Need help plz

BullGuard Antivirus Forum > General Security > Spyware > Need help plz

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

TomRushby
New Member

Date Joined Aug 2007
Total Posts : 12

Posted 8-30-2007 5:30 (GMT +1)

I have been having trouble with viruses and spywere for a few weeks now and been reading the posts here but i cant seem to fix them so im in desperate need of help here is my hijackthis log i got most of the others just ask

Logfile of HijackThis v1.99.1
Scan saved at 18:22:28, on 30-Aug-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RivaTuner v2.01\RivaTuner.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ThreatFire\TFTRAY.EXE
C:\Documents and Settings\Theodor\Desktop\manga\anti vi@spy\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.01\RivaTuner.exe" /T
O4 - HKLM\..\Run: [PowerStrip] "c:\program files\powerstrip\pstrip.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: 3 Piggs Poker - {4835CF45-71B5-4c6c-BBE0-350DCD75D237} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ESD classes - https://www.beb.standard.co.za/esd_client.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D090EBB-76C4-4DF0-A3E3-FDF5E11E871D}: NameServer = 10.0.0.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: urqromm - urqromm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Webroot Software Inc (www.webroot.com) - (no file)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Post Edited (TomRushby) : 30-08-2007 16:36:01 GMT

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted 8-30-2007 7:12 (GMT +1)

Hello

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

TomRushby
New Member

Date Joined Aug 2007
Total Posts : 12

Posted 8-30-2007 7:34 (GMT +1)

sorry it said first highjack then after reply the rest in the rules of posting...

ComboFix 07-08-30.3 - "Theodor" 2007-08-30 17:51:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.61 [GMT 2:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\mozilla firefox\regxpcom.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\DOWNLO~1.\hotbar.inf
C:\WINDOWS\httpconf.dat

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NTMLSVC
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))

