Dir00,dir001,dir03

my system running suspiciously plz have look on it the problem is in c drive folder dir00,dir01,dir02 and inside the folder many sub folder autocreating and in the last there are files like fiel27, file 28 etc.
and in my hijack log i found entry of unknown winsock entry mwnsp.dll
here is my hijaclog
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:42 PM, on 25/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\CafeSuite\CafeStation.exe
C:\WINNT\system32\DllHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\backup\my doc\internet soft\antispyware\avgas-setup-7.5.1.43.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\mwnsp.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C265DFAA-A822-44A3-ACDC-F156B459EE42}: NameServer = 192.168.0.1
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 5116 bytes
ad here is combofix log
ComboFix 07-12-19.3 - Administrator 12/25/2007 11:57:25.1 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.125 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\scan\sys\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\askerserkb.dll
C:\WINNT\recover.reg
C:\WINNT\system32\rsfunser.ini
C:\WINNT\system32\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_P4P_SERVICE
-------\nm


((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.

2007-12-25 12:00 . 07-12-25 12:00 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3f4.dat
2007-12-25 11:53 . 07-12-25 11:53 <DIR> d-------- C:\dir03
2007-12-25 11:52 . 07-12-25 11:52 <DIR> d-------- C:\dir01
2007-12-24 10:18 . 07-12-24 10:18 <DIR> d-------- C:\WINNT\system32\FLCSS.EXE
2007-12-24 10:18 . 06-03-09 20:13 917,504 --a------ C:\WINNT\system32\contfilt.dll
2007-12-24 10:18 . 06-03-07 16:03 335,872 --a------ C:\WINNT\system32\mwtsp.dll
2007-12-24 10:18 . 00-04-03 22:00 130,560 --a------ C:\WINNT\system32\ZIPDLL.DLL
2007-12-24 10:18 . 06-03-07 16:01 110,592 --a------ C:\WINNT\system32\mwnsp.dll
2007-12-24 10:18 . 07-12-24 10:20 14,444 --a------ C:\WINNT\WSSPORD.DAT
2007-12-24 10:18 . 97-09-18 06:12 9,488 --a------ C:\WINNT\system32\sporder.dll
2007-12-18 19:08 . 07-12-18 19:08 <DIR> d--h----- C:\WINNT\$NtUpdateRollupPackUninstall$
2007-12-18 19:02 . 07-12-18 19:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-18 19:00 . 03-06-19 12:05 90,384 --------- C:\WINNT\system32\dllcache\cryptdlg.dll
2007-12-18 12:51 . 07-12-18 12:51 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-18 00:21 . 07-12-18 00:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\JustVoip
2007-12-17 16:49 . 07-12-17 16:49 580,114 --a------ C:\WINNT\system32\x264vfw.dll
2007-12-17 16:48 . 07-12-17 16:49 <DIR> d-------- C:\Program Files\x264
2007-12-17 13:40 . 07-12-17 13:40 <DIR> d-------- C:\Program Files\JustVoip.com
2007-12-11 18:57 . 07-12-11 18:57 <DIR> d-------- C:\WINNT\system32\languages
2007-12-11 18:57 . 07-12-11 18:57 <DIR> d-------- C:\WINNT\system32\dict
2007-12-11 18:57 . 07-12-11 18:57 <DIR> d-------- C:\WINNT\system32\custom matrices
2007-12-11 18:57 . 07-12-11 18:57 <DIR> d-------- C:\Program Files\Replay Converter
2007-12-10 16:18 . 07-12-10 16:18 86,016 --a------ C:\WINNT\system32\GizmoPluginCPL.cpl
2007-12-10 16:12 . 07-12-10 16:12 910 --a------ C:\WINNT\speakfre.ini
2007-12-08 21:21 . 07-12-08 21:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LowRateVoip
2007-12-08 21:19 . 07-12-08 21:19 <DIR> d-------- C:\Program Files\LowRateVoip
2007-12-08 00:03 . 07-12-08 00:03 0 --a------ C:\WINNT\INPAGE.INI
2007-12-07 23:56 . 99-06-18 14:49 165,888 --a------ C:\WINNT\Ckconfig.exe
2007-12-07 23:56 . 99-06-18 14:43 66,560 --a------ C:\WINNT\system32\Crypserv.exe
2007-12-07 23:56 . 96-05-03 10:21 27,648 --a------ C:\WINNT\Setup_ck.exe
2007-12-07 23:56 . 99-06-18 14:43 24,736 --a------ C:\WINNT\system32\Ckldrv.sys
2007-12-07 23:56 . 96-05-03 08:36 18,432 --a------ C:\WINNT\Setup_ck.dll
2007-12-07 23:56 . 95-07-04 11:33 11,776 --a------ C:\WINNT\Ckrfresh.exe
2007-12-07 23:56 . 07-12-07 23:56 103 --a------ C:\WINNT\Crypkey.ini
2007-12-07 23:55 . 07-12-07 23:55 17,920 --a------ C:\WINNT\system32\drivers\aksusb.sys
2007-12-07 23:55 . 07-12-07 23:55 6,656 --a------ C:\WINNT\system32\haspvdd.dll
2007-12-07 23:55 . 07-07-07 02:05 2,577 --a------ C:\WINNT\system32\config.hsp
