Spyware problems, my browser don't load many of my pages

B

blabar

New member
Hi, have some problems with spyware, IE opens new pages and many pop ups and having problems to load pages. Really needs some help, thanks:)

So first is my HiJackThis log, and then my Combofix report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:47, on 2008-05-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Dell\QuickSet\Quickset.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\AirPort\APAgent.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Steam\Steam.exe
C:\Program\Microsoft ActiveSync\wcescomm.exe
C:\Program\MICROS~4\rapimgr.exe
C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\internet explorer\iexplore.exe
C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SmcService] C:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [BM0fc7ba78] Rundll32.exe "C:\WINDOWS\system32\cdioqvcw.dll",s
O4 - HKLM\..\Run: [0cf489e4] rundll32.exe "C:\WINDOWS\system32\tomwshsp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/nordicbet/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - Unknown owner - C:\Program\WatchGuard\Mobile User VPN\IPSecMon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8786 bytes














ComboFix 08-05-11.1 - Fredrik Dahlgren 2008-05-12 15:41:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.1402 [GMT 2:00]
Running from: C:\Documents and Settings\Fredrik Dahlgren\Skrivbord\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AcIQYJjl.ini
C:\WINDOWS\system32\AcIQYJjl.ini2
C:\WINDOWS\system32\qqvvisyx.ini
C:\WINDOWS\system32\rtBJmnpo.ini
C:\WINDOWS\system32\rtBJmnpo.ini2
C:\WINDOWS\system32\uiqojuhu.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-12 15:20 . 2008-05-12 15:20 <KAT> d-------- C:\Program\Trend Micro
2008-05-12 14:35 . 2008-05-12 14:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-12 14:35 . 2008-05-12 14:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-12 12:39 . 2008-05-12 12:39 <KAT> d-------- C:\Program\Bonjour
2008-05-12 12:14 . 2008-05-12 12:14 132,096 --a------ C:\WINDOWS\system32\nquopdqh.dll
2008-05-12 12:11 . 2008-05-12 12:11 115,712 --a------ C:\WINDOWS\system32\xysivvqq.dll
2008-05-12 12:11 . 2008-05-12 12:11 2,048 --a------ C:\WINDOWS\system32\imapiwwg.exe
2008-05-12 12:08 . 2008-05-12 12:08 125,952 --a------ C:\WINDOWS\system32\ryxmsapq.dll
2008-05-12 11:38 . 2008-05-12 11:38 371,712 --------- C:\WINDOWS\system32\ljJYQIcA.dll_old
2008-05-11 22:29 . 2008-05-11 22:29 133,120 --a------ C:\WINDOWS\system32\nxpdbshw.dll
2008-05-11 22:29 . 2008-05-11 22:29 2,048 --a------ C:\WINDOWS\system32\cgmdgopo.exe
2008-05-11 22:26 . 2008-05-11 22:26 126,976 --a------ C:\WINDOWS\system32\enxhxiqg.dll
2008-05-11 22:26 . 2008-05-11 22:26 116,736 --------- C:\WINDOWS\system32\uhujoqiu.dll
2008-05-11 22:26 . 2008-05-12 15:48 109,807 --a------ C:\WINDOWS\BM0fc7ba78.xml
2008-05-11 10:19 . 2008-05-11 10:19 59,904 --a------ C:\WINDOWS\system32\tuvULFUn.dll
2008-05-11 10:19 . 2008-05-11 10:19 59,904 --a------ C:\WINDOWS\system32\hgGvsqrP.dll
2008-05-09 10:32 . 2008-05-09 10:33 <KAT> d-------- C:\Documents and Settings\Fredrik Dahlgren\Application Data\Launchy
2008-04-24 13:26 . 2008-04-24 13:27 <KAT> d-------- C:\Program\iTunes
2008-04-24 13:17 . 2008-04-24 13:18 <KAT> d-------- C:\Program\QuickTime
2008-04-24 13:16 . 2008-04-24 13:32 <KAT> d-------- C:\Program\Apple Software Update
2008-04-20 11:39 . 2008-04-20 11:41 <KAT> d-------- C:\Documents and Settings\Fredrik Dahlgren\Application Data\Winamp
2008-04-18 13:54 . 2008-04-20 19:03 <KAT> d-------- C:\Program\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 13:49 --------- d-----w C:\Documents and Settings\Fredrik Dahlgren\Application Data\Skype
2008-05-12 13:48 --------- d-----w C:\Program\Steam
2008-05-12 12:52 --------- d-----w C:\Program\FlashFXP
2008-05-12 11:27 --------- d-----w C:\Documents and Settings\Fredrik Dahlgren\Application Data\uTorrent
2008-05-12 10:40 --------- d-----w C:\Program\AirPort
2008-05-12 08:23 --------- d-----w C:\Documents and Settings\Fredrik Dahlgren\Application Data\skypePM
2008-05-11 08:15 --------- d-----w C:\Program\Delade filer\Adobe
2008-05-11 08:14 --------- d-----w C:\Documents and Settings\Fredrik Dahlgren\Application Data\AdobeUM
2008-05-11 08:09 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard
2008-04-27 16:48 --------- d-----w C:\Program\Java
2008-04-24 11:26 --------- d-----w C:\Program\iPod
2008-04-21 10:24 --------- d-----w C:\Program\SPSS Evaluation
2008-04-20 09:39 --------- d-----w C:\Program\Winamp
2008-04-16 14:27 --------- d-----w C:\Documents and Settings\Fredrik Dahlgren\Application Data\U3
2008-04-15 14:47 --------- d-----w C:\Documents and Settings\Fredrik Dahlgren\Application Data\LimeWire
2008-04-12 10:41 36,872 -c--a-w C:\Documents and Settings\Fredrik Dahlgren\Application Data\GDIPFONTCACHEV1.DAT
2008-03-31 20:48 --------- d-----w C:\Program\Microsoft ActiveSync
2008-03-27 18:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-27 18:48 --------- d-----w C:\Program\Skype
2008-03-27 18:48 --------- d-----w C:\Program\Delade filer\Skype
2008-03-27 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:10 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 09:33 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:33 666,624 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-02-16 09:33 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-16 09:33 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2008-02-16 09:33 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:33 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-02-16 09:33 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-02-16 09:33 3,087,872 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-16 09:33 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2008-02-16 09:33 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:32 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2008-02-16 09:32 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-02-16 09:32 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-02-16 09:32 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-02-16 09:32 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-02-16 09:32 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-02-16 09:32 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:32 1,055,232 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:32 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-02-01 19:23 56,912 ----a-w C:\Documents and Settings\Fredrik Dahlgren\g2mdlhlpx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0898849F-F798-4C9A-85B2-0E053BC0E635}]
C:\WINDOWS\system32\ljJYQIcA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4269B4C7-D78D-4194-B571-CE0965FF0E6D}]
2008-05-12 15:52 371712 --a------ C:\WINDOWS\system32\byXNHxwU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722efcb5-50fd-47b4-a64c-3a3f0dce52be}]
2008-05-12 12:14 132096 --a------ C:\WINDOWS\system32\nquopdqh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7FD4485-AD6A-434B-A01F-ED9AE1B4B4B9}]
C:\WINDOWS\system32\opnmJBtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}]
2008-05-11 10:19 59904 --a------ C:\WINDOWS\system32\hgGvsqrP.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2008-03-04 16:21 5724184]
"Skype"="C:\Program\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"Steam"="C:\Program\Steam\Steam.exe" [2008-04-06 16:40 1271032]
"H/PC Connection Agent"="C:\Program\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947]
"IntelZeroConfig"="C:\Program\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"MSKDetectorExe"="C:\Program\McAfee\SpamKiller\MSKDetct.exe" [ ]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ISUSPM Startup"="C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"Dell QuickSet"="C:\Program\Dell\QuickSet\Quickset.exe" [2006-04-06 15:58 1032192]
"egui"="C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]
"SmcService"="C:\Program\Sygate\SPF\smc.exe" [2004-10-15 20:40 2577632]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="C:\Program\Winamp\winampa.exe" [ ]
"0cf489e4"="C:\WINDOWS\system32\xysivvqq.dll" [2008-05-12 12:11 115712]
"AirPort Base Station Agent"="C:\Program\AirPort\APAgent.exe" [2008-03-06 17:40 733184]
"BM0fc7ba78"="C:\WINDOWS\system32\ryxmsapq.dll" [2008-05-12 12:08 125952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
BTTray.lnk - C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 19:28:28 622653]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5}"= C:\WINDOWS\system32\hgGvsqrP.dll [2008-05-11 10:19 59904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGvsqrP]
hgGvsqrP.dll 2008-05-11 10:19 59904 C:\WINDOWS\system32\hgGvsqrP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\byXNHxwU

