Hi to everyone!
It seems that I have run into some problems with my system. I am unable to go to my add or remove programs applet and uninstall anything. When I click on the link, nothing happens. And so I've tried to do a system restore and well it quits responding when I arrive at the final "next" prompt. I already created a Hijack This log and was wondering if anybody would be willing to look at it for me. I would greatly appreciate it. Here is my log:


Logfile of HijackThis v1.99.1
Scan saved at 10:27:36 PM, on 3/10/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Clear History\ClearHistory.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\9UAQ5SX7\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E6D1678-F591-FF39-C809-DE98BD67F7B6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B9D39F8E-2965-709A-6AE9-50800C4B03E4} - (no file)
O2 - BHO: (no name) - {BBD0C989-2D64-769D-6AE9-50800C4B07E2} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ClearHistory] C:\Program Files\Clear History\ClearHistory.exe -hidden
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab46479.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/bestfriends/...GameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames...p.cab48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} - http://eshare.hpphoto.com/Download/H...LocalPrint.CAB
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170931058446
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/4...l/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livenj01.custhelp.com/7540-b.../java/RntX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC267F47-D493-4DFA-AFB1-D5904B83A62F}: NameServer = 24.116.2.34,24.116.2.38
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs: #??A
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: faxxml - C:\WINDOWS\SYSTEM32\faxxml.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Welcome,


If you have previously downloaded ComboFix,please delete that version now.

Now download ComboFix and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

Ok, here is that log for the combofix.


ComboFix 08-03-10.1 - Michael 2008-03-11 15:07:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.120 [GMT -7:00]Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bryce\My Documents\ASKS~1
C:\Documents and Settings\Bryce\My Documents\ASKS~1\?icrosoft.NET\
C:\Documents and Settings\Bryce\My Documents\CROSOF~1
C:\Documents and Settings\Bryce\My Documents\PPPATC~1
C:\Documents and Settings\Bryce\My Documents\SMANTE~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\dobe~2
C:\Program Files\Common Files\ppatch~1
C:\Program Files\icroso~1
C:\Program Files\sks~1
C:\Program Files\smbols~1
C:\setup.exe
C:\WINDOWS\asks~1
C:\WINDOWS\crosof~1
C:\WINDOWS\dobe~1
C:\WINDOWS\icroso~1
C:\WINDOWS\scurit~1
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\wnstssv.exe
C:\WINDOWS\ymbols~1

