Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > trojan agent winlogonhook

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

trojan agent winlogonhook

Reply to Message Icon

Name: tempestcrescent
Date: October 24, 2006 at 17:08:41 Pacific
OS: Windows Xp
CPU/Ram: 516 Ram, 800Mhz processor
Product: Compaq Presario
Comment:

I've been having trouble lately with this trojan called agent winlogonhook. Yeah, its getting very annoying. I'm not sure if it caused it but i can't get onto my computer normally now and i have to run in safe mode.

If you need the Hijack log i've already got it, the site just told me not to post it unless someone needed it. Thanks.




Sponsored Link
Ads by Google

Response Number 1
Name: jabuck
Date: October 24, 2006 at 19:23:23 Pacific
Reply:

Please post your Hijack This log.


0

Response Number 2
Name: tempestcrescent
Date: October 25, 2006 at 16:49:17 Pacific
Reply:

Oh and i fixed the startup problem, the trojan had implanted a dll in my startup that was restarting the computer everytime i tried to run it normally.

Logfile of HijackThis v1.99.1
Scan saved at 19:44:26, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IDETOOL\IDETOOL.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\CoreCodec\The Core Media Player\CorePlayer.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.co...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.co...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: ChangerBHO Class - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\cabviews.dll
O2 - BHO: SpoofBHO Class - {385066e0-23f3-11db-a98b-0800200c9a66} - C:\WINDOWS\se_spoof.dll
O2 - BHO: (no name) - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt3.dll
O2 - BHO: SpoofBHO Class - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - C:\WINDOWS\se_spoof.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Clicker Class - {A97B5EF1-CA64-466F-AC40-F770ED52DB92} - C:\WINDOWS\system32\mscoriezz.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/sof...
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/am...
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winawg32 - C:\WINDOWS\SYSTEM32\winawg32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe (file missing)


Darn you Trojans!


0

Response Number 3
Name: jabuck
Date: October 25, 2006 at 19:27:59 Pacific
Reply:

First, go to Start -> Control Panel -> Add/Remove Programs and uninstall the following (if listed):

New.Net
NewDotNet

If it is not listed, follow these instructions:

From a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstal...
Download and save uninstall6_90.exe to the desktop.
Go to the desktop and double-click on uninstall6_90.exe
Click on the OK button.
After removal, you may be prompted to reboot. Please reboot even if not prompted.


Please also remove these programs, if found:

DAEMON Tools WhenU SearchBar
Desktop Toolbar [WhenUSearch]
WhenU CrunchGames Bar
WhenU Save
WhenU SaveNow
WhenUSave
WhenUSearch
WhenUSearch Desktop Toolbar
WhenUSearch Toolbar
WhenUShop
(Anything else with the word "WhenU" in them)

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode

Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

Please download ComboFix to the Desktop from this link:

http://download.bleepingcomputer.com/sUBs/combofix.exe

Double-click combofix.exe
Follow the prompts.

(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the combofix.txt log.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: ChangerBHO Class - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\cabviews.dll

O2 - BHO: SpoofBHO Class - {385066e0-23f3-11db-a98b-0800200c9a66} - C:\WINDOWS\se_spoof.dll

O2 - BHO: (no name) - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - (no file)

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt3.dll

O2 - BHO: SpoofBHO Class - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - C:\WINDOWS\se_spoof.dll

O2 - BHO: Clicker Class - {A97B5EF1-CA64-466F-AC40-F770ED52DB92} - C:\WINDOWS\system32\mscoriezz.dll

O3 - Toolbar: (no name) - {052b12f7-86fa-4921-8482-26c42316b522} - (no file)

Files\IDETOOL\IDETOOL.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...

O20 - Winlogon Notify: winawg32 - C:\WINDOWS\SYSTEM32\winawg32.dll

Exit Hijack This but remain in safe mode.

Run Killbox frim safe mode. Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.

C:\WINDOWS\system32\cabviews.dll

C:\WINDOWS\se_spoof.dll

C:\WINDOWS\SYSTEM32\winawg32.dll



Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot to normal mode.

Post the AVG-AntiSpyware report on your desktop and a new Hijack This log please.