2007-08-30 17:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 12:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-30 12:53 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\SUPERAntiSpyware.com
2007-08-29 23:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-29 22:54 52,032 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2007-08-29 22:54 40,256 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2007-08-29 22:54 34,624 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2007-08-29 22:54 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2007-08-29 22:54 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-29 22:54 <DIR> d-------- C:\Program Files\ThreatFire
2007-08-29 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-08-29 21:17 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-29 21:16 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-08-29 21:16 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-08-29 21:15 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-08-29 21:00 <DIR> d-------- C:\Program Files\SpywareGuard
2007-08-29 20:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-28 17:33 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-08-28 16:55 162 --a------ C:\install.dat
2007-08-28 16:51 8,704 --a--c--- C:\WINDOWS\system32\dllcache\dot4scan.sys
2007-08-28 16:51 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys
2007-08-28 16:51 207,360 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys
2007-08-28 16:51 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys
2007-08-28 16:49 91,305 --a--c--- C:\WINDOWS\system32\dllcache\dimaint.sys
2007-08-28 16:41 9,728 --a--c--- C:\WINDOWS\system32\dllcache\brserif.dll
2007-08-28 16:41 60,416 --a--c--- C:\WINDOWS\system32\dllcache\brserwdm.sys
2007-08-28 16:41 5,120 --a--c--- C:\WINDOWS\system32\dllcache\brscnrsm.dll
2007-08-28 16:41 39,552 --a--c--- C:\WINDOWS\system32\dllcache\brparwdm.sys
2007-08-28 16:41 31,529 --a--c--- C:\WINDOWS\system32\dllcache\brzwlan.sys
2007-08-28 16:41 3,168 --a--c--- C:\WINDOWS\system32\dllcache\brparimg.sys
2007-08-28 16:41 13,824 --a--c--- C:\WINDOWS\system32\dllcache\bulltlp3.sys
2007-08-28 16:41 11,008 --a--c--- C:\WINDOWS\system32\dllcache\brusbmdm.sys
2007-08-28 16:41 10,368 --a--c--- C:\WINDOWS\system32\dllcache\brusbscn.sys
2007-08-28 16:37 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-08-28 16:37 689,216 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvs.dll
2007-08-28 16:37 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2007-08-28 16:37 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2007-08-28 16:37 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2007-08-28 16:37 148,352 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2007-08-28 16:37 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2007-08-28 16:37 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2007-08-28 16:36 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-08-28 10:44 <DIR> d-------- C:\DOCUME~1\Theodor\.housecall6.6
2007-08-27 21:35 629,162 ---hs---- C:\WINDOWS\system32\xybeg.ini2
2007-08-27 20:47 <DIR> d-------- C:\VundoFix Backups
2007-08-25 15:21 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-08-25 15:21 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-08-25 14:28 <DIR> d-------- C:\DOCUME~1\Theodor\.scribus
2007-08-22 19:33 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\Disney Interactive Studios
2007-08-22 19:21 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\InstallShield
2007-08-22 14:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-08-22 00:21 <DIR> d-------- C:\Program Files\XoftSpySE
2007-08-21 20:49 <DIR> d-------- C:\Temp
2007-08-21 15:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-08-21 15:37 <DIR> d-------- C:\KAV
2007-08-20 17:33 <DIR> d-------- C:\Program Files\PowerStrip
2007-08-20 17:31 <DIR> d-------- C:\Program Files\RivaTuner v2.01
2007-08-11 14:58 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-08-11 14:46 <DIR> d-------- C:\Program Files\Acclaim
2007-08-11 14:27 <DIR> d-------- C:\manga
2007-08-09 14:17 <DIR> d-------- C:\Downloads
2007-08-08 18:08 <DIR> d-------- C:\Program Files\DynDNS Updater
2007-08-08 18:08 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\Kana Solution
2007-08-08 12:37 <DIR> d-------- C:\Program Files\Address.net DNS Client
2007-08-07 19:40 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\Yahoo!
2007-08-07 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-05 19:52 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\DivX
2007-08-02 03:23 556,544 --------- C:\WINDOWS\system32\NexPlayerX.dll
2007-08-02 02:10 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-08-02 02:09 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-08-02 02:08 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-08-02 02:08 <DIR> d-------- C:\Program Files\Samsung
2007-08-02 01:43 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-02 01:43 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-08-02 01:43 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-08-02 01:43 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-08-02 01:43 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-08-02 01:43 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-31 18:29 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-07-31 18:28 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2007-07-31 18:28 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-07-31 18:28 <DIR> d-------- C:\Program Files\iolo
2007-07-31 18:28 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
2007-07-31 18:23 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\iolo
2007-07-31 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-07-28 12:02 <DIR> d-------- C:\Program Files\DivX
2007-07-27 01:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 01:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:06 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2007-07-25 18:16 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-07-25 18:16 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-07-25 18:16 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-07-23 01:22 77,824 --a------ C:\WINDOWS\system32\nvinstnt.dll
2007-07-23 01:22 55,808 --a------ C:\WINDOWS\system32\nvdesk32.dll
2007-07-23 01:22 147,456 --a------ C:\WINDOWS\system32\nvqtwk.dll
2007-07-23 01:22 135,168 --a------ C:\WINDOWS\system32\nvfsvm.exe
2007-07-05 23:26 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 12:51 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-29 22:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-27 20:56 --------- d-------- C:\DOCUME~1\Theodor\APPLIC~1\Skype
2007-08-22 19:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-11 14:50 --------- d-------- C:\Program Files\Microsoft DirectX SDK (June 2007)
2007-08-09 23:52 --------- d-------- C:\Program Files\BitComet
2007-08-09 20:30 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-09 14:17 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 01:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-27 01:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 81920 --a--c--- C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2007-07-27 01:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-05 23:31 --------- d-------- C:\Program Files\MythWar_en
2007-07-03 23:52 --------- d-------- C:\Program Files\Google
2007-07-03 09:08 --------- d-------- C:\Program Files\Knytt
2007-07-03 09:06 --------- d-------- C:\Program Files\Dobermann
2007-07-03 02:01 --------- d-------- C:\Program Files\RegCure
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 19:38 3364957 --ahs---- C:\WINDOWS\system32\rsetup.exe
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-05-31 19:30 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-05-31 19:29 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-05-30 18:03 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-05-30 18:03 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="C:\Program Files\RivaTuner v2.01\RivaTuner.exe" [2007-04-29 19:05]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-04-08 15:22]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-29 16:55]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2007-08-16 14:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\DOCUME~1\Theodor\STARTM~1\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqromm]
urqromm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]
winzzd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys
R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
R3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.01\RivaTuner32.sys
R3 TfNetMon;TfNetMon;\??\C:\WINDOWS\system32\drivers\TfNetMon.sys
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 PCAlertDriver;PCAlertDriver;\??\C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 vmdmc;SANTIS VComm+ Port Driver;C:\WINDOWS\system32\DRIVERS\vmdmc.sys

