs and browse certain pages - it will load a bit slower in the beginning.
This will improve again.
However, you are talking about a minute here - so not sure what programs you have been installing in between - running in the background which may cause a system slowdown.

Can you post a new HijackThislog please?
Also, keep in mind, You do have Folder Lock installed. It is known that it may cause an extra slowdown....

**ruckus** · 2007-06-13, 05:45

Sorry I keep bothering you, the PC had a horrible crash, but it seems to be fine now...if you do have the patience could you possibly run me through some more scans to be sure? I would really appreciate it!!

**ruckus** · 2007-06-13, 05:56

Hey guyz!!

MIEKIEMOES has been bloody AWESOME!!

...in fact, these forums are FANTASTIC!!

:
I'm not sure if MIEKIEMOES is finally sick of my patheticness

or if she just hasn't been online but, I think she managed to fix everything which is cool, however, I had a horrible crash where everything lagged up before it finally froze and that has me a little worried, eveything does seem to be fine now BUT, is it possible for someone to run me through some final scanz so I can be sure...call me paranoid

Hey thanks again and BIGUPS to MIEKIEMOES!!
P.S. I will be donating, I have your address

**ruckus** · 2007-06-13, 07:13

I see I missed one of your posts,,,, sorry..... I will post a new Hijack Log now and then won't post another reply 'till you answer,

thankyou

**ruckus** · 2007-06-13, 07:19

I turned everything off including firewall before I ran this scan, just in case.
My PC seems to be running brilliantly now, thx so much

Logfile of HijackThis v1.99.1
Scan saved at 5:15:41 p.m., on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\Hijack\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1177964292875
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F5A8DAA-D9CB-45B8-B519-C1F3D46ECCBF}: NameServer = 202.74.207.10,202.74.207.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Also, about removing those programmes, shoul I jsut delete the folders from 'Program Files'?

**miekiemoes** · 2007-06-13, 09:09

Hi,

Everything looks OK here.
Everytime when I look at a new HijackThislog, I see things has been changed in it. Now it looks like you enabled everything via msconfig which was disabled before, but it looks like some related programs are missing. Which means, you already uninstalled them before.
So, let's have another look and post a log from Combofix, so it will show what is really missing or not, so we can actually remove these startup entries instead of disabling them.

Also, as you asked,

Also, about removing those programmes, shoul I jsut delete the folders from 'Program Files'?

You can delete the Max Payne folder and the JSLG_ABC folder.

Extra note, if you don't really use Google desktop search, I also suggest you uninstall it - this because it's known to cause a serious system slowdown.

**ruckus** · 2007-06-13, 12:54

ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix\ComboFix.exe
"Owner" - 2007-06-13 22:47:20 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))

2007-06-13 20:12 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-12 09:45 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Comodo
2007-06-12 06:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-06-12 06:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-12 06:27 <DIR> d-------- C:\Program Files\Comodo
2007-06-12 06:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-12 04:43 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-11 19:54 1,824 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-11 15:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-11 05:09 <DIR> d-------- C:\Program Files\SpyCrush 3.2
2007-06-11 04:34 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-11 02:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-11 00:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-10 21:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 19:29 <DIR> d---s---- C:\DOCUME~1\Guest\UserData
2007-06-09 18:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-08 23:48 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-06-08 23:48 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-06-08 23:48 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-06-08 23:48 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-06-08 23:48 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-06-08 23:48 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-06-08 23:48 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-06-08 23:48 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-06-08 22:03 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-08 22:03 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-08 22:03 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-08 22:03 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-06-08 22:03 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-06-08 21:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-08 20:51 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-08 08:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-31 18:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 18:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 18:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 18:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 18:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-28 20:28 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-26 09:01 <DIR> d-------- C:\Program Files\DC++
2007-05-25 22:45 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-25 22:44 2,301 --a------ C:\WINDOWS\mozver.dat
2007-05-25 15:34 <DIR> d-------- C:\Program Files\Google
2007-05-25 15:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-25 15:28 15,714,552 --a------ C:\Program Files\Google_Earth_BZXV.exe
2007-05-23 03:14 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-05-23 01:57 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-05-23 01:57 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-05-23 01:57 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-05-23 01:57 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-05-23 01:57 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-05-23 01:57 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-05-23 01:57 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-05-22 23:44 <DIR> d-------- C:\Program Files\QuickTime
2007-05-22 23:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-21 04:08 <DIR> d--hs---- C:\DOCUME~1\Owner\Complete
2007-05-19 12:41 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ableton
2007-05-19 12:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
2007-05-14 18:54 <DIR> d-------- C:\Program Files\Vodei