0

Response Number 4
Name: tempestcrescent
Date: October 26, 2006 at 18:52:26 Pacific
Reply:

HijackThis-

Logfile of HijackThis v1.99.1
Scan saved at 21:48:38, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
C:\Program Files\Common Files\AOL\1161904612\ee\AOLSoftware.exe
c:\program files\common files\aol\1161904612\ee\aim6.exe
c:\program files\common files\aol\1161904612\ee\anotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.co...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.co...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161904612\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe (file missing)

AVG Anti-Spyware - Scan Report


+ Created at: 21:32:31 26/10/2006

+ Scan result:

Nothing found.

::Report end


Combofix-

David - 06-10-26 18:53:11,29 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\David\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\ixt1.dll
C:\WINDOWS\system32\ixt2.dll
C:\WINDOWS\system32\ixt3.dll
C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))


2006-10-25 22:35 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 21:22 71,359,126 --a------ C:\BackupRegistry(20061024).reg
2006-10-24 06:23 307,200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll
2006-10-24 06:23 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2006-10-24 06:23 176,128 --a-s---- C:\WINDOWS\system32\Interceptor.dll
2006-10-23 21:13 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-10-18 22:25 299,008 --a------ C:\WINDOWS\system32\rlls.dll
2006-10-18 22:25 1,429,504 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-10-13 23:45 415,504 --a------ C:\WINDOWS\system32\MSREPL35.DLL
2006-10-13 23:45 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2006-10-13 23:45 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2006-10-13 23:45 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2006-10-13 23:45 1,050,384 --a------ C:\WINDOWS\system32\MSJET35.DLL
2006-10-06 23:11 65,536 --a------ C:\WINDOWS\amcap533.exe
2006-10-06 23:11 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
2006-10-06 23:11 131,072 --a------ C:\WINDOWS\system32\Sp5x_32.dll
2006-10-06 23:11 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2006-10-06 23:11 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-26 18:54 -------- d-------- C:\Program Files\Common Files
2006-10-26 18:31 -------- d-------- C:\Program Files\WildGames
2006-10-26 17:42 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-25 22:35 -------- d-------- C:\Program Files\Grisoft
2006-10-25 22:32 -------- d-------- C:\Program Files\Yahoo!
2006-10-24 21:04 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-24 19:04 -------- d-a-s---- C:\Program Files\NewDotNet
2006-10-24 17:44 -------- d-------- C:\Program Files\Ashampoo
2006-10-24 16:39 -------- d-------- C:\Program Files\SpywareHeal
2006-10-24 16:34 -------- d-------- C:\Program Files\SpyCatcher 2006
2006-10-24 06:41 -------- d-------- C:\Documents and Settings\David\Application Data\Tenebril
2006-10-22 15:07 -------- d-------- C:\Program Files\Ahead
2006-10-22 14:41 -------- d-------- C:\Program Files\WinRAR
2006-10-22 14:40 -------- d-------- C:\Program Files\AIM
2006-10-22 14:27 -------- d-------- C:\Program Files\Yamicsoft
2006-10-22 14:22 -------- d-------- C:\Documents and Settings\David\Application Data\uTorrent
2006-10-22 13:57 -------- d-------- C:\Documents and Settings\David\Application Data\Opera
2006-10-19 21:48 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-18 22:24 -------- d-------- C:\Program Files\filesubmit
2006-10-17 22:23 -------- d-------- C:\Program Files\TuneUp Utilities 2004
2006-10-11 18:43 -------- d-------- C:\Documents and Settings\David\Application Data\Ventrilo
2006-10-10 18:18 -------- d-------- C:\Program Files\Mozilla Firefox 2 Beta 2
2006-10-10 18:18 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-10-10 18:18 -------- d-------- C:\Program Files\Dictionary
2006-10-07 13:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-07 13:54 -------- d-------- C:\Documents and Settings\David\Application Data\Google