Contents of the 'Scheduled Tasks' folder
2007-07-18 06:24:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-22 12:14:52 C:\WINDOWS\Tasks\Pareto UNS.job - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
2007-08-02 01:08:15 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2006-10-02 17:45:22 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
2007-08-30 16:11:14 C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-28 05:51:33 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 18:12:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 18:20:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-30 18:20

--- E O F ---

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
30-Aug-07 17:22:15.67

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 17:22:16
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9412e814]
"001247c597b9"=hex:84,c4,eb,00,01,f2,6b,1d,c9,c4,ca,1e,6b,af,c7,84
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:47258cdc
"s2"=dword:ad286b17
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ee,76,6f,af,03,e1,8c,ec,b0,e3,b4,3d,80,23,54,4f,23,b2,89,9c,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,2e,f3,c5,b6,18,e4,a8,59,36,da,8b,17,bd,76,9b,9f,..
"khjeh"=hex:0d,85,75,35,3b,7f,e5,3f,8f,88,13,bf,a0,7d,6a,10,3e,76,59,91,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d4,60,f3,dd,99,8a,c5,85,8e,a4,05,b5,76,d2,78,ab,35,6c,22,d3,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9412e814]
"001247c597b9"=hex:84,c4,eb,00,01,f2,6b,1d,c9,c4,ca,1e,6b,af,c7,84
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ee,76,6f,af,03,e1,8c,ec,b0,e3,b4,3d,80,23,54,4f,23,b2,89,9c,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,2e,f3,c5,b6,18,e4,a8,59,36,da,8b,17,bd,76,9b,9f,..
"khjeh"=hex:0d,85,75,35,3b,7f,e5,3f,8f,88,13,bf,a0,7d,6a,10,3e,76,59,91,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d4,60,f3,dd,99,8a,c5,85,8e,a4,05,b5,76,d2,78,ab,35,6c,22,d3,ba,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

Logfile of HijackThis v1.99.1
Scan saved at 18:22:28, on 30-Aug-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RivaTuner v2.01\RivaTuner.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ThreatFire\TFTRAY.EXE
C:\Documents and Settings\Theodor\Desktop\manga\anti vi@spy\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.01\RivaTuner.exe" /T
O4 - HKLM\..\Run: [PowerStrip] "c:\program files\powerstrip\pstrip.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: 3 Piggs Poker - {4835CF45-71B5-4c6c-BBE0-350DCD75D237} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ESD classes - https://www.beb.standard.co.za/esd_client.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D090EBB-76C4-4DF0-A3E3-FDF5E11E871D}: NameServer = 10.0.0.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: urqromm - urqromm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Webroot Software Inc (www.webroot.com) - (no file)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I also have this its the combofix quarantined log

2002-04-21 12:46      396    --a--c---    C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\hotbar.inf.vir
2003-10-07 18:40      14624    --a------    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\regxpcom.exe.vir
2007-07-08 21:23      15399    --a------    C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-08-15 00:38      6    --a------    C:\Qoobox\Quarantine\C\WINDOWS\httpconf.dat.vir
2007-08-22 00:12      39    --a------    C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-08-30 18:00      1034    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME.reg.cf
2007-08-30 18:00      1044    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME2.reg.cf
2007-08-30 18:00      798    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NTMLSVC.reg.cf
2007-08-30 18:00      846    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
2007-08-30 18:18      1010476    --a------    C:\Qoobox\snapshot_2007-08-30_181757.87.cf

Folder PATH listing
Volume serial number is DC87-B4EE
C:\QOOBOX
|   snapshot_2007-08-30_181757.87.cf
|
\---Quarantine
    +---C
    |   +---ComboFix
    |   |       FProps.vbs.vir
    |   |
    |   +---Program Files
    |   |   \---Mozilla Firefox
    |   |           regxpcom.exe.vir
    |   |
    |   \---WINDOWS
    |       |   cookies.ini.vir
    |       |   httpconf.dat.vir
    |       |
    |       \---DOWNLO~1
    |               hotbar.inf.vir
    |
    \---Registry_backups
            LEGACY_DOMAINSERVICE.reg.cf
            LEGACY_NTMLSVC.reg.cf
            LEGACY_RUNTIME.reg.cf
            LEGACY_RUNTIME2.reg.cf

and the avg wont give me a log file only lets me look at them in the program i tried following what u said but i think avg had changed
what else do u need