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
--a------ 2008-03-06 17:40 733184 C:\Program\AirPort\APAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 16:57 133016 C:\Program\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:39 1289000 C:\Program\Microsoft ActiveSync\Wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\FlashFXP\\flashfxp.exe"=
"C:\\Downloads\\utorrent.exe"=
"C:\\Program\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program\\Steam\\steamapps\\henrikhenrikraw\\counter-strike\\hl.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
"C:\\Program\\Mozilla Firefox\\firefox.exe"=
"C:\\mIRC\\mIRC\\mirc.exe"=
"C:\\Program\\Steam\\Steam.exe"=
"C:\Program\Microsoft ActiveSync\rapimgr.exe"= C:\Program\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program\Microsoft ActiveSync\wcescomm.exe"= C:\Program\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program\Microsoft ActiveSync\WCESMgr.exe"= C:\Program\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program\\iTunes\\iTunes.exe"=
"C:\\Program\\Bonjour\\mDNSResponder.exe"=
"C:\\Program\\AirPort\\APAgent.exe"=
"C:\\Program\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 atitray;atitray;C:\Program\Radeon Omega Drivers\v3.8.273\ATI Tray Tools\atitray.sys [2006-02-28 22:55]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]
S3 ESI_GigaportAG;usb-audio.de driver for ESI - GIGAPortAG;C:\WINDOWS\system32\Drivers\gigapAG.sys []
S3 pgusbmme;usb-audio.de MME-Adapter;C:\WINDOWS\system32\drivers\pgusbmm3.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0da2a4b2-c915-11dc-bef4-001302ac066e}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{134e68cd-4756-11dc-bdd6-001302ac066e}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40e754e8-f9ed-11dc-bf72-0015c5a5c692}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6da6b13-d4d5-11dc-bf1b-001302ac066e}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 15:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 15:48:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hgGvsqrP.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\xysivvqq.dll
-> C:\WINDOWS\system32\cdioqvcw.dll
-> C:\WINDOWS\system32\byXNHxwU.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Dell\QuickSet\NicConfigSvc.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\MICROS~4\rapimgr.exe
C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-12 15:55:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 13:54:49

Pre-Run: 22,460,043,264 byte ledigt
Post-Run: 22,848,106,496 byte ledigt

263 --- E O F --- 2008-05-04 06:59:10
 
Hi blabar

You are not supposed to run any tools like combofix unsupervised.

Rename HijackThis.exe to blabar.exe and post back a fresh HijackThis log, please :)
 
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top