.
((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-11 15:19 . 2008-03-11 15:23 1,093,632 --a------ C:\WINDOWS\system32\{B2277ED7-EDEF-4F41-2881-D84D5D82D24D}.dat
2008-03-11 15:03 . 2008-03-11 15:03 1,093,632 --a------ C:\WINDOWS\system32\{5095B3DD-AEE4-ADF2-224C-6AAF494D60AF}.dat
2008-03-11 14:58 . 2008-03-11 15:05 1,093,632 --a------ C:\WINDOWS\system32\{DA729285-6800-2714-7A6D-8D250D6C8725}.dat
2008-03-11 14:58 . 2008-03-11 15:03 1,093,632 --a------ C:\WINDOWS\system32\{3BB6FDDC-E0E7-C6D1-2302-49C4530343C4}.dat
2008-03-11 14:57 . 2008-03-11 15:03 8,693,760 --a------ C:\WINDOWS\system32\{064E106E-3BB0-FB29-91EF-B1F9F8EEBBF9}.dat
2008-03-11 14:57 . 2008-03-11 15:03 1,093,632 --a------ C:\WINDOWS\system32\{39EAA795-8C4B-C48D-6A58-15C619591FC6}.dat
2008-03-10 17:55 . 2008-03-10 21:29 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-03-10 17:09 . 2008-03-10 17:09 <DIR> d-------- C:\WINDOWS\system32\AppData
2008-03-10 17:09 . 2008-03-10 17:20 <DIR> d-------- C:\Program Files\All in one Cleaner
2008-03-10 17:09 . 2006-03-14 14:00 544,833 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-03-10 17:09 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-03-10 17:09 . 2002-03-01 17:58 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-03-10 17:09 . 2002-03-01 17:58 28,160 --a------ C:\WINDOWS\system32\anim.dll
2008-03-07 11:07 . 2008-03-07 11:07 <DIR> d-------- C:\WINDOWS\system32\en
2008-03-07 11:07 . 2008-03-07 11:07 <DIR> d-------- C:\WINDOWS\l2schemas
2008-03-07 09:24 . 2008-02-12 02:29 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-03-07 09:23 . 2008-02-12 02:28 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-03-07 09:22 . 2008-02-12 02:28 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-03-06 23:26 . 2008-03-06 23:26 56 --a------ C:\Documents and Settings\Michael\look.bat
2008-03-06 23:17 . 2008-03-06 23:24 <DIR> d-------- C:\Program Files\Safarp
2008-03-06 22:40 . 2008-03-06 22:41 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-06 22:28 . 2008-03-11 14:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-06 22:28 . 2008-03-06 22:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-06 16:00 . 2008-03-06 16:00 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Uniblue
2008-03-06 15:32 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-03-06 15:31 . 2001-08-17 12:19 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2008-03-06 15:31 . 2001-08-17 12:19 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys
2008-03-06 15:31 . 2001-08-17 14:07 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2008-03-06 15:31 . 2001-08-17 12:11 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
2008-03-06 15:31 . 2002-08-28 23:00 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys
2008-03-06 15:26 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-03-06 11:27 . 2008-03-06 11:27 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-03-05 22:57 . 2008-03-06 23:18 <DIR> d-------- C:\Program Files\Clear History
2008-03-04 22:39 . 2008-03-04 22:41 <DIR> d-------- C:\Program Files\iTunes
2008-03-04 22:36 . 2008-03-04 22:37 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-11 06:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 00:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 00:29 --------- d-----w C:\Program Files\BitTorrent
2008-03-11 00:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\BitTorrent
2008-03-11 00:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7
2008-03-07 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-07 06:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 18:27 --------- d-----w C:\Program Files\Dell
2008-03-06 06:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-05 05:40 --------- d-----w C:\Program Files\iPod
2008-02-12 09:30 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-02-12 09:30 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-02-12 09:30 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-02-12 09:30 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-02-12 09:29 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-02-12 09:29 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-02-12 09:29 32,866 ------w C:\WINDOWS\slrundll.exe
2008-02-12 09:29 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-02-12 09:29 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-02-12 09:29 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-02-12 09:29 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-02-12 09:29 10,752 ----a-w C:\WINDOWS\hh.exe