2006-10-06 23:16 -------- d-------- C:\Program Files\PhoTags Express
2006-10-03 22:06 -------- d-------- C:\Program Files\Folder Lock
2006-10-03 17:35 -------- d-------- C:\Program Files\Microsoft Games
2006-10-03 17:35 -------- d-------- C:\Documents and Settings\David\Application Data\Microsoft Games
2006-09-29 23:42 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-09-28 21:36 -------- d-------- C:\Program Files\LimeWire
2006-09-24 20:16 -------- d-------- C:\Documents and Settings\David\Application Data\Macromedia
2006-09-24 20:09 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-24 20:06 -------- d-------- C:\Program Files\Macromedia
2006-09-24 20:04 -------- d---s---- C:\Documents and Settings\David\Application Data\Microsoft
2006-09-24 11:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-24 11:45 -------- d-------- C:\Program Files\Internet Explorer
2006-09-23 19:25 -------- d-------- C:\Documents and Settings\David\Application Data\BitTorrent
2006-09-21 22:06 -------- d-------- C:\Program Files\e-Sword
2006-09-20 22:22 -------- d-------- C:\Program Files\AimOne Video Converter
2006-09-20 22:18 -------- d-------- C:\Program Files\QuickTime
2006-09-20 22:13 -------- d-------- C:\Program Files\DivX
2006-09-20 21:51 -------- d-------- C:\Documents and Settings\David\Application Data\TuneUp Software
2006-09-19 22:06 -------- d-------- C:\Documents and Settings\David\Application Data\Real
2006-09-19 22:03 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-19 22:03 -------- d-------- C:\Program Files\Common Files\Real
2006-09-19 22:02 -------- d-------- C:\Program Files\Real
2006-09-18 14:11 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 14:11 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 14:11 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 14:11 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-17 21:52 -------- d-------- C:\Program Files\WinMPG VideoConvert
2006-09-14 21:30 -------- d-------- C:\Documents and Settings\David\Application Data\Help
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:50 -------- d-------- C:\Documents and Settings\David\Application Data\AdobeUM
2006-09-04 21:26 -------- d-------- C:\Documents and Settings\David\Application Data\Sereniti
2006-09-04 21:24 -------- d-------- C:\Program Files\AOL
2006-09-04 11:26 0 --a------ C:\AUTOEXEC.BAT
2006-09-04 11:26 -------- d-------- C:\Program Files\IDETOOL
2006-09-03 23:02 -------- d-------- C:\Documents and Settings\David\Application Data\CoreCodec
2006-09-03 23:00 -------- d-------- C:\Program Files\Haali
2006-09-03 23:00 -------- d-------- C:\Program Files\CoreCodec
2006-09-03 17:20 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2006-09-03 17:20 -------- d-------- C:\Documents and Settings\David\Application Data\Neopets Toolbar
2006-09-03 12:44 -------- d-------- C:\Program Files\Windows Media Player
2006-09-03 12:40 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-08-30 18:44 -------- d-------- C:\Program Files\Common Files\AOL
2006-08-28 22:24 34 --a------ C:\WINDOWS\system32\sitinfo.dll
2006-08-28 22:24 10 --a------ C:\WINDOWS\system32\sitdat5.dll
2006-08-28 22:17 53248 --a------ C:\WINDOWS\system32\suppdll.dll
2006-08-28 21:51 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --------- C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --------- C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-21 20:09 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-08-21 20:09 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-08-21 10:17 21504 --a------ C:\WINDOWS\system32\Mystify Your Mind.scr
2006-08-21 09:48 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-11 20:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 16:41 1739 --a------ C:\Documents and Settings\David\Application Data\AdobeDLM.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser MOUSE\\mouse32a.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winawg32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - David.job