2007-12-07 23:55 . 07-12-07 23:55 383 --a------ C:\WINNT\system32\haspdos.sys
2007-12-07 23:54 . 07-12-07 23:54 <DIR> d-------- C:\Program Files\MFC
2007-12-07 23:54 . 07-12-07 23:54 <DIR> d-------- C:\Program Files\INPAGE24
2007-12-06 14:38 . 07-12-06 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-04 18:30 . 07-12-04 18:30 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-12-01 21:19 . 07-12-01 21:19 <DIR> d-------- C:\Program Files\TVAnts
2007-12-01 21:17 . 07-12-01 21:17 <DIR> d-------- C:\Program Files\TVAntsX
2007-12-01 14:15 . 07-12-01 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PoivY
2007-12-01 11:40 . 07-12-01 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-12-01 11:40 . 07-12-01 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-01 11:40 . 07-12-01 11:41 118 --a------ C:\WINNT\system32\cid_store.dat
2007-12-01 11:39 . 07-12-01 11:39 <DIR> d-------- C:\Program Files\Thunder Network
2007-12-01 11:39 . 07-12-01 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Thunder Network
2007-12-01 11:09 . 07-12-01 11:09 808,960 --a------ C:\WINNT\system32\myubxhklgsgoj.dll
2007-12-01 11:09 . 07-12-01 11:09 58,368 --a------ C:\WINNT\system32\SkypeClient.exe
2007-11-30 00:00 . 07-11-30 00:00 210 --a------ C:\WINNT\pdf2word.INI
2007-11-29 15:21 . 07-11-29 15:21 <DIR> d-------- C:\WINNT\system32\PPLive
2007-11-28 20:43 . 07-11-28 20:43 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-11-28 10:27 . 07-11-29 12:37 706 --a------ C:\WINNT\Powerplayer.ini
2007-11-28 10:27 . 07-11-29 12:37 571 --a------ C:\WINNT\psnetwork.ini
2007-11-28 10:22 . 07-11-28 10:22 <DIR> d-------- C:\Program Files\PPLive
2007-11-28 10:22 . 07-11-28 10:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PPLive
2007-11-27 13:39 . 06-06-21 11:44 108,544 --------- C:\WINNT\system32\pxcpyi64.exe
2007-11-27 10:15 . 07-11-29 12:37 13 --a------ C:\WINNT\msgtn.ini
2007-11-27 10:14 . 07-11-27 10:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ppStream
2007-11-26 12:42 . 07-11-26 12:42 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-11-26 12:42 . 07-08-17 23:54 380,928 --a------ C:\WINNT\system32\ac3filter.acm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 05:11 28,256 ----a-w C:\WINNT\system32\drivers\MxlW2k.sys
2007-11-25 01:14 --------- d-----w C:\Program Files\Avanquest update
2007-11-25 01:13 24,192 ----a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
2007-11-25 01:13 22,768 ----a-w C:\WINNT\system32\drivers\usbsermpt.sys
2007-11-25 01:13 22,768 ----a-w C:\Documents and Settings\Administrator\usbsermpt.sys
2007-11-25 01:13 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-25 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-25 00:36 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2007-11-21 22:38 --------- d-----w C:\Program Files\MSECache
2007-11-21 19:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
2007-11-21 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-21 19:00 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-21 19:00 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-21 18:59 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-21 18:59 --------- d-----w C:\Program Files\Microsoft Works
2007-11-18 06:32 90,112 ----a-w C:\WINNT\system32\agsaami.dll
2007-11-18 06:32 610,304 ----a-w C:\WINNT\system32\agsaamg.dll
2007-11-18 06:32 372,736 ----a-w C:\WINNT\system32\agsaamc.dll
2007-11-18 06:32 2,535,424 ----a-w C:\WINNT\system32\agsaamj.dll
2007-11-14 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\USBSafelyRemove
2007-11-11 02:11 --------- d-----w C:\Program Files\Nero
2007-11-10 06:42 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-10 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-03 16:33 --------- d-----w C:\Program Files\Avira
2007-11-02 21:48 --------- d-----w C:\Program Files\MP3 Splitter & Joiner
2007-10-31 17:23 --------- d-----w C:\Program Files\AsfTools 3.1
2007-10-31 10:17 222,720 ----a-w C:\WINNT\system32\wmasf.dll
2007-10-31 10:17 222,720 ------w C:\WINNT\system32\dllcache\wmasf.dll
2007-10-31 10:17 2,064,384 ------w C:\WINNT\system32\dllcache\wmvcore.dll
2007-10-29 18:31 2,705,408 ----a-w C:\WINNT\system32\dllcache\MSHTML.DLL