2008-02-12 09:29 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-02-12 04:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-02-12 04:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-02-12 04:50 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-02-12 04:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-12 04:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-02-12 04:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-02-12 04:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-02-12 04:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-02-11 22:34 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-02-11 22:26 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-02-11 22:24 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-02-11 22:23 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-02-11 22:23 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-02-11 22:23 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-02-11 22:23 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-02-11 22:22 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-02-11 22:22 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-02-11 22:22 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-02-11 22:22 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-02-11 22:21 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-02-11 22:20 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-02-11 22:20 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-02-11 22:03 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-11 22:01 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-11 21:51 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-02-11 21:51 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-02-11 21:51 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-02-11 21:49 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-11 21:49 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-02-11 21:49 32,128 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-11 21:49 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-02-11 21:49 26,112 ----a-w C:\WINDOWS\system32\drivers\usbser.sys
2008-02-11 21:49 25,728 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2008-02-11 21:49 25,600 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2008-02-11 21:49 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-02-11 21:49 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2008-02-11 21:49 19,200 ------w C:\WINDOWS\system32\drivers\hidir.sys
2008-02-11 21:49 15,872 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2008-02-11 21:49 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-02-11 21:49 10,368 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-11 21:47 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-02-11 21:47 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-02-11 21:47 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-02-11 21:47 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-02-11 21:47 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-02-11 21:47 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-02-11 21:47 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-02-11 21:47 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-02-11 21:46 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-02-11 21:46 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-02-11 21:46 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-02-11 21:46 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-02-11 21:45 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-02-11 21:45 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-02-11 21:44 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-02-11 21:44 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-02-11 21:42 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-02-11 21:39 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-02-11 21:38 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-02-11 21:37 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
2008-02-11 21:37 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
2008-02-11 21:37 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-02-11 21:37 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
2008-02-11 21:37 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2008-02-11 21:37 129,792 ------w C:\WINDOWS\system32\drivers\fltmgr.sys
2008-02-11 21:36 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys
2008-02-11 21:35 42,752 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-02-11 21:35 37,760 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-02-11 21:35 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-02-11 21:35 36,736 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-02-11 21:35 36,352 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-02-11 21:35 35,840 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-02-11 19:36 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2008-01-28 09:02 --------- d-----w C:\Program Files\DivX
2008-01-28 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 08:29 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 08:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E6D1678-F591-FF39-C809-DE98BD67F7B6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9D39F8E-2965-709A-6AE9-50800C4B03E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBD0C989-2D64-769D-6AE9-50800C4B07E2}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Pr ofcer]
@={031D0FE8-EDC3-4751-B4E2-6B5DCB5973BD}

