Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware


  • Please log in to reply
7 replies to this topic

#1 ekke67

ekke67

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 07 September 2007 - 05:03 PM

Hi, I got a lot of malware, my virusprogram will not take them away.
I Have adaware and spyboot, I also try avg and they find a lot of things every time, but next time its the same.
Explorer starts windows who names like antiwinpro7, perfspot and disccleaner and outherform. what should I do.
I have sent my latest hijack logg

Pleas help me, my computer are realy slow now and its hopless to surf with. often it closing down ie.

/ ekke from Sweden

Attached Files



BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 07 September 2007 - 05:27 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ekke67 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

First of all you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Now go to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 ekke67

ekke67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 07 September 2007 - 06:14 PM

thank you my friend. you make me happy with your fast answer.
I have done it all and post the logg now.

ComboFix 07-09-08.6 - "Administrat”r" 2007-09-08 0:39:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1053.18.103 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ADMINI~1\err.log
C:\Program\crosof~1.net
C:\Program\crosof~1.net\??crosoft.NET\
C:\Program\qdizoxqp
C:\Program\qdizoxqp\mxcbsdob.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\fnts~1
C:\WINDOWS\fnts~1\F?nts\
C:\WINDOWS\system32\fglz.dll
C:\WINDOWS\system32\spfivwrj.exe
C:\WINDOWS\system32\udlwaqfg.exe
C:\WINDOWS\system32\usiytkxr.exe
C:\WINDOWS\system32\wapisvit.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 00:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 17:29 70,208 --a------ C:\WINDOWS\system32\liqnrqim.dll
2007-09-07 10:57 125,504 --a------ C:\WINDOWS\system32\eijvmcnu.dll
2007-09-06 10:56 70,208 --a------ C:\WINDOWS\system32\ievvynfw.dll
2007-09-05 10:52 70,208 --a------ C:\WINDOWS\system32\bivmmfpr.dll
2007-09-05 10:52 125,504 --a------ C:\WINDOWS\system32\qsuqtywl.dll
2007-09-05 00:00 <KAT> d-------- C:\Program\Trend Micro
2007-09-04 23:02 <KAT> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-09-04 21:11 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-04 10:58 125,504 --a------ C:\WINDOWS\system32\qwnfocsv.dll
2007-09-04 10:55 70,208 --a------ C:\WINDOWS\system32\ulnanwnw.dll
2007-09-04 06:10 70,208 --a------ C:\WINDOWS\system32\daxyxnvx.dll
2007-09-04 05:57 <KAT> d-------- C:\Program\Lavasoft
2007-09-04 05:57 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 05:56 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-09-03 10:53 125,504 --------- C:\WINDOWS\system32\tpkowgvd.dll
2007-09-02 16:18 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 16:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-02 15:56 <KAT> d-------- C:\WINDOWS\system32\wowrlegl
2007-09-02 14:38 <KAT> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-02 09:45 70,208 --a------ C:\WINDOWS\system32\hrowpfir.dll
2007-09-02 09:34 662,313 ---hs---- C:\WINDOWS\system32\nmnmp.bak2
2007-09-01 16:20 6,448 ---hs---- C:\WINDOWS\system32\nmnmp.bak1
2007-09-01 16:20 298,080 --------- C:\WINDOWS\system32\pmnmn.dll
2007-09-01 16:15 95,744 --a------ C:\WINDOWS\system32\drvrod.dll
2007-09-01 16:15 43,542 --a------ C:\WINDOWS\system32\yayvsss.dll
2007-09-01 16:15 15,360 --a------ C:\WINDOWS\system32\drvrodr.dll
2007-08-16 21:12 339,968 --------- C:\WINDOWS\Support32.exe
2007-08-16 21:12 <KAT> d-------- C:\Program\SPCS
2007-08-16 21:08 307,200 --a------ C:\WINDOWS\IsUn041d.exe
2007-08-13 14:12 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-08-13 11:57 <KAT> d-------- C:\Program\VideoLAN
2007-08-13 11:26 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-08-13 11:26 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2007-08-13 11:26 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-08-13 11:26 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-08-13 11:26 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-08-13 11:26 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-08-13 11:26 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-13 11:26 <KAT> d-------- C:\Program\Free Audio Pack
2007-08-13 10:57 254 --a------ C:\WINDOWS\system32\drivers\pxfsf.dat
2007-08-11 23:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-11 23:30 <KAT> d-------- C:\WINDOWS\provisioning
2007-08-11 23:30 <KAT> d-------- C:\WINDOWS\peernet
2007-08-11 23:05 406,528 --------- C:\WINDOWS\system32\dllcache\aclayers.dll
2007-08-11 23:05 255,488 --------- C:\WINDOWS\system32\dllcache\acverfyr.dll
2007-08-11 23:05 219,136 --------- C:\WINDOWS\system32\dllcache\acspecfc.dll
2007-08-11 23:05 125,440 --------- C:\WINDOWS\system32\dllcache\aclua.dll
2007-08-11 23:05 107,520 --------- C:\WINDOWS\system32\dllcache\acxtrnal.dll
2007-08-11 23:05 1,820,672 --------- C:\WINDOWS\system32\dllcache\acgenral.dll
2007-08-11 22:39 <KAT> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 00:43 50423 --a------ C:\WINDOWS\system32\drivers\stac97e.log
2007-08-13 11:28 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-08-13 09:52 77312 --a------ C:\WINDOWS\ua2.dll
2007-08-12 18:26 --------- d-------- C:\Program\MSN Messenger
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 13:58 --------- d-------- C:\Program\Symantec
2007-07-29 13:58 --------- d-------- C:\Program\Delade filer\Symantec Shared
2007-07-29 13:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-24 21:02 --------- d-------- C:\Program\Cliprex DVD Player Professional
2007-07-24 20:08 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-07-24 00:26 --------- d-------- C:\Program\Cliprex
2007-07-12 13:29 --------- d-------- C:\Program\directx
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-08 07:49 --------- d-------- C:\Program\ffdshow
2007-07-08 07:49 --------- d-------- C:\Program\AC3Filter
2006-04-06 00:31 289 --a------ C:\DOCUME~1\ADMINI~1\mc-110-12-0000229.exe
--------- C:\Program\Levande Böcker
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086DD28C-1366-6DC0-6522-3D71B70396CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3575FBDC-70F6-4110-A279-284BCE94749D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{435D08DD-665E-474F-B977-5EE75A2BDCB2}]
2007-09-01 16:15 43542 --a------ C:\WINDOWS\system32\yayvsss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{508AA87B-255B-414C-B7B0-1E0727026A0B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C094B7-9C23-4548-8CB0-748AF1D58545}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53FADE71-70F5-4F64-A29F-1FEB27E7D27F}]
2007-09-01 16:20 298080 --------- C:\WINDOWS\System32\pmnmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D62AAA4-2E28-4622-ACE9-EEDF5B219A3D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BE8679-EAED-470A-BA24-CA80CFA9B75F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAE42AD-77A3-44C7-9403-B636C3D20460}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2003-02-24 15:35 C:\WINDOWS\system32\pctspk.exe]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2003-06-10 23:07]
"PRONoMgr.exe"="C:\Program\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"Spooler SubSystem App"="C:\WINDOWS\System32\spooIsv.exe" []
"Windows Network Firewall"="C:\WINDOWS\System32\firewall.exe" []
"Microsoft ® Windows Update Service"="C:\WINDOWS\update\wuauclt.exe" []
"vxd32"="C:\WINDOWS\System32\vxd32.dll" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"StorageGuard"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01]
"hostserv"="hostserv.exe" []
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" []
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" []
"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]
"Sonic RecordNow!"="" []
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 21:42]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" []
"Jnvqykk"="C:\Documents and Settings\Administratör\Mina dokument\??crosoft\?pool32.exe" []
"Uipm"="C:\WINDOWS\System32\DOBE~1\wucrtupd.exe" [2007-09-08 00:49]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"hostserv"=hostserv.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Uipm"="C:\Program\CROSOF~1.NET\rundll32.exe" -vt yazr
"Thtt"=C:\WINDOWS\system32\config\systemprofile\Application Data\S?mantec\??erinit.exe
"hostserv"=hostserv.exe