Completion time: 06-10-26 18:56:40.92
C:\ComboFix.txt ... 06-10-26 18:56


Darn you Trojans!


0

Response Number 5
Name: jabuck
Date: October 26, 2006 at 19:36:29 Pacific
Reply:

Go to start > controlpanel > software > add/remove programs and uninstall next if present:


SpywareHeal
MyWaySearch
Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.

If OIN not listed, download and run this uninstaller OiUninstaller.exe

Reboot when done! Really important!

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Reboot once again in safe mode.

Navigate to and delete these files if found:

C:\WINDOWS\system32\rlls.dll

C:\WINDOWS\system32\rlvknlg.exe

Navigate to and delete these folders if found:

C:\Program Files\NewDotNet

C:\Program Files\SpywareHeal

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot to normal mode.

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winawg32]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Post the AVG-Anti-Spyware log on your desktop, a new combofix log and a new Hijack This log please.


0

Related Posts

See More



Response Number 6
Name: tempestcrescent
Date: October 27, 2006 at 16:30:26 Pacific
Reply:

I already deleted the adware that this one detected.

AVG Anti-Spyware - Scan Report


+ Created at: 19:10:28 27/10/2006

+ Scan result:

C:\System Volume Information\_restore{D103F50C-99D7-481F-96AD-26C152FEE277}\RP207\A0099367.dll -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{D103F50C-99D7-481F-96AD-26C152FEE277}\RP207\A0099342.exe -> Adware.RK : Cleaned.
C:\System Volume Information\_restore{D103F50C-99D7-481F-96AD-26C152FEE277}\RP207\A0099365.exe -> Adware.SpywareHeal : Cleaned.


::Report end

David - 06-10-27 19:21:21,75 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\David\Desktop\Destroyer"

((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))