TomRushby
New Member

Date Joined Aug 2007
Total Posts : 12

Posted 8-30-2007 11:38 (GMT +1)

ok i found the anti spywear not to be rude but your link is out of date it goes the the anti virus not anti spy... ok i got these but the problem lays in the fact combofix gave me 2 logs so ill post them all

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:01:22 31-Aug-07

+ Scan result:

C:\System Volume Information\_restore{8C4CF3DF-E39F-46D7-AFBB-429D44B40AE4}\RP399\A0390463.dll -> Adware.Virtumonde : Cleaned.
:mozilla.422:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.423:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.424:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.455:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.502:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.340:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.341:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.342:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.344:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.200:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.201:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.278:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.279:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.280:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.281:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.54:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.55:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.56:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.182:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.323:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.306:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.307:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.308:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.309:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.476:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.477:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.343:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.81:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.82:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.177:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.460:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.461:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.462:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.463:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.365:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.366:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.330:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.331:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.393:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.394:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.395:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.396:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.183:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.184:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.185:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.186:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.249:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.250:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.251:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.252:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.253:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.254:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.495:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.496:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.497:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.498:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.222:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.224:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.193:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.194:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.195:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.196:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.197:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.335:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.349:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.348:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.57:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.489:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.490:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.491:C:\Documents and Settings\Theodor\Application Data\Mozilla\Firefox\Profiles\qme4j4qd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 00:32:00, on 31-Aug-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ThreatFire\TFTRAY.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Theodor\Desktop\manga\anti vi@spy\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.01\RivaTuner.exe" /T
O4 - HKLM\..\Run: [PowerStrip] "c:\program files\powerstrip\pstrip.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: 3 Piggs Poker - {4835CF45-71B5-4c6c-BBE0-350DCD75D237} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ESD classes - https://www.beb.standard.co.za/esd_client.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D090EBB-76C4-4DF0-A3E3-FDF5E11E871D}: NameServer = 10.0.0.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: urqromm - urqromm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Unknown owner - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Webroot Software Inc (www.webroot.com) - (no file)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ComboFix 07-08-30.3 - "Theodor" 2007-08-31 0:17:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.77 [GMT 2:00]

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))