C:\DOCUME~1\ALLUSE~1\START-~1\Program\AUTOST~1\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{435D08DD-665E-474F-B977-5EE75A2BDCB2}"= C:\WINDOWS\system32\yayvsss.dll [2007-09-01 16:15 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyvvv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmn]
C:\WINDOWS\System32\pmnmn.dll 2007-09-01 16:20 298080 C:\WINDOWS\system32\pmnmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-06-20 07:03 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhfp32]
winhfp32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvsss]
yayvsss.dll 2007-09-01 16:15 43542 C:\WINDOWS\system32\yayvsss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvt]
yayvt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S2 MP4Video16;MP4VideoDriver;"C:\WINDOWS\KernelUpdate"
S2 msproc;Word Process;"C:\WINDOWS\mswinpad.exe"
S2 UpdateManager;Windows Update Manager;C:\WINDOWS\update\updmgr.exe /updatemgr
S2 UpdateSvc;Windows Update Service;C:\WINDOWS\update\wuauclt.exe /update
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\System32\drivers\wA301b.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\System32\Drivers\iqvw32.sys
S3 SPCP825K;Sunplus Serial port driver;C:\WINDOWS\System32\DRIVERS\SPCP825K.sys
S3 w70n51;Drivrutin för Intel® PRO/trådlös 7100-adapter;C:\WINDOWS\System32\DRIVERS\w70n51.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 00:45:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\
scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vxd32"="rundll32.exe C:\\WINDOWS\\System32\\vxd32.dll,start"
.
Completion time: 2007-09-08 0:51:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 00:51
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:03:19, on 2007-09-08
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program\Apoint\Apoint.exe
C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program\Apoint\Apntex.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administratör\Mina dokument\??crosoft\?pool32.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program\internet explorer\iexplore.exe
C:\Program\internet explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {3575FBDC-70F6-4110-A279-284BCE94749D} - (no file)
O2 - BHO: (no name) - {435D08DD-665E-474F-B977-5EE75A2BDCB2} - C:\WINDOWS\system32\yayvsss.dll
O2 - BHO: (no name) - {508AA87B-255B-414C-B7B0-1E0727026A0B} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C094B7-9C23-4548-8CB0-748AF1D58545} - (no file)
O2 - BHO: (no name) - {53FADE71-70F5-4F64-A29F-1FEB27E7D27F} - C:\WINDOWS\System32\pmnmn.dll
O2 - BHO: (no name) - {6D62AAA4-2E28-4622-ACE9-EEDF5B219A3D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ACAE42AD-77A3-44C7-9403-B636C3D20460} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [Microsoft ® Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [vxd32] rundll32.exe C:\WINDOWS\System32\vxd32.dll,start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hostserv] hostserv.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [hostserv] hostserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Jnvqykk] "C:\Documents and Settings\Administratör\Mina dokument\??crosoft\?pool32.exe"
O4 - HKCU\..\Run: [Uipm] "C:\WINDOWS\System32\DOBE~1\wucrtupd.exe" -vt ndrv
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Uipm] "C:\Program\CROSOF~1.NET\rundll32.exe" -vt yazr (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Uipm] "C:\Program\CROSOF~1.NET\rundll32.exe" -vt yazr (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: efcyvvv - C:\WINDOWS\
O20 - Winlogon Notify: mljkl - C:\WINDOWS\
O20 - Winlogon Notify: pmnmn - C:\WINDOWS\System32\pmnmn.dll
O20 - Winlogon Notify: winhfp32 - winhfp32.dll (file missing)
O20 - Winlogon Notify: yayvsss - C:\WINDOWS\SYSTEM32\yayvsss.dll
O20 - Winlogon Notify: yayvt - yayvt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MP4VideoDriver (MP4Video16) - Unknown owner - C:\WINDOWS\KernelUpdate (file missing)
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe (file missing)
O24 - Desktop Component 1: (no name) - http://www.di.se/