2006-10-25 22:35 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 21:22 71,359,126 --a------ C:\BackupRegistry(20061024).reg
2006-10-24 06:23 307,200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll
2006-10-24 06:23 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2006-10-24 06:23 176,128 --a-s---- C:\WINDOWS\system32\Interceptor.dll
2006-10-23 21:13 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-10-13 23:45 415,504 --a------ C:\WINDOWS\system32\MSREPL35.DLL
2006-10-13 23:45 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2006-10-13 23:45 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2006-10-13 23:45 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2006-10-13 23:45 1,050,384 --a------ C:\WINDOWS\system32\MSJET35.DLL
2006-10-06 23:11 65,536 --a------ C:\WINDOWS\amcap533.exe
2006-10-06 23:11 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
2006-10-06 23:11 131,072 --a------ C:\WINDOWS\system32\Sp5x_32.dll
2006-10-06 23:11 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2006-10-06 23:11 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-27 17:45 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-26 21:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-26 19:20 -------- d-------- C:\Documents and Settings\David\Application Data\acccore
2006-10-26 19:19 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-26 19:19 -------- d-------- C:\Program Files\AOL
2006-10-26 19:16 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-26 19:16 -------- d-------- C:\Program Files\Common Files
2006-10-26 19:16 -------- d-------- C:\Documents and Settings\David\Application Data\Mozilla
2006-10-26 18:31 -------- d-------- C:\Program Files\WildGames
2006-10-25 22:35 -------- d-------- C:\Program Files\Grisoft
2006-10-25 22:32 -------- d-------- C:\Program Files\Yahoo!
2006-10-24 17:44 -------- d-------- C:\Program Files\Ashampoo
2006-10-24 16:34 -------- d-------- C:\Program Files\SpyCatcher 2006
2006-10-24 06:41 -------- d-------- C:\Documents and Settings\David\Application Data\Tenebril
2006-10-22 15:07 -------- d-------- C:\Program Files\Ahead
2006-10-22 14:41 -------- d-------- C:\Program Files\WinRAR
2006-10-22 14:40 -------- d-------- C:\Program Files\AIM
2006-10-22 14:27 -------- d-------- C:\Program Files\Yamicsoft
2006-10-22 14:22 -------- d-------- C:\Documents and Settings\David\Application Data\uTorrent
2006-10-22 13:57 -------- d-------- C:\Documents and Settings\David\Application Data\Opera
2006-10-19 21:48 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-18 22:24 -------- d-------- C:\Program Files\filesubmit
2006-10-17 22:23 -------- d-------- C:\Program Files\TuneUp Utilities 2004
2006-10-11 18:43 -------- d-------- C:\Documents and Settings\David\Application Data\Ventrilo
2006-10-10 18:18 -------- d-------- C:\Program Files\Mozilla Firefox 2 Beta 2
2006-10-10 18:18 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-10-10 18:18 -------- d-------- C:\Program Files\Dictionary
2006-10-07 13:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-07 13:54 -------- d-------- C:\Documents and Settings\David\Application Data\Google
2006-10-06 23:16 -------- d-------- C:\Program Files\PhoTags Express
2006-10-03 22:06 -------- d-------- C:\Program Files\Folder Lock
2006-10-03 17:35 -------- d-------- C:\Program Files\Microsoft Games
2006-10-03 17:35 -------- d-------- C:\Documents and Settings\David\Application Data\Microsoft Games
2006-09-29 23:42 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-09-28 21:36 -------- d-------- C:\Program Files\LimeWire
2006-09-24 20:16 -------- d-------- C:\Documents and Settings\David\Application Data\Macromedia
2006-09-24 20:09 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-24 20:06 -------- d-------- C:\Program Files\Macromedia
2006-09-24 20:04 -------- d---s---- C:\Documents and Settings\David\Application Data\Microsoft
2006-09-24 11:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-24 11:45 -------- d-------- C:\Program Files\Internet Explorer
2006-09-23 19:25 -------- d-------- C:\Documents and Settings\David\Application Data\BitTorrent
2006-09-21 22:06 -------- d-------- C:\Program Files\e-Sword
2006-09-20 22:22 -------- d-------- C:\Program Files\AimOne Video Converter
2006-09-20 22:18 -------- d-------- C:\Program Files\QuickTime
2006-09-20 22:13 -------- d-------- C:\Program Files\DivX
2006-09-20 21:51 -------- d-------- C:\Documents and Settings\David\Application Data\TuneUp Software
2006-09-19 22:06 -------- d-------- C:\Documents and Settings\David\Application Data\Real
2006-09-19 22:03 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-19 22:03 -------- d-------- C:\Program Files\Common Files\Real
2006-09-19 22:02 -------- d-------- C:\Program Files\Real
2006-09-18 14:11 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 14:11 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 14:11 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 14:11 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-17 21:52 -------- d-------- C:\Program Files\WinMPG VideoConvert
2006-09-14 21:30 -------- d-------- C:\Documents and Settings\David\Application Data\Help
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:50 -------- d-------- C:\Documents and Settings\David\Application Data\AdobeUM
2006-09-04 21:26 -------- d-------- C:\Documents and Settings\David\Application Data\Sereniti
2006-09-04 11:26 0 --a------ C:\AUTOEXEC.BAT
2006-09-04 11:26 -------- d-------- C:\Program Files\IDETOOL
2006-09-03 23:02 -------- d-------- C:\Documents and Settings\David\Application Data\CoreCodec
2006-09-03 23:00 -------- d-------- C:\Program Files\Haali
2006-09-03 23:00 -------- d-------- C:\Program Files\CoreCodec
2006-09-03 17:20 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2006-09-03 17:20 -------- d-------- C:\Documents and Settings\David\Application Data\Neopets Toolbar
2006-09-03 12:44 -------- d-------- C:\Program Files\Windows Media Player
2006-09-03 12:40 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-08-28 22:24 34 --a------ C:\WINDOWS\system32\sitinfo.dll
2006-08-28 22:24 10 --a------ C:\WINDOWS\system32\sitdat5.dll
2006-08-28 22:17 53248 --a------ C:\WINDOWS\system32\suppdll.dll
2006-08-28 21:51 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --------- C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --------- C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-21 20:09 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-08-21 20:09 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-08-21 10:17 21504 --a------ C:\WINDOWS\system32\Mystify Your Mind.scr
2006-08-21 09:48 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-11 20:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 16:41 1739 --a------ C:\Documents and Settings\David\Application Data\AdobeDLM.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1161904612\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser MOUSE\\mouse32a.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - David.job

Completion time: 06-10-27 19:23:59.77
C:\ComboFix.txt ... 06-10-27 19:23
C:\ComboFix2.txt ... 06-10-26 21:41
C:\ComboFix3.txt ... 06-10-26 21:37


Logfile of HijackThis v1.99.1
Scan saved at 19:26:05, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
C:\Documents and Settings\David\Desktop\Destroyer\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.co...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.co...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161904612\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe (file missing)

Darn you Trojans!


0

Response Number 7
Name: jabuck
Date: October 27, 2006 at 19:25:21 Pacific
Reply:

Looks much better. Two items left to take care of.

Navigate to and delete this folder if found:

C:\Program Files\MyWebSearch

If for some reason the MyWebSearch folder will not delete in normal mode boot into safe mode and delete it.

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"New.net Startup"=-
"My Web Search Bar"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Post a new combofix log please.