[HKEY_CLASSES_ROOT\CLSID\{031D0FE8-EDC3-4751-B4E2-6B5DCB5973BD}]
2006-07-05 03:55 1271175 --a------ C:\WINDOWS\system32\hexnic32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 02:29 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07 389120]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"ClearHistory"="C:\Program Files\Clear History\ClearHistory.exe" [2007-08-16 09:05 1201152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 17:21 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 17:15 610304]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-07 21:00 294912]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2003-10-05 21:11 421888]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2004-01-05 00:27 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-16 15:41 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 09:01 437160]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-18 12:08 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\faxxml]
faxxml.dll 2006-07-05 03:55 479599 C:\WINDOWS\system32\faxxml.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-27 21:39 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2004-08-30 17:31 36864 C:\PROGRA~1\Pinnacle\PPE\PPE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\system32\\ccapp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6660:TCP"= 6660:TCP:mirc
"6660:UDP"= 6660:UDP:mirc
"6661:TCP"= 6661:TCP:mirc
"6661:UDP"= 6661:UDP:mirc
"6662:TCP"= 6662:TCP:mirc
"6662:UDP"= 6662:UDP:mirc
"6663:TCP"= 6663:TCP:mirc
"6663:UDP"= 6663:UDP:mirc
"6664:TCP"= 6664:TCP:mirc
"6664:UDP"= 6664:UDP:mirc
"6665:TCP"= 6665:TCP:mirc
"6665:UDP"= 6665:UDP:mirc
"6666:TCP"= 6666:TCP:mirc
"6666:UDP"= 6666:UDP:mirc
"6667:UDP"= 6667:UDP:mirc
"6668:TCP"= 6668:TCP:mirc
"6668:UDP"= 6668:UDP:mirc
"6669:TCP"= 6669:TCP:mirc
"6669:UDP"= 6669:UDP:mirc
"8000:TCP"= 8000:TCP:mirc
"8000:UDP"= 8000:UDP:mirc
"7777:TCP"= 7777:TCP:mirc
"7777:UDP"= 7777:UDP:mirc
"7000:TCP"= 7000:TCP:mirc
"7000:UDP"= 7000:UDP:mirc
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= *
"Enabled"= 1 (0x1)

R3 WPC54GSv2;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54GSv2.SYS [2006-11-30 23:54]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 19:05:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-18 06:17:53 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-03-07 19:22:12 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-03-11 21:51:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9C904782-2E7D-4FC3-A25D-7DE6E9B9BDA6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 15:25:14
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3311]
-> C:\WINDOWS\system32\hexnic32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wwSecure.exe

If present in add/remove program uninstall:

Mywebsearch

Reboot



Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done



Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:


C:\WINDOWS\system32\hexnic32.dll


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html

Do the same for this one please below

C:\WINDOWS\system32\faxxml.dll




Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html

* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!


IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.

* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the SUPERAntiSpyware log in your next reply.


New hijackthis log also please.