--
End of file - 7904 bytes


thank you my friend. you make me happy with your fast answer.
I have done it all and post the logg now.

ComboFix 07-09-08.6 - "Administrat”r" 2007-09-08 0:39:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1053.18.103 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ADMINI~1\err.log
C:\Program\crosof~1.net
C:\Program\crosof~1.net\??crosoft.NET\
C:\Program\qdizoxqp
C:\Program\qdizoxqp\mxcbsdob.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\fnts~1
C:\WINDOWS\fnts~1\F?nts\
C:\WINDOWS\system32\fglz.dll
C:\WINDOWS\system32\spfivwrj.exe
C:\WINDOWS\system32\udlwaqfg.exe
C:\WINDOWS\system32\usiytkxr.exe
C:\WINDOWS\system32\wapisvit.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 00:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 17:29 70,208 --a------ C:\WINDOWS\system32\liqnrqim.dll
2007-09-07 10:57 125,504 --a------ C:\WINDOWS\system32\eijvmcnu.dll
2007-09-06 10:56 70,208 --a------ C:\WINDOWS\system32\ievvynfw.dll
2007-09-05 10:52 70,208 --a------ C:\WINDOWS\system32\bivmmfpr.dll
2007-09-05 10:52 125,504 --a------ C:\WINDOWS\system32\qsuqtywl.dll
2007-09-05 00:00 <KAT> d-------- C:\Program\Trend Micro
2007-09-04 23:02 <KAT> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-09-04 21:11 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-04 10:58 125,504 --a------ C:\WINDOWS\system32\qwnfocsv.dll
2007-09-04 10:55 70,208 --a------ C:\WINDOWS\system32\ulnanwnw.dll
2007-09-04 06:10 70,208 --a------ C:\WINDOWS\system32\daxyxnvx.dll
2007-09-04 05:57 <KAT> d-------- C:\Program\Lavasoft
2007-09-04 05:57 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 05:56 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-09-03 10:53 125,504 --------- C:\WINDOWS\system32\tpkowgvd.dll
2007-09-02 16:18 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 16:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-02 15:56 <KAT> d-------- C:\WINDOWS\system32\wowrlegl
2007-09-02 14:38 <KAT> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-02 09:45 70,208 --a------ C:\WINDOWS\system32\hrowpfir.dll
2007-09-02 09:34 662,313 ---hs---- C:\WINDOWS\system32\nmnmp.bak2
2007-09-01 16:20 6,448 ---hs---- C:\WINDOWS\system32\nmnmp.bak1
2007-09-01 16:20 298,080 --------- C:\WINDOWS\system32\pmnmn.dll
2007-09-01 16:15 95,744 --a------ C:\WINDOWS\system32\drvrod.dll
2007-09-01 16:15 43,542 --a------ C:\WINDOWS\system32\yayvsss.dll
2007-09-01 16:15 15,360 --a------ C:\WINDOWS\system32\drvrodr.dll
2007-08-16 21:12 339,968 --------- C:\WINDOWS\Support32.exe
2007-08-16 21:12 <KAT> d-------- C:\Program\SPCS
2007-08-16 21:08 307,200 --a------ C:\WINDOWS\IsUn041d.exe
2007-08-13 14:12 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-08-13 11:57 <KAT> d-------- C:\Program\VideoLAN
2007-08-13 11:26 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-08-13 11:26 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2007-08-13 11:26 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-08-13 11:26 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-08-13 11:26 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-08-13 11:26 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-08-13 11:26 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-13 11:26 <KAT> d-------- C:\Program\Free Audio Pack
2007-08-13 10:57 254 --a------ C:\WINDOWS\system32\drivers\pxfsf.dat
2007-08-11 23:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-11 23:30 <KAT> d-------- C:\WINDOWS\provisioning
2007-08-11 23:30 <KAT> d-------- C:\WINDOWS\peernet
2007-08-11 23:05 406,528 --------- C:\WINDOWS\system32\dllcache\aclayers.dll
2007-08-11 23:05 255,488 --------- C:\WINDOWS\system32\dllcache\acverfyr.dll
2007-08-11 23:05 219,136 --------- C:\WINDOWS\system32\dllcache\acspecfc.dll
2007-08-11 23:05 125,440 --------- C:\WINDOWS\system32\dllcache\aclua.dll
2007-08-11 23:05 107,520 --------- C:\WINDOWS\system32\dllcache\acxtrnal.dll
2007-08-11 23:05 1,820,672 --------- C:\WINDOWS\system32\dllcache\acgenral.dll
2007-08-11 22:39 <KAT> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 00:43 50423 --a------ C:\WINDOWS\system32\drivers\stac97e.log
2007-08-13 11:28 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-08-13 09:52 77312 --a------ C:\WINDOWS\ua2.dll
2007-08-12 18:26 --------- d-------- C:\Program\MSN Messenger
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 13:58 --------- d-------- C:\Program\Symantec
2007-07-29 13:58 --------- d-------- C:\Program\Delade filer\Symantec Shared
2007-07-29 13:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-24 21:02 --------- d-------- C:\Program\Cliprex DVD Player Professional
2007-07-24 20:08 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-07-24 00:26 --------- d-------- C:\Program\Cliprex
2007-07-12 13:29 --------- d-------- C:\Program\directx
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-08 07:49 --------- d-------- C:\Program\ffdshow
2007-07-08 07:49 --------- d-------- C:\Program\AC3Filter
2006-04-06 00:31 289 --a------ C:\DOCUME~1\ADMINI~1\mc-110-12-0000229.exe
--------- C:\Program\Levande Böcker
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086DD28C-1366-6DC0-6522-3D71B70396CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3575FBDC-70F6-4110-A279-284BCE94749D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{435D08DD-665E-474F-B977-5EE75A2BDCB2}]
2007-09-01 16:15 43542 --a------ C:\WINDOWS\system32\yayvsss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{508AA87B-255B-414C-B7B0-1E0727026A0B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C094B7-9C23-4548-8CB0-748AF1D58545}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53FADE71-70F5-4F64-A29F-1FEB27E7D27F}]
2007-09-01 16:20 298080 --------- C:\WINDOWS\System32\pmnmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D62AAA4-2E28-4622-ACE9-EEDF5B219A3D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BE8679-EAED-470A-BA24-CA80CFA9B75F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAE42AD-77A3-44C7-9403-B636C3D20460}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2003-02-24 15:35 C:\WINDOWS\system32\pctspk.exe]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2003-06-10 23:07]
"PRONoMgr.exe"="C:\Program\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"Spooler SubSystem App"="C:\WINDOWS\System32\spooIsv.exe" []
"Windows Network Firewall"="C:\WINDOWS\System32\firewall.exe" []
"Microsoft ® Windows Update Service"="C:\WINDOWS\update\wuauclt.exe" []
"vxd32"="C:\WINDOWS\System32\vxd32.dll" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"StorageGuard"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01]
"hostserv"="hostserv.exe" []
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" []
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" []
"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]
"Sonic RecordNow!"="" []
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 21:42]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" []
"Jnvqykk"="C:\Documents and Settings\Administratör\Mina dokument\??crosoft\?pool32.exe" []
"Uipm"="C:\WINDOWS\System32\DOBE~1\wucrtupd.exe" [2007-09-08 00:49]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"hostserv"=hostserv.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Uipm"="C:\Program\CROSOF~1.NET\rundll32.exe" -vt yazr
"Thtt"=C:\WINDOWS\system32\config\systemprofile\Application Data\S?mantec\??erinit.exe
"hostserv"=hostserv.exe

C:\DOCUME~1\ALLUSE~1\START-~1\Program\AUTOST~1\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{435D08DD-665E-474F-B977-5EE75A2BDCB2}"= C:\WINDOWS\system32\yayvsss.dll [2007-09-01 16:15 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyvvv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmn]
C:\WINDOWS\System32\pmnmn.dll 2007-09-01 16:20 298080 C:\WINDOWS\system32\pmnmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-06-20 07:03 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhfp32]
winhfp32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvsss]
yayvsss.dll 2007-09-01 16:15 43542 C:\WINDOWS\system32\yayvsss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvt]
yayvt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S2 MP4Video16;MP4VideoDriver;"C:\WINDOWS\KernelUpdate"
S2 msproc;Word Process;"C:\WINDOWS\mswinpad.exe"
S2 UpdateManager;Windows Update Manager;C:\WINDOWS\update\updmgr.exe /updatemgr
S2 UpdateSvc;Windows Update Service;C:\WINDOWS\update\wuauclt.exe /update
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\System32\drivers\wA301b.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\System32\Drivers\iqvw32.sys
S3 SPCP825K;Sunplus Serial port driver;C:\WINDOWS\System32\DRIVERS\SPCP825K.sys
S3 w70n51;Drivrutin för Intel® PRO/trådlös 7100-adapter;C:\WINDOWS\System32\DRIVERS\w70n51.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 00:45:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\
scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vxd32"="rundll32.exe C:\\WINDOWS\\System32\\vxd32.dll,start"
.
Completion time: 2007-09-08 0:51:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 00:51
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:03:19, on 2007-09-08
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program\Apoint\Apoint.exe
C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program\Apoint\Apntex.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administratör\Mina dokument\??crosoft\?pool32.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program\internet explorer\iexplore.exe
C:\Program\internet explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {3575FBDC-70F6-4110-A279-284BCE94749D} - (no file)
O2 - BHO: (no name) - {435D08DD-665E-474F-B977-5EE75A2BDCB2} - C:\WINDOWS\system32\yayvsss.dll
O2 - BHO: (no name) - {508AA87B-255B-414C-B7B0-1E0727026A0B} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C094B7-9C23-4548-8CB0-748AF1D58545} - (no file)
O2 - BHO: (no name) - {53FADE71-70F5-4F64-A29F-1FEB27E7D27F} - C:\WINDOWS\System32\pmnmn.dll
O2 - BHO: (no name) - {6D62AAA4-2E28-4622-ACE9-EEDF5B219A3D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ACAE42AD-77A3-44C7-9403-B636C3D20460} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [Microsoft ® Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [vxd32] rundll32.exe C:\WINDOWS\System32\vxd32.dll,start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [hostserv] hostserv.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [hostserv] hostserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Jnvqykk] "C:\Documents and Settings\Administratör\Mina dokument\??crosoft\?pool32.exe"
O4 - HKCU\..\Run: [Uipm] "C:\WINDOWS\System32\DOBE~1\wucrtupd.exe" -vt ndrv
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Uipm] "C:\Program\CROSOF~1.NET\rundll32.exe" -vt yazr (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Uipm] "C:\Program\CROSOF~1.NET\rundll32.exe" -vt yazr (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: efcyvvv - C:\WINDOWS\
O20 - Winlogon Notify: mljkl - C:\WINDOWS\
O20 - Winlogon Notify: pmnmn - C:\WINDOWS\System32\pmnmn.dll
O20 - Winlogon Notify: winhfp32 - winhfp32.dll (file missing)
O20 - Winlogon Notify: yayvsss - C:\WINDOWS\SYSTEM32\yayvsss.dll
O20 - Winlogon Notify: yayvt - yayvt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MP4VideoDriver (MP4Video16) - Unknown owner - C:\WINDOWS\KernelUpdate (file missing)
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe (file missing)
O24 - Desktop Component 1: (no name) - http://www.di.se/

--
End of file - 7904 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 07 September 2007 - 06:42 PM

*Warning*
You have recently had at least one Backdoor Trojan on your pc.
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

Since your computer was compromised read:
How to report ID theft, fraud, drive-by installs, hijacking and malware:
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall:
http://www.dslreports.com/faq/10063

If you want us to go ahead and carry on cleaning up your system,then follow the instructions below.

If you don't want to carry on,then let me know now please.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\liqnrqim.dll
C:\WINDOWS\system32\eijvmcnu.dll
C:\WINDOWS\system32\ievvynfw.dll
C:\WINDOWS\system32\bivmmfpr.dll
C:\WINDOWS\system32\qsuqtywl.dll
C:\WINDOWS\system32\qwnfocsv.dll
C:\WINDOWS\system32\ulnanwnw.dll
C:\WINDOWS\system32\daxyxnvx.dll
C:\WINDOWS\system32\tpkowgvd.dll
C:\WINDOWS\system32\hrowpfir.dll
C:\WINDOWS\system32\nmnmp.bak2
C:\WINDOWS\system32\nmnmp.bak1
C:\WINDOWS\system32\pmnmn.dll
C:\WINDOWS\system32\drvrod.dll
C:\WINDOWS\system32\yayvsss.dll
C:\WINDOWS\system32\drvrodr.dll
C:\WINDOWS\Support32.exe
C:\DOCUME~1\ADMINI~1\mc-110-12-0000229.exe

Folder::
C:\WINDOWS\system32\wowrlegl

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086DD28C-1366-6DC0-6522-3D71B70396CF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3575FBDC-70F6-4110-A279-284BCE94749D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{435D08DD-665E-474F-B977-5EE75A2BDCB2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{508AA87B-255B-414C-B7B0-1E0727026A0B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C094B7-9C23-4548-8CB0-748AF1D58545}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53FADE71-70F5-4F64-A29F-1FEB27E7D27F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D62AAA4-2E28-4622-ACE9-EEDF5B219A3D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BE8679-EAED-470A-BA24-CA80CFA9B75F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAE42AD-77A3-44C7-9403-B636C3D20460}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spooler SubSystem App"=-
"Windows Network Firewall"=-
"Microsoft ® Windows Update Service"=-
"vxd32"=-
"hostserv"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jnvqykk"=-
"Uipm"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"hostserv"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Uipm"=-
"Thtt"=-
"hostserv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{435D08DD-665E-474F-B977-5EE75A2BDCB2}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyvvv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhfp32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvsss]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvt]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

Edited by RichieUK, 07 September 2007 - 06:43 PM.

Posted Image
Posted Image

#5 ekke67

ekke67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 September 2007 - 02:20 AM

Hi, thanks my computer are working much better now.
You are a fantastic help fore me.
After a halfnight sleeping Im back to fix the computer.
Here are the latest combofix log and the latest hijack log

ComboFix 07-09-08.6 - "Administrat”r" 2007-09-08 0:39:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1053.18.103 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ADMINI~1\err.log
C:\Program\crosof~1.net
C:\Program\crosof~1.net\??crosoft.NET\
C:\Program\qdizoxqp
C:\Program\qdizoxqp\mxcbsdob.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\fnts~1
C:\WINDOWS\fnts~1\F?nts\
C:\WINDOWS\system32\fglz.dll
C:\WINDOWS\system32\spfivwrj.exe
C:\WINDOWS\system32\udlwaqfg.exe
C:\WINDOWS\system32\usiytkxr.exe
C:\WINDOWS\system32\wapisvit.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 00:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 17:29 70,208 --a------ C:\WINDOWS\system32\liqnrqim.dll
2007-09-07 10:57 125,504 --a------ C:\WINDOWS\system32\eijvmcnu.dll
2007-09-06 10:56 70,208 --a------ C:\WINDOWS\system32\ievvynfw.dll
2007-09-05 10:52 70,208 --a------ C:\WINDOWS\system32\bivmmfpr.dll
2007-09-05 10:52 125,504 --a------ C:\WINDOWS\system32\qsuqtywl.dll
2007-09-05 00:00 <KAT> d-------- C:\Program\Trend Micro
2007-09-04 23:02 <KAT> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-09-04 21:11 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-04 10:58 125,504 --a------ C:\WINDOWS\system32\qwnfocsv.dll
2007-09-04 10:55 70,208 --a------ C:\WINDOWS\system32\ulnanwnw.dll
2007-09-04 06:10 70,208 --a------ C:\WINDOWS\system32\daxyxnvx.dll
2007-09-04 05:57 <KAT> d-------- C:\Program\Lavasoft
2007-09-04 05:57 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 05:56 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-09-03 10:53 125,504 --------- C:\WINDOWS\system32\tpkowgvd.dll
2007-09-02 16:18 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 16:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-02 15:56 <KAT> d-------- C:\WINDOWS\system32\wowrlegl
2007-09-02 14:38 <KAT> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-02 09:45 70,208 --a------ C:\WINDOWS\system32\hrowpfir.dll
2007-09-02 09:34 662,313 ---hs---- C:\WINDOWS\system32\nmnmp.bak2
2007-09-01 16:20 6,448 ---hs---- C:\WINDOWS\system32\nmnmp.bak1
2007-09-01 16:20 298,080 --------- C:\WINDOWS\system32\pmnmn.dll
2007-09-01 16:15 95,744 --a------ C:\WINDOWS\system32\drvrod.dll
2007-09-01 16:15 43,542 --a------ C:\WINDOWS\system32\yayvsss.dll
2007-09-01 16:15 15,360 --a------ C:\WINDOWS\system32\drvrodr.dll
2007-08-16 21:12 339,968 --------- C:\WINDOWS\Support32.exe
2007-08-16 21:12 <KAT> d-------- C:\Program\SPCS
2007-08-16 21:08 307,200 --a------ C:\WINDOWS\IsUn041d.exe
2007-08-13 14:12 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-08-13 11:57 <KAT> d-------- C:\Program\VideoLAN
