i've removed the newdotnet6_38.dll using LSPfix.
heres the combofix log text.
ComboFix 08-07-31.01 - Sieghart 2008-08-01 18:08:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1331 [GMT 8:00]
Running from: C:\Documents and Settings\Sieghart\My Documents\Softies\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\jdsaex.dll.LoG
.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.
2008-08-01 16:31 . 2008-08-01 16:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 16:31 . 2008-08-01 16:31 <DIR> d-------- C:\Documents and Settings\Sieghart\Application Data\Malwarebytes
2008-08-01 16:31 . 2008-08-01 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 16:31 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 16:31 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-01 16:24 . 2008-08-01 16:24 <DIR> d--hs---- C:\
005627AA
2008-08-01 16:24 . 2008-08-01 16:24 <DIR> d--hs---- C:\
005622E7
2008-08-01 14:56 . 2008-08-01 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-01 14:55 . 2008-08-01 14:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-01 14:55 . 2008-08-01 14:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 14:55 . 2008-08-01 14:55 <DIR> d-------- C:\Documents and Settings\Sieghart\Application Data\SUPERAntiSpyware.com
2008-08-01 14:50 . 2008-08-01 15:04 <DIR> d--hs---- C:\
00008760
2008-08-01 13:49 . 2008-08-01 14:39 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-01 13:44 . 2008-08-01 13:58 <DIR> d--hs---- C:\
000077A1
2008-08-01 13:40 . 2008-08-01 13:40 <DIR> d--hs---- C:\
00006F63
2008-08-01 13:28 . 2008-08-01 13:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 13:20 . 2008-08-01 13:20 <DIR> d-------- C:\Program Files\CCleaner
2008-08-01 12:12 . 2008-08-01 12:12 <DIR> d-------- C:\Program Files\Sun
2008-08-01 11:22 . 2008-08-01 11:23 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-01 11:22 . 2008-08-01 11:22 <DIR> d-------- C:\Documents and Settings\Sieghart\Application Data\PC Tools
2008-08-01 11:22 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-01 11:22 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-01 11:22 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-01 11:22 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-01 11:11 . 2008-08-01 12:42 <DIR> d--hs---- C:\
0000700F
2008-07-31 22:35 . 2008-08-01 11:16 <DIR> d--hs---- C:\
00006D21
2008-07-22 08:56 . 2008-07-22 09:00 <DIR> d-------- C:\Documents and Settings\huiting\Application Data\AVGTOOLBAR
2008-07-21 11:54 . 2008-07-31 14:12 520 --a------ C:\hpfr3420.xml
2008-07-21 11:35 . 2004-10-08 09:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-07-21 11:32 . 2008-07-21 11:36 20,724 --a------ C:\WINDOWS\hpoins01.dat
2008-07-21 11:32 . 2002-12-03 11:54 16,618 --------- C:\WINDOWS\hpomdl01.dat
2008-07-21 11:30 . 2002-11-27 19:30 94,208 -ra------ C:\WINDOWS\system32\hpovst08.dll
2008-07-14 09:44 . 2008-08-01 17:58 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-13 10:16 . 2008-08-01 11:12 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-13 10:16 . 2008-07-16 02:12 <DIR> d-------- C:\Documents and Settings\Sieghart\Application Data\AVGTOOLBAR
2008-07-13 10:16 . 2008-07-13 10:16 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-13 10:16 . 2008-07-13 10:16 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-13 10:16 . 2008-07-13 10:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-13 10:15 . 2008-07-13 10:15 <DIR> d-------- C:\Program Files\AVG
2008-07-13 10:15 . 2008-07-13 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-11 14:35 . 2008-07-11 14:36 <DIR> d-------- C:\Program Files\iTunes
2008-07-11 14:35 . 2008-07-11 14:35 <DIR> d-------- C:\Program Files\iPod
2008-07-11 14:34 . 2008-07-11 14:34 <DIR> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 08:54 --------- d-----w C:\Program Files\Java
2008-08-01 06:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-31 05:39 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-07-21 03:35 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-16 16:42 --------- d-----w C:\Documents and Settings\Sieghart\Application Data\dvdcss
2008-07-14 11:26 --------- d-----w C:\Documents and Settings\Sieghart\Application Data\uTorrent
2008-07-04 06:15 --------- d-----w C:\Program Files\Safari
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 04:43 --------- d-----w C:\Documents and Settings\Sieghart\Application Data\IGN_DLM
2008-06-16 13:28 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-16 06:15 --------- d-----w C:\Documents and Settings\Sieghart\Application Data\Samsung
2008-06-16 06:10 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-16 06:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 06:06 --------- d-----w C:\Program Files\Samsung
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 13:40 --------- d-----w C:\Documents and Settings\Sieghart\Application Data\AdobeUM
2008-06-10 13:13 --------- d-----w C:\Program Files\Common Files\Adobe
.
------- Sigcheck -------
2007-10-08 19:21 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 21:22 68856]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 19:53 171464]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 20:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 20:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 17:58 356352]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-04-08 15:17 296631]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-13 10:15 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 16261632 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 20:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10 40960]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MFZ0"= MyFlashZip0.ax
"msacm.l3acm"= C:\Program Files\WIZET\MapleStory\l3codeca.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Sieghart\\My Documents\\Softies\\2448Script\\2448Script\\Mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:hamachi
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-13 10:16]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-13 10:15]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-13 10:15]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-13 10:16]
S3 FUCKALLGUARD;FUCKALLGUARD;C:\
00E74EB8\
00E74EC0 []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10dc5bb6-7ae4-11dc-b8ff-001a4d629181}]
\Shell\AutoRun\command - N:\Autorun.exe
*Newly Created Service* - BEEP
.
Contents of the 'Scheduled Tasks' folder
2008-08-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2008-07-21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1216611367.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 20:38]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Utopia Angel - C:\Utopia\Angel\Angel.exe
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sieghart\Application Data\Mozilla\Firefox\Profiles\qb4bolbx.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-01 18:13:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FUCKALLGUARD]
"ImagePath"="\??\C:\
00E74EB8\
00E74EC0"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2008-08-01 18:16:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-01 10:16:07
Pre-Run: 60,367,642,624 bytes free
Post-Run: 61,587,128,320 bytes free
209 --- E O F --- 2008-07-22 01:11:08