Here is the log for the hexnic32.dll file scan,

Antivirus Version Last Update Result
AhnLab-V3 2008.3.12.0 2008.03.11 -
AntiVir 7.6.0.73 2008.03.11 -
Authentium 4.93.8 2008.03.11 -
Avast 4.7.1098.0 2008.03.11 -
AVG 7.5.0.516 2008.03.11 Potentially harmful program Logger.DPK
BitDefender 7.2 2008.03.12 -
CAT-QuickHeal 9.50 2008.03.10 -
ClamAV 0.92.1 2008.03.11 -
DrWeb 4.44.0.09170 2008.03.11 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5607 2008.03.11 -
Ewido 4.0 2008.03.11 -
FileAdvisor 1 2008.03.12 -
Fortinet 3.14.0.0 2008.03.12 -
F-Prot 4.4.2.54 2008.03.11 -
F-Secure 6.70.13260.0 2008.03.12 -
Ikarus T3.1.1.20 2008.03.12 -
Kaspersky 7.0.0.125 2008.03.12 not-a-virus:Monitor.Win32.PCPandora.c
McAfee 5249 2008.03.11 -
Microsoft 1.3301 2008.03.12 -
NOD32v2 2938 2008.03.11 -
Norman 5.80.02 2008.03.11 -
Panda 9.0.0.4 2008.03.12 -
Prevx1 V2 2008.03.12 Heuristic: Suspicious File With Mass Email Capabilities
Rising 20.35.12.00 2008.03.11 -
Sophos 4.27.0 2008.03.12 Sus/Dropper-A
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.12 Spyware.CheaterChecker
TheHacker 6.2.92.242 2008.03.12 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.11 -
Webwasher-Gateway 6.6.2 2008.03.11 -
Additional information
File size: 1271175 bytes
MD5: 89dd7ea19fea02966e623d6b624681a6
SHA1: 213f70a74be35755eeae4c1732775ccf980000ed
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...A58E0099F2CECB



And here is the log for the faxxml.dll file,




Antivirus Version Last Update Result
AhnLab-V3 2008.3.12.0 2008.03.11 -
AntiVir 7.6.0.73 2008.03.11 -
Authentium 4.93.8 2008.03.11 -
Avast 4.7.1098.0 2008.03.11 -
AVG 7.5.0.516 2008.03.11 Potentially harmful program Logger.DMR
BitDefender 7.2 2008.03.12 -
CAT-QuickHeal 9.50 2008.03.10 -
ClamAV 0.92.1 2008.03.11 -
DrWeb 4.44.0.09170 2008.03.11 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5607 2008.03.11 -
Ewido 4.0 2008.03.11 -
FileAdvisor 1 2008.03.12 -
Fortinet 3.14.0.0 2008.03.12 -
F-Prot 4.4.2.54 2008.03.11 W32/Heuristic-KPP!Eldorado
F-Secure 6.70.13260.0 2008.03.12 -
Ikarus T3.1.1.20 2008.03.12 -
Kaspersky 7.0.0.125 2008.03.12 not-a-virus:Monitor.Win32.PCPandora.b
McAfee 5249 2008.03.11 -
Microsoft 1.3301 2008.03.12 -
NOD32v2 2938 2008.03.11 -
Norman 5.80.02 2008.03.11 -
Panda 9.0.0.4 2008.03.12 Suspicious file
Prevx1 V2 2008.03.12 -
Rising 20.35.12.00 2008.03.11 -
Sophos 4.27.0 2008.03.12 Sus/Dropper-A
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.12 Spyware.CheaterChecker
TheHacker 6.2.92.242 2008.03.12 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.11 -
Webwasher-Gateway 6.6.2 2008.03.11 -
Additional information
File size: 479599 bytes
MD5: bda42fa615fff53228ab00ecaed5a4a2
SHA1: 924058e504527e3f47d5a8c053956a3ea8d30259
PEiD: -

I went to the SUPERantispyware website and tried to download the pro edition and I couldn't. I recieved a message saying, "Corrupt install detected, check source media or re-download." So I did and it gave me the same message again. Sorry I'm not very familiar with things like this so I don't know what to do for it.

Might have something to do with service pack 3 you have not sure on that, but we will go a different direction for now.


Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE

File::
C:\WINDOWS\system32\hexnic32.dll
C:\WINDOWS\system32\faxxml.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E6D1678-F591-FF39-C809-DE98BD67F7B6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9D39F8E-2965-709A-6AE9-50800C4B03E4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBD0C989-2D64-769D-6AE9-50800C4B07E2}]
[-HKEY_CLASSES_ROOT\CLSID\{031D0FE8-EDC3-4751-B4E2-6B5DCB5973BD}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\faxxml]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Pr ofcer]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.






This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

If you have questions about doing the above fix please ask first.

here it is. I really appreciate the time you are taking to help me.



ComboFix 08-03-10.1 - Michael 2008-03-12 17:40:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.161 [GMT -7:00]Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\faxxml.dll
C:\WINDOWS\system32\hexnic32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\faxxml.dll
C:\WINDOWS\system32\hexnic32.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-12 17:46 . 2008-03-12 17:46 1,093,632 --a------ C:\WINDOWS\system32\{72C065CB-F8E3-8F9B-349A-3F8D419B358D}.dat
2008-03-10 17:55 . 2008-03-10 21:29 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-03-10 17:09 . 2008-03-10 17:09 <DIR> d-------- C:\WINDOWS\system32\AppData
2008-03-10 17:09 . 2008-03-10 17:20 <DIR> d-------- C:\Program Files\All in one Cleaner
2008-03-10 17:09 . 2006-03-14 14:00 544,833 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-03-10 17:09 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-03-10 17:09 . 2002-03-01 17:58 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-03-10 17:09 . 2002-03-01 17:58 28,160 --a------ C:\WINDOWS\system32\anim.dll
2008-03-07 11:07 . 2008-03-07 11:07 <DIR> d-------- C:\WINDOWS\system32\en
2008-03-07 11:07 . 2008-03-07 11:07 <DIR> d-------- C:\WINDOWS\l2schemas
2008-03-07 09:24 . 2008-02-12 02:29 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-03-07 09:23 . 2008-02-12 02:28 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-03-07 09:22 . 2008-02-12 02:28 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-03-06 23:26 . 2008-03-06 23:26 56 --a------ C:\Documents and Settings\Michael\look.bat
2008-03-06 23:17 . 2008-03-06 23:24 <DIR> d-------- C:\Program Files\Safarp
2008-03-06 22:40 . 2008-03-06 22:41 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-06 22:28 . 2008-03-12 17:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-06 22:28 . 2008-03-06 22:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-06 16:00 . 2008-03-06 16:00 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Uniblue
2008-03-06 15:32 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-03-06 15:31 . 2001-08-17 12:19 747,392 --a--c--- C:\WINDOWS\system32\dllcache\adm8830.sys
2008-03-06 15:31 . 2001-08-17 12:19 553,984 --a--c--- C:\WINDOWS\system32\dllcache\adm8820.sys
2008-03-06 15:31 . 2001-08-17 14:07 101,888 --a--c--- C:\WINDOWS\system32\dllcache\adpu160m.sys
2008-03-06 15:31 . 2001-08-17 12:11 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
2008-03-06 15:31 . 2002-08-28 23:00 10,880 --a--c--- C:\WINDOWS\system32\dllcache\admjoy.sys
2008-03-06 15:26 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-03-06 11:27 . 2008-03-06 11:27 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-03-05 22:57 . 2008-03-06 23:18 <DIR> d-------- C:\Program Files\Clear History
2008-03-04 22:39 . 2008-03-04 22:41 <DIR> d-------- C:\Program Files\iTunes
2008-03-04 22:36 . 2008-03-04 22:37 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-11 06:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 00:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 00:29 --------- d-----w C:\Program Files\BitTorrent
2008-03-11 00:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\BitTorrent
2008-03-11 00:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7
2008-03-07 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-07 06:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 18:27 --------- d-----w C:\Program Files\Dell
2008-03-06 06:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-05 05:40 --------- d-----w C:\Program Files\iPod
2008-02-12 09:30 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-02-12 09:30 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-02-12 09:30 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-02-12 09:30 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-02-12 09:29 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-02-12 09:29 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-02-12 09:29 32,866 ------w C:\WINDOWS\slrundll.exe
2008-02-12 09:29 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-02-12 09:29 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-02-12 09:29 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-02-12 09:29 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-02-12 09:29 10,752 ----a-w C:\WINDOWS\hh.exe
2008-02-12 09:29 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-02-12 04:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-02-12 04:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-02-12 04:50 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-02-12 04:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-12 04:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-02-12 04:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-02-12 04:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-02-12 04:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-02-11 22:34 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-02-11 22:26 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-02-11 22:24 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-02-11 22:23 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-02-11 22:23 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-02-11 22:23 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-02-11 22:23 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-02-11 22:22 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-02-11 22:22 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-02-11 22:22 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-02-11 22:22 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-02-11 22:21 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-02-11 22:20 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-02-11 22:20 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-02-11 22:03 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-11 22:01 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-11 21:51 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-02-11 21:51 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-02-11 21:51 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-02-11 21:49 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-11 21:49 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
2008-02-11 21:49 32,128 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-11 21:49 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-02-11 21:49 26,112 ----a-w C:\WINDOWS\system32\drivers\usbser.sys
2008-02-11 21:49 25,728 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
2008-02-11 21:49 25,600 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
2008-02-11 21:49 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
2008-02-11 21:49 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2008-02-11 21:49 19,200 ------w C:\WINDOWS\system32\drivers\hidir.sys
2008-02-11 21:49 15,872 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
2008-02-11 21:49 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-02-11 21:49 10,368 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-11 21:47 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-02-11 21:47 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-02-11 21:47 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-02-11 21:47 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-02-11 21:47 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-02-11 21:47 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-02-11 21:47 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-02-11 21:47 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-02-11 21:46 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-02-11 21:46 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-02-11 21:46 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-02-11 21:46 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-02-11 21:45 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-02-11 21:45 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-02-11 21:44 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-02-11 21:44 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-02-11 21:42 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-02-11 21:39 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-02-11 21:38 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-02-11 21:37 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
2008-02-11 21:37 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
2008-02-11 21:37 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-02-11 21:37 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
2008-02-11 21:37 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2008-02-11 21:37 129,792 ------w C:\WINDOWS\system32\drivers\fltmgr.sys
2008-02-11 21:36 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys
2008-02-11 21:35 42,752 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-02-11 21:35 37,760 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-02-11 21:35 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-02-11 21:35 36,736 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-02-11 21:35 36,352 ------w C:\WINDOWS\system32\drivers\intelppm.sys
2008-02-11 21:35 35,840 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-02-11 19:36 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2008-01-28 09:02 --------- d-----w C:\Program Files\DivX
2008-01-28 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 08:29 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 08:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
.

((((((((((((((((((((((((((((( snapshot@2008-03-11_15.30.32.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-11 21:52:24 1,093,632 ----a-w C:\WINDOWS\system32\{050270BE-F1FB-FC4D-418F-FDFA32A1F7FA}.dat
+ 2008-03-13 00:37:14 1,093,632 ----a-w C:\WINDOWS\system32\{050270BE-F1FB-FC4D-418F-FDFA32A1F7FA}.dat
- 2008-03-11 21:52:24 1,093,632 ----a-w C:\WINDOWS\system32\{053A20C8-DB0E-FC5E-37DF-C5FA5CCBCFFA}.dat
+ 2008-03-13 00:37:14 1,093,632 ----a-w C:\WINDOWS\system32\{053A20C8-DB0E-FC5E-37DF-C5FA5CCBCFFA}.dat
- 2008-03-11 21:52:24 1,110,016 ----a-w C:\WINDOWS\system32\{05B58F18-B421-FC56-E770-4AFA977940FA}.dat
+ 2008-03-13 00:37:14 1,110,016 ----a-w C:\WINDOWS\system32\{05B58F18-B421-FC56-E770-4AFA977940FA}.dat
- 2008-03-11 21:52:24 2,193,408 ----a-w C:\WINDOWS\system32\{074C61A0-8F81-FE27-5F9E-B3F82B9CB9F8}.dat
+ 2008-03-13 00:37:14 2,193,408 ----a-w C:\WINDOWS\system32\{074C61A0-8F81-FE27-5F9E-B3F82B9CB9F8}.dat
- 2008-03-11 21:52:25 1,110,016 ----a-w C:\WINDOWS\system32\{1555B38A-03E6-ECC0-754C-AAEA0649A0EA}.dat
+ 2008-03-13 00:37:14 1,110,016 ----a-w C:\WINDOWS\system32\{1555B38A-03E6-ECC0-754C-AAEA0649A0EA}.dat
- 2008-03-11 21:52:25 1,110,016 ----a-w C:\WINDOWS\system32\{32031947-719E-CB65-B8E6-FCCDCFEDF6CD}.dat
+ 2008-03-13 00:37:14 1,110,016 ----a-w C:\WINDOWS\system32\{32031947-719E-CB65-B8E6-FCCDCFEDF6CD}.dat
- 2008-03-11 21:52:25 1,093,632 ----a-w C:\WINDOWS\system32\{36177D4F-C2DB-CF4C-B082-E8C9C793E2C9}.dat
+ 2008-03-13 00:37:14 1,093,632 ----a-w C:\WINDOWS\system32\{36177D4F-C2DB-CF4C-B082-E8C9C793E2C9}.dat
- 2008-03-11 21:52:25 8,710,144 ----a-w C:\WINDOWS\system32\{3AA2856F-02A7-C3F5-907A-5DC5F96157C5}.dat
+ 2008-03-13 00:37:14 8,710,144 ----a-w C:\WINDOWS\system32\{3AA2856F-02A7-C3F5-907A-5DC5F96157C5}.dat
- 2008-03-11 21:52:25 1,093,632 ----a-w C:\WINDOWS\system32\{41465B73-540C-BAC6-8CA4-B9BEF99BB3BE}.dat
+ 2008-03-13 00:37:14 1,093,632 ----a-w C:\WINDOWS\system32\{41465B73-540C-BAC6-8CA4-B9BEF99BB3BE}.dat
- 2008-03-11 21:52:25 8,792,064 ----a-w C:\WINDOWS\system32\{46F7D633-8699-BF91-CC29-08B9A52502B9}.dat
+ 2008-03-13 00:37:14 8,792,064 ----a-w C:\WINDOWS\system32\{46F7D633-8699-BF91-CC29-08B9A52502B9}.dat
- 2008-03-11 21:52:25 1,110,016 ----a-w C:\WINDOWS\system32\{47DA1F10-EC30-BE1D-EFE0-25B884E52FB8}.dat
+ 2008-03-13 00:37:14 1,110,016 ----a-w C:\WINDOWS\system32\{47DA1F10-EC30-BE1D-EFE0-25B884E52FB8}.dat
- 2008-03-11 21:52:25 2,177,024 ----a-w C:\WINDOWS\system32\{56D646EE-55C0-AF99-11B9-29A9658923A9}.dat
+ 2008-03-13 00:37:14 2,177,024 ----a-w C:\WINDOWS\system32\{56D646EE-55C0-AF99-11B9-29A9658923A9}.dat
- 2008-03-11 21:52:25 8,693,760 ----a-w C:\WINDOWS\system32\{5C7546C2-61AC-A53A-3DB9-8AA3548980A3}.dat
+ 2008-03-13 00:37:14 8,693,760 ----a-w C:\WINDOWS\system32\{5C7546C2-61AC-A53A-3DB9-8AA3548980A3}.dat
- 2008-03-11 21:52:25 8,710,144 ----a-w C:\WINDOWS\system32\{5F2C7E49-558F-A64D-B681-D3A0DF82D9A0}.dat
+ 2008-03-13 00:37:14 8,710,144 ----a-w C:\WINDOWS\system32\{5F2C7E49-558F-A64D-B681-D3A0DF82D9A0}.dat
- 2008-03-11 21:52:25 1,093,632 ----a-w C:\WINDOWS\system32\{6EF2A655-F6CD-9791-AA59-0D91DA410791}.dat
+ 2008-03-13 00:37:14 1,093,632 ----a-w C:\WINDOWS\system32\{6EF2A655-F6CD-9791-AA59-0D91DA410791}.dat
+ 2008-03-13 00:46:46 1,093,632 ----a-w C:\WINDOWS\system32\{72C065CB-F8E3-8F9B-349A-3F8D419B358D}.dat
- 2008-03-11 21:52:25 1,110,016 ----a-w C:\WINDOWS\system32\{7BBC8DFB-7FB4-8229-0472-438473774984}.dat
+ 2008-03-13 00:37:14 1,110,016 ----a-w C:\WINDOWS\system32\{7BBC8DFB-7FB4-8229-0472-438473774984}.dat
- 2008-03-11 21:52:25 8,808,448 ----a-w C:\WINDOWS\system32\{7BE85F60-3CE4-82B4-9FA0-1784F6AF1D84}.dat
+ 2008-03-13 00:37:14 8,808,448 ----a-w C:\WINDOWS\system32\{7BE85F60-3CE4-82B4-9FA0-1784F6AF1D84}.dat