You java needs to be updated. Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.

You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


0

Response Number 8
Name: tempestcrescent
Date: October 27, 2006 at 20:58:18 Pacific
Reply:

David - 06-10-27 23:54:49,31 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\David\Desktop\Destroyer"

((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))


2006-10-25 22:35 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 21:22 71,359,126 --a------ C:\BackupRegistry(20061024).reg
2006-10-24 06:23 307,200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll
2006-10-24 06:23 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2006-10-24 06:23 176,128 --a-s---- C:\WINDOWS\system32\Interceptor.dll
2006-10-23 21:13 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-10-13 23:45 415,504 --a------ C:\WINDOWS\system32\MSREPL35.DLL
2006-10-13 23:45 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2006-10-13 23:45 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2006-10-13 23:45 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2006-10-13 23:45 1,050,384 --a------ C:\WINDOWS\system32\MSJET35.DLL
2006-10-06 23:11 65,536 --a------ C:\WINDOWS\amcap533.exe
2006-10-06 23:11 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
2006-10-06 23:11 131,072 --a------ C:\WINDOWS\system32\Sp5x_32.dll
2006-10-06 23:11 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2006-10-06 23:11 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-27 19:26 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-26 21:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-26 19:20 -------- d-------- C:\Documents and Settings\David\Application Data\acccore
2006-10-26 19:19 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-26 19:19 -------- d-------- C:\Program Files\AOL
2006-10-26 19:16 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-26 19:16 -------- d-------- C:\Program Files\Common Files
2006-10-26 19:16 -------- d-------- C:\Documents and Settings\David\Application Data\Mozilla
2006-10-26 18:31 -------- d-------- C:\Program Files\WildGames
2006-10-25 22:35 -------- d-------- C:\Program Files\Grisoft
2006-10-25 22:32 -------- d-------- C:\Program Files\Yahoo!
2006-10-24 17:44 -------- d-------- C:\Program Files\Ashampoo
2006-10-24 16:34 -------- d-------- C:\Program Files\SpyCatcher 2006
2006-10-24 06:41 -------- d-------- C:\Documents and Settings\David\Application Data\Tenebril
2006-10-22 15:07 -------- d-------- C:\Program Files\Ahead
2006-10-22 14:41 -------- d-------- C:\Program Files\WinRAR
2006-10-22 14:40 -------- d-------- C:\Program Files\AIM
2006-10-22 14:27 -------- d-------- C:\Program Files\Yamicsoft
2006-10-22 14:22 -------- d-------- C:\Documents and Settings\David\Application Data\uTorrent
2006-10-22 13:57 -------- d-------- C:\Documents and Settings\David\Application Data\Opera
2006-10-19 21:48 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-18 22:24 -------- d-------- C:\Program Files\filesubmit
2006-10-17 22:23 -------- d-------- C:\Program Files\TuneUp Utilities 2004
2006-10-11 18:43 -------- d-------- C:\Documents and Settings\David\Application Data\Ventrilo
2006-10-10 18:18 -------- d-------- C:\Program Files\Mozilla Firefox 2 Beta 2
2006-10-10 18:18 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-10-10 18:18 -------- d-------- C:\Program Files\Dictionary
2006-10-07 13:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-07 13:54 -------- d-------- C:\Documents and Settings\David\Application Data\Google
2006-10-06 23:16 -------- d-------- C:\Program Files\PhoTags Express
2006-10-03 22:06 -------- d-------- C:\Program Files\Folder Lock
2006-10-03 17:35 -------- d-------- C:\Program Files\Microsoft Games
2006-10-03 17:35 -------- d-------- C:\Documents and Settings\David\Application Data\Microsoft Games
2006-09-29 23:42 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-09-28 21:36 -------- d-------- C:\Program Files\LimeWire
2006-09-24 20:16 -------- d-------- C:\Documents and Settings\David\Application Data\Macromedia
2006-09-24 20:09 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-24 20:06 -------- d-------- C:\Program Files\Macromedia
2006-09-24 20:04 -------- d---s---- C:\Documents and Settings\David\Application Data\Microsoft
2006-09-24 11:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-24 11:45 -------- d-------- C:\Program Files\Internet Explorer
2006-09-23 19:25 -------- d-------- C:\Documents and Settings\David\Application Data\BitTorrent
2006-09-21 22:06 -------- d-------- C:\Program Files\e-Sword
2006-09-20 22:22 -------- d-------- C:\Program Files\AimOne Video Converter
2006-09-20 22:18 -------- d-------- C:\Program Files\QuickTime
2006-09-20 22:13 -------- d-------- C:\Program Files\DivX
2006-09-20 21:51 -------- d-------- C:\Documents and Settings\David\Application Data\TuneUp Software
2006-09-19 22:06 -------- d-------- C:\Documents and Settings\David\Application Data\Real
2006-09-19 22:03 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-19 22:03 -------- d-------- C:\Program Files\Common Files\Real
2006-09-19 22:02 -------- d-------- C:\Program Files\Real
2006-09-18 14:11 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 14:11 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 14:11 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 14:11 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-17 21:52 -------- d-------- C:\Program Files\WinMPG VideoConvert
2006-09-14 21:30 -------- d-------- C:\Documents and Settings\David\Application Data\Help
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:50 -------- d-------- C:\Documents and Settings\David\Application Data\AdobeUM
2006-09-04 21:26 -------- d-------- C:\Documents and Settings\David\Application Data\Sereniti
2006-09-04 11:26 0 --a------ C:\AUTOEXEC.BAT
2006-09-04 11:26 -------- d-------- C:\Program Files\IDETOOL
2006-09-03 23:02 -------- d-------- C:\Documents and Settings\David\Application Data\CoreCodec
2006-09-03 23:00 -------- d-------- C:\Program Files\Haali
2006-09-03 23:00 -------- d-------- C:\Program Files\CoreCodec
2006-09-03 17:20 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2006-09-03 17:20 -------- d-------- C:\Documents and Settings\David\Application Data\Neopets Toolbar
2006-09-03 12:44 -------- d-------- C:\Program Files\Windows Media Player
2006-09-03 12:40 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-08-28 22:24 34 --a------ C:\WINDOWS\system32\sitinfo.dll
2006-08-28 22:24 10 --a------ C:\WINDOWS\system32\sitdat5.dll
2006-08-28 22:17 53248 --a------ C:\WINDOWS\system32\suppdll.dll
2006-08-28 21:51 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --------- C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --------- C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-21 20:09 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-08-21 20:09 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-08-21 10:17 21504 --a------ C:\WINDOWS\system32\Mystify Your Mind.scr
2006-08-21 09:48 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-11 20:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-11 13:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 13:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 13:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 13:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 13:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 13:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 13:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 13:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 13:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 13:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 13:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 13:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 13:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 16:41 1739 --a------ C:\Documents and Settings\David\Application Data\AdobeDLM.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1161904612\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser MOUSE\\mouse32a.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - David.job