2007-08-30 21:02 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-30 17:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-30 12:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-30 12:53 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\SUPERAntiSpyware.com
2007-08-29 23:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-29 22:54 52,032 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2007-08-29 22:54 40,768 --a------ C:\WINDOWS\system32\drivers\TFSysMon.sys
2007-08-29 22:54 34,624 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2007-08-29 22:54 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2007-08-29 22:54 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-29 22:54 <DIR> d-------- C:\Program Files\ThreatFire
2007-08-29 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-08-29 21:17 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-29 21:16 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-08-29 21:16 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-08-29 21:15 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-08-29 21:00 <DIR> d-------- C:\Program Files\SpywareGuard
2007-08-29 20:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-28 17:33 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-08-28 16:55 162 --a------ C:\install.dat
2007-08-28 16:51 8,704 --a--c--- C:\WINDOWS\system32\dllcache\dot4scan.sys
2007-08-28 16:51 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys
2007-08-28 16:51 207,360 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys
2007-08-28 16:51 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys
2007-08-28 16:49 91,305 --a--c--- C:\WINDOWS\system32\dllcache\dimaint.sys
2007-08-28 16:41 9,728 --a--c--- C:\WINDOWS\system32\dllcache\brserif.dll
2007-08-28 16:41 60,416 --a--c--- C:\WINDOWS\system32\dllcache\brserwdm.sys
2007-08-28 16:41 5,120 --a--c--- C:\WINDOWS\system32\dllcache\brscnrsm.dll
2007-08-28 16:41 39,552 --a--c--- C:\WINDOWS\system32\dllcache\brparwdm.sys
2007-08-28 16:41 31,529 --a--c--- C:\WINDOWS\system32\dllcache\brzwlan.sys
2007-08-28 16:41 3,168 --a--c--- C:\WINDOWS\system32\dllcache\brparimg.sys
2007-08-28 16:41 13,824 --a--c--- C:\WINDOWS\system32\dllcache\bulltlp3.sys
2007-08-28 16:41 11,008 --a--c--- C:\WINDOWS\system32\dllcache\brusbmdm.sys
2007-08-28 16:41 10,368 --a--c--- C:\WINDOWS\system32\dllcache\brusbscn.sys
2007-08-28 16:37 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-08-28 16:37 689,216 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvs.dll
2007-08-28 16:37 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2007-08-28 16:37 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2007-08-28 16:37 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2007-08-28 16:37 148,352 --a--c--- C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2007-08-28 16:37 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2007-08-28 16:37 11,264 --a--c--- C:\WINDOWS\system32\dllcache\1394vdbg.sys
2007-08-28 16:36 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-08-28 10:44 <DIR> d-------- C:\DOCUME~1\Theodor\.housecall6.6
2007-08-27 21:35 629,162 ---hs---- C:\WINDOWS\system32\xybeg.ini2
2007-08-27 20:47 <DIR> d-------- C:\VundoFix Backups
2007-08-25 15:21 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-08-25 15:21 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-08-25 14:28 <DIR> d-------- C:\DOCUME~1\Theodor\.scribus
2007-08-22 19:33 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\Disney Interactive Studios
2007-08-22 19:21 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\InstallShield
2007-08-22 14:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-08-22 00:21 <DIR> d-------- C:\Program Files\XoftSpySE
2007-08-21 20:49 <DIR> d-------- C:\Temp
2007-08-21 15:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-08-21 15:37 <DIR> d-------- C:\KAV
2007-08-20 17:33 <DIR> d-------- C:\Program Files\PowerStrip
2007-08-20 17:31 <DIR> d-------- C:\Program Files\RivaTuner v2.01
2007-08-11 14:58 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-08-11 14:46 <DIR> d-------- C:\Program Files\Acclaim
2007-08-11 14:27 <DIR> d-------- C:\manga
2007-08-09 14:17 <DIR> d-------- C:\Downloads
2007-08-08 18:08 <DIR> d-------- C:\Program Files\DynDNS Updater
2007-08-08 18:08 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\Kana Solution
2007-08-08 12:37 <DIR> d-------- C:\Program Files\Address.net DNS Client
2007-08-07 19:40 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\Yahoo!
2007-08-07 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-05 19:52 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\DivX
2007-08-02 03:23 556,544 --------- C:\WINDOWS\system32\NexPlayerX.dll
2007-08-02 02:10 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-08-02 02:09 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-08-02 02:08 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-08-02 02:08 <DIR> d-------- C:\Program Files\Samsung
2007-08-02 01:43 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-02 01:43 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-08-02 01:43 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-08-02 01:43 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-08-02 01:43 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-08-02 01:43 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-31 18:29 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-07-31 18:28 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2007-07-31 18:28 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-07-31 18:28 <DIR> d-------- C:\Program Files\iolo
2007-07-31 18:28 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
2007-07-31 18:23 <DIR> d-------- C:\DOCUME~1\Theodor\APPLIC~1\iolo
2007-07-31 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-07-28 12:02 <DIR> d-------- C:\Program Files\DivX
2007-07-27 01:06 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 01:06 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:06 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2007-07-25 18:16 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-07-25 18:16 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-07-25 18:16 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-07-23 01:22 77,824 --a------ C:\WINDOWS\system32\nvinstnt.dll
2007-07-23 01:22 55,808 --a------ C:\WINDOWS\system32\nvdesk32.dll
2007-07-23 01:22 147,456 --a------ C:\WINDOWS\system32\nvqtwk.dll
2007-07-23 01:22 135,168 --a------ C:\WINDOWS\system32\nvfsvm.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 12:51 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-29 22:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-27 20:56 --------- d-------- C:\DOCUME~1\Theodor\APPLIC~1\Skype
2007-08-22 19:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-11 14:50 --------- d-------- C:\Program Files\Microsoft DirectX SDK (June 2007)
2007-08-09 23:52 --------- d-------- C:\Program Files\BitComet
2007-08-09 20:30 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-08-09 14:17 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 01:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-27 01:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-27 01:06 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 81920 --a--c--- C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2007-07-27 01:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-05 23:31 --------- d-------- C:\Program Files\MythWar_en
2007-07-03 23:52 --------- d-------- C:\Program Files\Google
2007-07-03 09:08 --------- d-------- C:\Program Files\Knytt
2007-07-03 09:06 --------- d-------- C:\Program Files\Dobermann
2007-07-03 02:01 --------- d-------- C:\Program Files\RegCure
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 19:38 3364957 --ahs---- C:\WINDOWS\system32\rsetup.exe
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-05-31 19:30 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-05-31 19:29 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-05-30 18:03 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-05-30 18:03 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="C:\Program Files\RivaTuner v2.01\RivaTuner.exe" [2007-04-29 19:05]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-04-08 15:22]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-29 16:55]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2007-08-30 18:39]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\DOCUME~1\Theodor\STARTM~1\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2006-07-14 13:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqromm]
urqromm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]
winzzd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys
R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
R3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.01\RivaTuner32.sys
R3 TfNetMon;TfNetMon;\??\C:\WINDOWS\system32\drivers\TfNetMon.sys
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 PCAlertDriver;PCAlertDriver;\??\C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 vmdmc;SANTIS VComm+ Port Driver;C:\WINDOWS\system32\DRIVERS\vmdmc.sys