2007-08-13 11:26 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-08-13 11:26 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2007-08-13 11:26 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-08-13 11:26 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-08-13 11:26 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-08-13 11:26 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-08-13 11:26 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-13 11:26 <KAT> d-------- C:\Program\Free Audio Pack
2007-08-13 10:57 254 --a------ C:\WINDOWS\system32\drivers\pxfsf.dat
2007-08-11 23:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-11 23:30 <KAT> d-------- C:\WINDOWS\provisioning
2007-08-11 23:30 <KAT> d-------- C:\WINDOWS\peernet
2007-08-11 23:05 406,528 --------- C:\WINDOWS\system32\dllcache\aclayers.dll
2007-08-11 23:05 255,488 --------- C:\WINDOWS\system32\dllcache\acverfyr.dll
2007-08-11 23:05 219,136 --------- C:\WINDOWS\system32\dllcache\acspecfc.dll
2007-08-11 23:05 125,440 --------- C:\WINDOWS\system32\dllcache\aclua.dll
2007-08-11 23:05 107,520 --------- C:\WINDOWS\system32\dllcache\acxtrnal.dll
2007-08-11 23:05 1,820,672 --------- C:\WINDOWS\system32\dllcache\acgenral.dll
2007-08-11 22:39 <KAT> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 00:43 50423 --a------ C:\WINDOWS\system32\drivers\stac97e.log
2007-08-13 11:28 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-08-13 09:52 77312 --a------ C:\WINDOWS\ua2.dll
2007-08-12 18:26 --------- d-------- C:\Program\MSN Messenger
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 13:58 --------- d-------- C:\Program\Symantec
2007-07-29 13:58 --------- d-------- C:\Program\Delade filer\Symantec Shared
2007-07-29 13:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-24 21:02 --------- d-------- C:\Program\Cliprex DVD Player Professional
2007-07-24 20:08 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-07-24 00:26 --------- d-------- C:\Program\Cliprex
2007-07-12 13:29 --------- d-------- C:\Program\directx
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-08 07:49 --------- d-------- C:\Program\ffdshow
2007-07-08 07:49 --------- d-------- C:\Program\AC3Filter
2006-04-06 00:31 289 --a------ C:\DOCUME~1\ADMINI~1\mc-110-12-0000229.exe
--------- C:\Program\Levande Böcker
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086DD28C-1366-6DC0-6522-3D71B70396CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3575FBDC-70F6-4110-A279-284BCE94749D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{435D08DD-665E-474F-B977-5EE75A2BDCB2}]
2007-09-01 16:15 43542 --a------ C:\WINDOWS\system32\yayvsss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{508AA87B-255B-414C-B7B0-1E0727026A0B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C094B7-9C23-4548-8CB0-748AF1D58545}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53FADE71-70F5-4F64-A29F-1FEB27E7D27F}]
2007-09-01 16:20 298080 --------- C:\WINDOWS\System32\pmnmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D62AAA4-2E28-4622-ACE9-EEDF5B219A3D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BE8679-EAED-470A-BA24-CA80CFA9B75F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAE42AD-77A3-44C7-9403-B636C3D20460}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2003-02-24 15:35 C:\WINDOWS\system32\pctspk.exe]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2003-06-10 23:07]
"PRONoMgr.exe"="C:\Program\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"Spooler SubSystem App"="C:\WINDOWS\System32\spooIsv.exe" []
"Windows Network Firewall"="C:\WINDOWS\System32\firewall.exe" []
"Microsoft ® Windows Update Service"="C:\WINDOWS\update\wuauclt.exe" []
"vxd32"="C:\WINDOWS\System32\vxd32.dll" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"StorageGuard"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01]
"hostserv"="hostserv.exe" []
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" []
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" []
"Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 14:08]
"Sonic RecordNow!"="" []
"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 21:42]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" []
"Jnvqykk"="C:\Documents and Settings\Administratör\Mina dokument\??crosoft\?pool32.exe" []
"Uipm"="C:\WINDOWS\System32\DOBE~1\wucrtupd.exe" [2007-09-08 00:49]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"hostserv"=hostserv.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Uipm"="C:\Program\CROSOF~1.NET\rundll32.exe" -vt yazr
"Thtt"=C:\WINDOWS\system32\config\systemprofile\Application Data\S?mantec\??erinit.exe
"hostserv"=hostserv.exe

C:\DOCUME~1\ALLUSE~1\START-~1\Program\AUTOST~1\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{435D08DD-665E-474F-B977-5EE75A2BDCB2}"= C:\WINDOWS\system32\yayvsss.dll [2007-09-01 16:15 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyvvv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmn]
C:\WINDOWS\System32\pmnmn.dll 2007-09-01 16:20 298080 C:\WINDOWS\system32\pmnmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-06-20 07:03 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhfp32]
winhfp32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvsss]
yayvsss.dll 2007-09-01 16:15 43542 C:\WINDOWS\system32\yayvsss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvt]
yayvt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S2 MP4Video16;MP4VideoDriver;"C:\WINDOWS\KernelUpdate"
S2 msproc;Word Process;"C:\WINDOWS\mswinpad.exe"
S2 UpdateManager;Windows Update Manager;C:\WINDOWS\update\updmgr.exe /updatemgr
S2 UpdateSvc;Windows Update Service;C:\WINDOWS\update\wuauclt.exe /update
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\System32\drivers\wA301b.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\System32\Drivers\iqvw32.sys
S3 SPCP825K;Sunplus Serial port driver;C:\WINDOWS\System32\DRIVERS\SPCP825K.sys
S3 w70n51;Drivrutin för Intel® PRO/trådlös 7100-adapter;C:\WINDOWS\System32\DRIVERS\w70n51.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 00:45:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\
scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vxd32"="rundll32.exe C:\\WINDOWS\\System32\\vxd32.dll,start"
.
Completion time: 2007-09-08 0:51:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 00:51
.
--- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:07:52, on 2007-09-08
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program\Apoint\Apoint.exe
C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program\Apoint\Apntex.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Microsoft ® Windows Update Service] C:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MP4VideoDriver (MP4Video16) - Unknown owner - C:\WINDOWS\KernelUpdate (file missing)
O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - C:\WINDOWS\update\wuauclt.exe (file missing)
O24 - Desktop Component 1: (no name) - http://www.di.se/