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 10:34:24 -------- d-----w C:\Program Files\EA Games
2007-06-09 04:28:07 -------- d-----w C:\Program Files\Easy Internet signup
2007-06-08 10:06:32 -------- d-----w C:\Program Files\DivX
2007-05-29 09:59:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 09:58:06 -------- d-----w C:\Program Files\Microsoft Works
2007-05-25 06:12:21 10,706 -c--a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2007-05-25 01:27:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-05-22 12:25:47 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-05-20 10:04:54 -------- d-----w C:\Program Files\Cooledit
2007-05-19 06:51:27 -------- d-----w C:\Program Files\VirtualDJ
2007-05-08 01:39:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-05-06 06:43:04 -------- d-----w C:\Program Files\BitTorrent
2007-05-03 06:15:26 -------- d-----w C:\Program Files\WinPcap
2007-05-02 16:47:55 -------- d-----w C:\Program Files\Folder Lock
2007-05-01 10:58:00 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-01 09:21:17 -------- d-----w C:\Program Files\MSN Messenger
2007-04-30 23:13:25 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-30 20:09:15 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:25 36,624 -c----w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 10:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 10:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 10:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 10:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 10:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 10:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 10:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 10:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 10:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 10:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-06 08:53:40 53,248 ----a-w C:\WINDOWS\system32\suppdll.dll
2007-04-06 08:53:40 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 00:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 00:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-31 00:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" []
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-12 06:27]
"VTTimer"="VTTimer.exe" [2004-10-22 10:53 C:\WINDOWS\system32\VTTimer.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-23 14:01]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"RecordNow!"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MoneyAgent"="c:\Program Files\Microsoft Money\System\mnyexpr.exe" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe" [2004-04-08 21:51]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Magnify"=
"RunNarrator"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-31 00:29]

Contents of the 'Scheduled Tasks' folder
2007-05-22 08:52:00 C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1090486217.job
2004-11-04 00:36:16 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 22:50:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\Windows Update.log
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\WNBackup
C:\WINDOWS\ws2setup.log
C:\WINDOWS\wsdu.log
C:\WINDOWS\WSST_Screen_Saver.ini
C:\WINDOWS\wwmf
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
C:\WINDOWS\xpsp1hfm.log
C:\WINDOWS\yacs.log
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif

scan completed successfully
hidden files: 24

**************************************************************************

Completion time: 2007-06-13 22:51:19

--- E O F ---

THX for sticking with me on this.

**miekiemoes** · 2007-06-13, 13:15

Hi,

Delete next folder:

C:\Program Files\SpyCrush 3.2

check and fix next orphaned entries in Hijackthis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"

don't worry about the "hidden files" part in your Combofix log, that's because of the Folder Lock.
The rest looks ok.

No need to post new logs, I know after performing above, the entries will be gone in Hijackthis.
Please do not tinker anymore with settings etc.. this to prevent you break more instead of fixing

Thread: I get popups and Trojans, AVG and S&B dn't remove them, or they reappear

Thread Tools

Display

oh shit!

I think it's all good

Final Scans

oops

Phew! I thought I'd lost you!

Posting Permissions