- 2008-03-11 22:03:24 56,464,384 ----a-w C:\WINDOWS\system32\{81103BB6-6E3B-7EF3-49C4-EF7E3DC7E57E}.dat
+ 2008-03-13 00:37:14 59,025,408 ----a-w C:\WINDOWS\system32\{81103BB6-6E3B-7EF3-49C4-EF7E3DC7E57E}.dat
- 2008-03-11 21:52:25 1,110,016 ----a-w C:\WINDOWS\system32\{86E6FE1E-1E56-7F4F-E101-1979960E1379}.dat
+ 2008-03-13 00:37:14 1,110,016 ----a-w C:\WINDOWS\system32\{86E6FE1E-1E56-7F4F-E101-1979960E1379}.dat
- 2008-03-11 21:52:25 1,110,016 ----a-w C:\WINDOWS\system32\{8DF69E70-19A2-746B-8F61-0972FF630372}.dat
+ 2008-03-13 00:37:14 1,110,016 ----a-w C:\WINDOWS\system32\{8DF69E70-19A2-746B-8F61-0972FF630372}.dat
- 2008-03-11 21:52:25 8,792,064 ----a-w C:\WINDOWS\system32\{98D0E0B0-C433-61B4-4F1F-2F6726092567}.dat
+ 2008-03-13 00:37:14 8,792,064 ----a-w C:\WINDOWS\system32\{98D0E0B0-C433-61B4-4F1F-2F6726092567}.dat
- 2008-03-11 21:52:25 2,193,408 ----a-w C:\WINDOWS\system32\{BFEF1653-C690-46B0-ACE9-1040D8EF1A40}.dat
+ 2008-03-13 00:37:14 2,193,408 ----a-w C:\WINDOWS\system32\{BFEF1653-C690-46B0-ACE9-1040D8EF1A40}.dat
- 2008-03-11 21:52:25 1,110,016 ----a-w C:\WINDOWS\system32\{C41E374E-A145-3D7A-B1C8-E13BC2DDEB3B}.dat
+ 2008-03-13 00:37:14 1,110,016 ----a-w C:\WINDOWS\system32\{C41E374E-A145-3D7A-B1C8-E13BC2DDEB3B}.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 02:29 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07 389120]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"ClearHistory"="C:\Program Files\Clear History\ClearHistory.exe" [2007-08-16 09:05 1201152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 17:21 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 17:15 610304]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-07 21:00 294912]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2003-10-05 21:11 421888]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2004-01-05 00:27 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-16 15:41 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 09:01 437160]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-18 12:08 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-27 21:39 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2004-08-30 17:31 36864 C:\PROGRA~1\Pinnacle\PPE\PPE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\system32\\ccapp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6660:TCP"= 6660:TCP:mirc
"6660:UDP"= 6660:UDP:mirc
"6661:TCP"= 6661:TCP:mirc
"6661:UDP"= 6661:UDP:mirc
"6662:TCP"= 6662:TCP:mirc
"6662:UDP"= 6662:UDP:mirc
"6663:TCP"= 6663:TCP:mirc
"6663:UDP"= 6663:UDP:mirc
"6664:TCP"= 6664:TCP:mirc
"6664:UDP"= 6664:UDP:mirc
"6665:TCP"= 6665:TCP:mirc
"6665:UDP"= 6665:UDP:mirc
"6666:TCP"= 6666:TCP:mirc
"6666:UDP"= 6666:UDP:mirc
"6667:UDP"= 6667:UDP:mirc
"6668:TCP"= 6668:TCP:mirc
"6668:UDP"= 6668:UDP:mirc
"6669:TCP"= 6669:TCP:mirc
"6669:UDP"= 6669:UDP:mirc
"8000:TCP"= 8000:TCP:mirc
"8000:UDP"= 8000:UDP:mirc
"7777:TCP"= 7777:TCP:mirc
"7777:UDP"= 7777:UDP:mirc
"7000:TCP"= 7000:TCP:mirc
"7000:UDP"= 7000:UDP:mirc
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= *
"Enabled"= 1 (0x1)

R3 WPC54GSv2;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54GSv2.SYS [2006-11-30 23:54]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 19:05:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-18 06:17:53 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-03-07 19:22:12 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-03-13 00:36:14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9C904782-2E7D-4FC3-A25D-7DE6E9B9BDA6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 17:51:10
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
.

Good job!! Looking better!!


Did you find mywebsearch in add/remove program to uninstall?

How is your computer behaving now?

Please post a new hijackthis log, thanks.