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD

Contents of the 'Scheduled Tasks' folder
2007-07-18 06:24:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-22 12:14:52 C:\WINDOWS\Tasks\Pareto UNS.job - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
2007-08-02 01:08:15 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2006-10-02 17:45:22 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
2007-08-30 16:11:14 C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-08-28 05:51:33 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 00:25:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-31 0:30:02
C:\ComboFix-quarantined-files.txt ... 2007-08-31 00:30

--- E O F ---

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
31-Aug-07 0:08:20.04

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 00:08:21
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9412e814]
"001247c597b9"=hex:84,c4,eb,00,01,f2,6b,1d,c9,c4,ca,1e,6b,af,c7,84
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:47258cdc
"s2"=dword:ad286b17
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ee,76,6f,af,03,e1,8c,ec,b0,e3,b4,3d,80,23,54,4f,23,b2,89,9c,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,2e,f3,c5,b6,18,e4,a8,59,36,da,8b,17,bd,76,9b,9f,..
"khjeh"=hex:0d,85,75,35,3b,7f,e5,3f,8f,88,13,bf,a0,7d,6a,10,3e,76,59,91,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d4,60,f3,dd,99,8a,c5,85,8e,a4,05,b5,76,d2,78,ab,35,6c,22,d3,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9412e814]
"001247c597b9"=hex:84,c4,eb,00,01,f2,6b,1d,c9,c4,ca,1e,6b,af,c7,84
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ee,76,6f,af,03,e1,8c,ec,b0,e3,b4,3d,80,23,54,4f,23,b2,89,9c,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,2e,f3,c5,b6,18,e4,a8,59,36,da,8b,17,bd,76,9b,9f,..
"khjeh"=hex:0d,85,75,35,3b,7f,e5,3f,8f,88,13,bf,a0,7d,6a,10,3e,76,59,91,4f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d4,60,f3,dd,99,8a,c5,85,8e,a4,05,b5,76,d2,78,ab,35,6c,22,d3,ba,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

ps the new link for the anti spy is http://free.grisoft.com/doc/5390/us/frt/0?prd=asf

ty very much

Post Edited (TomRushby) : 30-08-2007 22:41:35 GMT

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted 8-31-2007 8:59 (GMT +1)

Update Superantispyware

Download and install DrWebCureit:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

http://spywareinfo.dk/download/drweb-cureit.exe

to your desktop.

Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.

Reboot to Safe mode

Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".

It will first make a quick scan of your system, let it clean what it find, and when it says "done"

Click on the green screwdriver-

Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete

Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all

After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Start Superantispyware.

Hit - Scan Your Computer - button

Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,

it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot

Start Superantispyware again –

Click Preferences and then click the statistics/logs tab.

Click the dated log and press view log and a text file will appear.

Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running ?

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals