As per your instructions,here's the files !!!!
Logfile of HijackThis v1.99.1
Scan saved at 7:07:53 AM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\virus protection\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\virus protection\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Virus protection\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\program files\virus protection\eTrust EZ Antivirus\CAVRID.exe
C:\program files\virus protection\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
D:\Program Files\Proxomitron\Proxomitron.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\My Documents\Downloads\hijackthis1991.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:2020
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {52369F6D-A36C-446C-98B4-3242EE59ED64} - C:\WINDOWS\system32\rqRIcywT.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [QOELOADER] "c:\Program Files\Virus protection\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "c:\program files\virus protection\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "c:\program files\virus protection\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [RegisterDropHandler] D:\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [InstantAccess] D:\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [hwazcokx] C:\WINDOWS\system32\tkhchkjs.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] D:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [kzdrlgwc] C:\WINDOWS\system32\alabofwr.exe
O4 - Startup: Proxomitron.lnk = D:\Program Files\Proxomitron\Proxomitron.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone:
http://www.cmt.comO15 - Trusted Zone:
http://pages.ebay.comO15 - Trusted Zone:
http://*.vintagesleds.comO15 - Trusted Zone:
http://www.youtube.comO16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) -
http://makeover.ivillage.co.uk/save/makeover.cabO16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) -
http://www.worldwinner.com/games/v47/sh ... Loader.cabO16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) -
http://asp.mathxl.com/wizmodules/testge ... nstall.cabO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://www.ca.com/us/securityadvisor/pe ... stscan.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 0844104875O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2005 ... scan53.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) -
http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) -
http://asp.mathxl.com/books/_Players/MathPlayer.cabO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - c:\program files\virus protection\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - c:\program files\virus protection\eTrust EZ Antivirus\VetMsg.exe
ComboFix 08-04-18.3 - Dad 2008-04-19 6:37:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.86 [GMT -4:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Dad\Desktopblackbird.jpg
C:\Documents and Settings\Dad\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Dad\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Dad\Desktopfilemanagerclient.exe
C:\Documents and Settings\Dad\Desktopfkwp1.5.exe
C:\Documents and Settings\Dad\Desktopfkwp2.0.exe
C:\Documents and Settings\Dad\Desktopfwebd.exe
C:\Documents and Settings\Dad\DesktopFWebdEditor.exe
C:\Documents and Settings\Dad\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Dad\Desktopvirii
C:\Program Files\PC-Cleaner
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\gwdkuhst.dll
C:\WINDOWS\system32\ljxqqwkk.ini
C:\WINDOWS\system32\nchgmfrs.ini
C:\WINDOWS\system32\nnbefqwh.ini
C:\WINDOWS\system32\pdcrxqmx.ini
C:\WINDOWS\system32\tshukdwg.ini
C:\WINDOWS\system32\TwycIRqr.ini
C:\WINDOWS\system32\TwycIRqr.ini2
C:\WINDOWS\system32\ylfnplfi.ini
C:\WINDOWS\system32\yntbbnwl.ini
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.
2008-04-16 16:43 . 2008-04-16 16:50 250 --a------ C:\WINDOWS\gmer.ini
2008-04-16 15:55 . 2008-04-16 16:08 2,534 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 05:38 . 2008-04-18 18:05 <DIR> d-------- C:\qrnt
2008-04-15 15:35 . 2008-04-16 17:17 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-14 21:18 . 2008-04-14 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-14 20:33 . 2008-04-14 20:34 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\PC-Cleaner
2008-04-14 19:48 . 2008-04-14 19:48 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-04-12 18:19 . 2008-04-12 18:19 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\TmpRecentIcons
2008-04-12 16:15 . 2008-04-16 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dcpmjgvw
2008-04-09 22:56 . 2008-04-09 23:03 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-04 21:02 . 2008-04-04 21:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-04 21:01 . 2008-04-04 21:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 21:01 . 2008-04-04 21:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-27 18:06 . 2008-03-27 18:06 743,621 --a------ C:\WINDOWS\system32\RPUpdates.zip
2008-03-27 17:12 . 2008-03-27 18:06 45 --a------ C:\WINDOWS\system32\RPVersion.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 01:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 15:54 --------- d-----w C:\Program Files\Yahoo!
2008-04-05 15:52 --------- d-----w C:\Documents and Settings\Dad\Application Data\Road Runner
2008-04-05 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 10:56 --------- d-----w C:\Program Files\Safer Networking
2008-03-29 10:54 --------- d-----w C:\Program Files\Yahoo! Games
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 15:46 --------- d-----w C:\Documents and Settings\Dad\Application Data\Apple Computer
2008-03-06 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-11 13:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 13:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 17:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 12:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2006-04-03 23:25 83 -c--a-w C:\Documents and Settings\Dad\Application Data\hexplorer.dat
2006-04-03 23:25 4 -c--a-w C:\Documents and Settings\Dad\Application Data\mclip.dat
2006-03-06 23:52 1,118,240 -c-ha-r C:\Documents and Settings\Dad\USER.DAT
2001-08-22 17:15 245,760 -c--a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-22 17:13 61,440 -c--a-w C:\WINDOWS\inf\i386\gl.dll
2001-08-22 17:13 32,768 -c--a-w C:\WINDOWS\inf\i386\Pmicro.dll
2001-08-03 22:29 13,824 -c--a-w C:\WINDOWS\inf\i386\Usbscan.sys
2001-04-19 13:00 15,716 ----a-w C:\WINDOWS\inf\i386\Pmxscan.sys
2006-11-01 23:58 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52369F6D-A36C-446C-98B4-3242EE59ED64}]
C:\WINDOWS\system32\rqRIcywT.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"hwazcokx"="C:\WINDOWS\system32\tkhchkjs.exe" [ ]
"Road Runner PhotoShow Media Manager"="D:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-06-22 17:08 357616]
"kzdrlgwc"="C:\WINDOWS\system32\alabofwr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QOELOADER"="c:\Program Files\Virus protection\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe" [2006-03-06 20:32 6656]
"CAVRID"="c:\program files\virus protection\eTrust EZ Antivirus\CAVRID.exe" [2006-03-06 20:32 185456]
"CaAvTray"="c:\program files\virus protection\eTrust EZ Antivirus\CAVTray.exe" [2006-03-06 20:32 230512]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2004-01-30 08:44 1921024]
"RegisterDropHandler"="D:\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"InstantAccess"="D:\TEXTBR~1.0\Bin\INSTAN~1.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
Proxomitron.lnk - D:\Program Files\Proxomitron\Proxomitron.exe [2006-03-16 19:47:28 295424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"PmFVy0JL28"= C:\Documents and Settings\All Users\Application Data\dcpmjgvw\lshkpaho.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Outlook Express\\msimn.exe"=
"C:\\Program Files\\Virus protection\\eTrust EZ Antivirus\\autodown.exe"=
"C:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\Hallway\\c\\Program Files\\AIM95\\aim.exe"=
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:29]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 16:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a72736fd-dd97-11dc-a68a-00042324241e}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-19 06:59:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Virus protection\eTrust EZ Antivirus\iSafe.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Virus protection\eTrust EZ Antivirus\VetMsg.exe
.
**************************************************************************
.
Completion time: 2008-04-19 7:04:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-19 11:04:05
Pre-Run: 1,941,868,544 bytes free
Post-Run: 3,072,061,440 bytes free
214 --- E O F --- 2008-04-13 17:59:05