--
End of file - 6125 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 08 September 2007 - 04:34 AM

Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Posted Image
Posted Image

#7 ekke67

ekke67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 September 2007 - 04:58 PM

ComboFix 07-09-08.6 - "Administrat”r" 2007-09-08 13:20:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1053.18.225 [GMT 2:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 00:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-05 00:00 <KAT> d-------- C:\Program\Trend Micro
2007-09-04 23:02 <KAT> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-09-04 21:11 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-04 05:57 <KAT> d-------- C:\Program\Lavasoft
2007-09-04 05:57 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 05:56 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-09-02 16:18 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 14:38 <KAT> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-16 21:12 <KAT> d-------- C:\Program\SPCS
2007-08-16 21:08 307,200 --a------ C:\WINDOWS\IsUn041d.exe
2007-08-13 14:12 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-08-13 11:57 <KAT> d-------- C:\Program\VideoLAN
2007-08-13 11:26 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-08-13 11:26 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2007-08-13 11:26 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-08-13 11:26 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-08-13 11:26 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-08-13 11:26 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-08-13 11:26 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-08-13 11:26 <KAT> d-------- C:\Program\Free Audio Pack
2007-08-13 10:57 254 --a------ C:\WINDOWS\system32\drivers\pxfsf.dat
2007-08-11 23:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-11 23:30 <KAT> d-------- C:\WINDOWS\provisioning
2007-08-11 23:30 <KAT> d-------- C:\WINDOWS\peernet
2007-08-11 23:05 406,528 --------- C:\WINDOWS\system32\dllcache\aclayers.dll
2007-08-11 23:05 255,488 --------- C:\WINDOWS\system32\dllcache\acverfyr.dll
2007-08-11 23:05 219,136 --------- C:\WINDOWS\system32\dllcache\acspecfc.dll
2007-08-11 23:05 125,440 --------- C:\WINDOWS\system32\dllcache\aclua.dll
2007-08-11 23:05 107,520 --------- C:\WINDOWS\system32\dllcache\acxtrnal.dll
2007-08-11 23:05 1,820,672 --------- C:\WINDOWS\system32\dllcache\acgenral.dll
2007-08-11 22:39 <KAT> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 12:18 51267 --a------ C:\WINDOWS\system32\drivers\stac97e.log
2007-08-13 11:28 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-08-13 09:52 77312 --a------ C:\WINDOWS\ua2.dll
2007-08-12 18:26 --------- d-------- C:\Program\MSN Messenger
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 13:58 --------- d-------- C:\Program\Symantec
2007-07-29 13:58 --------- d-------- C:\Program\Delade filer\Symantec Shared
2007-07-29 13:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-24 21:02 --------- d-------- C:\Program\Cliprex DVD Player Professional
2007-07-24 20:08 33824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-07-24 00:26 --------- d-------- C:\Program\Cliprex
2007-07-12 13:29 --------- d-------- C:\Program\directx
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-08 07:49 --------- d-------- C:\Program\ffdshow
2007-07-08 07:49 --------- d-------- C:\Program\AC3Filter
--------- C:\Program\Levande Böcker
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program\Apoint\Apoint.exe" [2003-06-10 23:07]
"PRONoMgr.exe"="C:\Program\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 09:35]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" []
"!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 21:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 2003-06-20 07:03 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S2 MP4Video16;MP4VideoDriver;"C:\WINDOWS\KernelUpdate"
S2 msproc;Word Process;"C:\WINDOWS\mswinpad.exe"
S3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;C:\WINDOWS\System32\drivers\wA301b.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\System32\Drivers\iqvw32.sys
S3 SPCP825K;Sunplus Serial port driver;C:\WINDOWS\System32\DRIVERS\SPCP825K.sys
S3 w70n51;Drivrutin för Intel® PRO/trådlös 7100-adapter;C:\WINDOWS\System32\DRIVERS\w70n51.sys
S4 UpdateManager;Windows Update Manager;C:\WINDOWS\update\updmgr.exe /updatemgr
S4 UpdateSvc;Windows Update Service;C:\WINDOWS\update\wuauclt.exe /update

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 13:22:25
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-08 13:24:22
C:\ComboFix-quarantined-files.txt ... 2007-09-08 13:24
C:\ComboFix2.txt ... 2007-09-08 02:11
C:\ComboFix3.txt ... 2007-09-08 00:51
.
--- E O F ---
Hi the computer have works fine since the last move. I have install the prog autostart and i have scan it with ad-aware and spyboot sd, untill the dont find anything.
Im very greatfull fore your help.
perehaps its ok now?

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 09 September 2007 - 05:11 AM

Download\install one of the following freeware antivirus programs from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

Once you've done the above,restart your pc.
Post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users