Completion time: 06-10-27 23:57:21.87
C:\ComboFix.txt ... 06-10-27 23:57
C:\ComboFix2.txt ... 06-10-27 19:24
C:\ComboFix3.txt ... 06-10-26 21:41


Darn you Trojans!


0

Response Number 9
Name: jabuck
Date: October 27, 2006 at 21:11:00 Pacific
Reply:

Your log is clean, are you running better?

You need to update your java. Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.

You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


0

Response Number 10
Name: tempestcrescent
Date: October 27, 2006 at 21:32:35 Pacific
Reply:

Yeah, i posted the log before i did all the java and spywareblaster stuff. And yeah its running a lot smoother and better. Thanks a lot, and by the way where did you learn all this stuff? Thanks!

Darn you Trojans!


0

Response Number 11
Name: jabuck
Date: October 27, 2006 at 21:34:55 Pacific
Reply:

It's just a hobbie, glad we could help.


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: trojan agent winlogonhook
Trojan agent Winlogonhook need help www.computing.net/answers/security/trojan-agent-winlogonhook-need-help/19321.html

Trojan agent Winlogonhook! www.computing.net/answers/security/trojan-agent-winlogonhook/18073.html

Trojan Agent Winlogonhook- uy0z74ii www.computing.net/answers/security/trojan-agent-winlogonhook-uy0z74ii/19208.html