2007-10-28 04:20 1,222,656 ----a-w C:\WINNT\system32\quartz.dll
2007-10-28 04:20 1,222,656 ----a-w C:\WINNT\system32\dllcache\quartz.dll
2007-10-26 01:47 278,528 ----a-w C:\WINNT\system32\livesnth.dll
2007-10-26 01:46 203,776 ----a-w C:\WINNT\system32\clrviddc.dll
2007-10-26 01:44 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-26 00:18 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-10-24 17:57 72,496 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-10-17 07:22 96,016 ----a-w C:\WINNT\system32\dllcache\mqlogmgr.dll
2007-10-17 07:22 8,464 ------w C:\WINNT\system32\dllcache\mqrperf.dll
2007-10-17 07:22 77,072 ----a-w C:\WINNT\system32\dllcache\mqdscli.dll
2007-10-17 07:22 70,928 ----a-w C:\WINNT\system32\dllcache\mqsec.dll
2007-10-17 07:22 50,448 ----a-w C:\WINNT\system32\dllcache\mqclus.dll
2007-10-17 07:22 440,592 ----a-w C:\WINNT\system32\dllcache\mqqm.dll
2007-10-17 07:22 42,256 ----a-w C:\WINNT\system32\dllcache\mqdssrv.dll
2007-10-17 07:22 400,656 ----a-w C:\WINNT\system32\dllcache\mqsnap.dll
2007-10-17 07:22 292,112 ----a-w C:\WINNT\system32\dllcache\mq1repl.dll
2007-10-17 07:22 29,968 ----a-w C:\WINNT\system32\dllcache\mqdbodbc.dll
2007-10-17 07:22 29,456 ----a-w C:\WINNT\system32\dllcache\mqcertui.dll
2007-10-17 07:22 267,536 ----a-w C:\WINNT\system32\dllcache\mqmigrat.dll
2007-10-17 07:22 23,824 ----a-w C:\WINNT\system32\dllcache\mqupgrd.dll
2007-10-17 07:22 222,480 ----a-w C:\WINNT\system32\dllcache\mqoa.dll
2007-10-17 07:22 218,384 ----a-w C:\WINNT\system32\dllcache\mqads.dll
2007-10-17 07:22 159,504 ----a-w C:\WINNT\system32\dllcache\msmqocm.dll
2007-10-17 07:22 111,888 ----a-w C:\WINNT\system32\dllcache\mqutil.dll
2007-10-17 07:22 102,672 ----a-w C:\WINNT\system32\dllcache\mqrt.dll
2007-10-17 07:22 10,000 ----a-w C:\WINNT\system32\dllcache\mqperf.dll
2007-10-16 13:51 98,064 ----a-w C:\WINNT\system32\dllcache\mqmig.exe
2007-10-16 13:51 77,712 ----a-w C:\WINNT\system32\dllcache\mqac.sys
2007-10-16 13:51 25,360 ----a-w C:\WINNT\system32\dllcache\mqbkup.exe
2007-10-16 13:51 14,096 ----a-w C:\WINNT\system32\dllcache\mqsvc.exe
2007-10-16 13:51 14,096 ----a-w C:\WINNT\system32\dllcache\mq1sync.exe
2007-10-11 18:38 143,360 ----a-w C:\WINNT\system32\dllcache\CDFVIEW.DLL
2007-10-11 18:38 132,096 ----a-w C:\WINNT\system32\dllcache\MSRATING.DLL
2007-10-11 18:37 402,944 ----a-w C:\WINNT\system32\dllcache\SHLWAPI.DLL
2007-10-11 18:37 1,340,416 ----a-w C:\WINNT\system32\dllcache\SHDOCVW.DLL
2007-10-11 18:37 1,018,368 ----a-w C:\WINNT\system32\dllcache\BROWSEUI.DLL
2007-10-11 18:31 575,488 ----a-w C:\WINNT\system32\dllcache\WININET.DLL
2007-10-11 18:31 462,336 ----a-w C:\WINNT\system32\dllcache\URLMON.DLL
2007-10-11 18:31 12,288 ----a-w C:\WINNT\system32\dllcache\JSPROXY.DLL
2007-10-11 18:30 69,632 ----a-w C:\WINNT\system32\dllcache\INSENG.DLL
2007-10-11 18:30 498,176 ----a-w C:\WINNT\system32\dllcache\MSTIME.DLL
2007-10-11 18:30 351,744 ----a-w C:\WINNT\system32\dllcache\DXTMSFT.DLL
2007-10-11 18:30 34,816 ----a-w C:\WINNT\system32\dllcache\PNGFILT.DLL
2007-10-11 18:30 236,032 ----a-w C:\WINNT\system32\dllcache\IEPEERS.DLL
2007-10-11 18:30 192,512 ----a-w C:\WINNT\system32\dllcache\DXTRANS.DLL
2007-07-07 10:05 271 ---h--w C:\Program Files\desktop.ini
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2005-06-22 06:37 45,568 --sha-r C:\WINNT\system32\cygz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "ctfmon.exe" [01-02-20 13:09 C:\WINNT\system32\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager "= "mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"avgnt "= "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [07-11-03 08:41 ]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07-10-25 17:44 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop "= "C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu "= 1 (0x1)
"NoFavoritesMenu "= 0 (0x0)
"NoSMMyPictures "= 0 (0x0)
"NoStartMenuMyMusic "= 0 (0x0)
"NoRecentDocsHistory "= 1 (0x1)
"NoRecentDocsNetHood "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu "= 1 (0x1)
"NoFavoritesMenu "= 0 (0x0)
"NoSMMyPictures "= 0 (0x0)
"NoStartMenuMyMusic "= 0 (0x0)
"NoRecentDocsNetHood "= 0 (0x0)
"NoSharedDocuments "= 1 (0x1)
"NoRecentDocsHistory "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

R0 avgntmgr;avgntmgr;C:\WINNT\system32\DRIVERS\avgntmgr.sys [07-07-18 14:21 ]
R1 avgntdd;avgntdd;C:\WINNT\system32\DRIVERS\avgntdd.sys [07-08-09 13:03 ]
R3 als4k;Avance Audio Miniport Driver (WDM);C:\WINNT\system32\drivers\als4000.sys [01-02-28 09:17 ]
R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter NT Driver;C:\WINNT\system32\DRIVERS\DLKRTS.SYS [00-07-18 14:11 ]
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [03-06-19 12:05 ]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINNT\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINNT\system32\DRIVERS\bcfilter.sys []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 12:01:08
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-25 12:02:00 - machine was rebooted
.
2007-12-19 17:12:21 --- E O F ---

 

helo any one can check my log tq

 

Hi z4u,

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINNT\system32\myubxhklgsgoj.dll
C:\WINNT\system32\SkypeClient.exe
C:\WINNT\system32\FLCSS.EXE
Folder::
C:\dir03
C:\dir01

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.


It appears you may have an infection known as W32/FunLove. This infection is known to spread accross netwroks, so if this machine is within your network, please check your other machines as well. I've provided links to several writeups about it below. Please read them carefully and follow the recommended procedures for removal, using one of the available removal tools. I have also added the main infector file to the CFScript for removal, but do not consider that an effective removal.

http://www.symantec.com/security_response/writeup.jsp?docid=2000-122010-2651-99&tabid=3
http://www.symantec.com/security_response/writeup.jsp?docid=2001-030908-1521-99
http://www.sophos.com/security/analyses/w32flcss.html
http://vil.nai.com/vil/Content/v_10419.htm


mwnsp.dll is reportedly a component of MicroWorld EScan/Mailscan. Was that program ever used on this machine?