Drive names within Explorer completely changed, crashes the moment you double click a

C

Corran

New Member
This is so weird, see the screenshot.

b406a94dab4b5ce9cfdf4f8fa815ec4a.png


This happened after booting up my pc today (running XP Pro SP3).

I had a malware infection days ago and removed it almost completely (apart from random tabs popping up in Firefox).

Last night I ran O&O Defrag and it finished without any problems or errors.

I shut down the pc and then this morning I hung at startup.

Safe mode hung at mup.sys and after some Googling I managed to 'fix' it by copying over the original registry (as detailed here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307545).

Obviously that got me back to how Windows was just after the original install in 2007.

So I restored the backup of the registry I made just days ago.

This fixed everything but gave me this really weird thing in Explorer.

Even though the names are wrong I can still click the C: drive and see all my files and folders.

I can enter any folder but the moment I double click a file it will open the file in the associated program and crash explorer at the same time.

I hope someone has a solution for this!
 
If you restored your registry then most likely you have infections in there. Please do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware


Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4656

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24-9-2010 1:12:57
mbam-log-2010-09-24 (01-12-57).txt

Scan type: Quick scan
Objects scanned: 159241
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Click to expand...


I got two error messages when running HJT:

Please help us improve HijackThis by reporting this error

Click 'Yes' to submit

Error Details:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 2.0.2
Click to expand...

It ran though and this is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:24, on 24-9-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Desktop Armor\DesktopArmor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Desktop Armor\DesktopArmor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinAmp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.babylon.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Desktop Armor] C:\Program Files\Desktop Armor\DesktopArmor.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1260588341656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1260491978250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: CSIScanner (csiscanner) - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 6706 bytes
Click to expand...
 
I don't see any issues, you may have to do a repair install of the operating system.
 
On another forum someone suggested running SFC and now the names in Explorer are all fixed again. :)

The random tabs are still popping up in Firefox though.
 
What tabs are we talking about? Check your add-ons, uninstall all and see if it continues.
 
My addons seem fine, I didn't change any for ages.

What happens is that at random intervals (not often, once per hour at most) a new tab opens (I have it set to open all new windows in a new tab instead).

Sometimes it's a 'search' for a search term I used on Google (it doesn't happen the second I search though, it can be 40 minutes later) but going to an unsafe website.

Other times it just goes to an unsafe website without pretending to be a search. One of the websites it went to is "clickstill.org".

Here's another example (don't click it, obviously): http://searchdiscovered.com/searchi...Vyf3RTeEb2Y+E/fJ068WssBpFQ9KmFE1k+IqpvqcA0hY=

Another: http://degreesearch.com/?xurl=http:...6828x&xref=http://degreesearch.com/search.php

And another: http://discjockey.com/?xurl=http://...36db05Z&xref=http://discjockey.com/search.php
 
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
I ran a ComboFix check a few days ago but it never never did anything, I let it run for over an hour. I probably clicked the program window.

A few hours ago I ran it again and it fixed a few things after a reboot cause it claimed to have found traces of a rootkit.

This is the log from that time:

ComboFix 10-09-23.01 - Administrator 23-09-2010 23:34:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3204 [GMT 2:00]
Running from: c:\dl\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET735.tmp
c:\program files\Internet Explorer\SET736.tmp
c:\windows\desktop
c:\windows\desktop\Virtual Pool 3.lnk
c:\windows\system32\drivers\zbybvcdi.sys

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-23 19:59 . 2010-09-23 19:59 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-09-23 19:27 . 2004-08-03 23:15 107904 ----a-w- c:\windows\system32\drivers\mup.sys
2010-09-23 18:37 . 2010-09-23 22:51 -------- d-----w- c:\windows\tmp
2010-09-23 00:48 . 2010-09-23 00:48 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-09-22 00:18 . 2010-09-22 00:24 -------- d-----w- C:\Combo-Fix
2010-09-21 11:23 . 2010-09-21 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a86cc3-n\decora-sse.dll
2010-09-21 11:23 . 2010-09-21 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\msvcp71.dll
2010-09-21 11:23 . 2010-09-21 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\jmc.dll
2010-09-21 11:23 . 2010-09-21 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\msvcr71.dll
2010-09-21 11:23 . 2010-09-21 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a86cc3-n\decora-d3d.dll
2010-09-21 11:22 . 2010-09-21 11:22 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-09-21 11:22 . 2010-09-21 11:22 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-09-21 11:06 . 2010-09-21 11:07 -------- d-----w- c:\program files\ERUNT
2010-09-21 08:21 . 2010-09-21 08:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-20 13:06 . 2010-09-20 13:06 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-20 13:06 . 2010-09-20 13:06 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-20 12:48 . 2010-09-20 12:48 -------- d-----w- c:\program files\OO Software
2010-09-20 12:45 . 2010-09-20 12:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-09-18 20:11 . 2010-09-18 20:11 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-18 20:11 . 2010-09-18 20:11 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-09-12 12:50 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-11 14:20 . 2010-09-11 14:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Chime
2010-09-11 14:20 . 2010-09-11 14:20 -------- d-----w- c:\program files\Microsoft XNA
2010-09-10 11:02 . 2010-09-10 11:02 1556808 ----a-w- c:\windows\system32\ooscrsav.scr
2010-09-10 11:01 . 2010-09-10 11:01 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-09-10 10:59 . 2010-09-10 10:59 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-09-10 10:59 . 2010-09-10 10:59 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-09-09 19:28 . 2010-09-18 18:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mumble
2010-09-09 19:28 . 2010-09-09 19:28 -------- d-----w- c:\program files\Mumble
2010-09-05 12:18 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-05 12:18 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-05 12:18 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-05 12:18 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-02 17:56 . 2010-09-02 23:35 183656 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-28 02:03 . 2010-08-28 02:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\2K Games
2010-08-28 01:59 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-28 01:59 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-28 01:59 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-28 01:59 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 20:04 . 2008-08-31 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-23 19:59 . 2010-09-23 19:59 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-09-23 05:29 . 2009-03-09 21:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-23 02:42 . 2007-07-31 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-09-23 02:42 . 2007-07-31 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Babylon
2010-09-23 02:18 . 2007-07-31 15:37 -------- d-----w- c:\program files\GetRight
2010-09-23 00:48 . 2010-05-23 22:31 -------- d-----w- c:\program files\AIM
2010-09-23 00:46 . 2008-04-02 13:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-09-21 15:11 . 2007-07-31 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\MailWasherPro
2010-09-21 11:32 . 2009-12-15 15:03 188152 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\FlashGot.exe
2010-09-21 11:23 . 2007-07-31 14:39 -------- d-----w- c:\program files\Common Files\Java
2010-09-21 11:23 . 2010-06-23 13:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-21 11:23 . 2007-07-31 14:39 -------- d-----w- c:\program files\Java
2010-09-21 10:48 . 2007-09-06 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-20 13:06 . 2009-07-31 06:57 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-20 12:57 . 2009-05-05 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 12:09 . 2009-06-17 16:19 41 ----a-w- c:\windows\popcinfot.dat
2010-09-20 01:09 . 2007-11-15 15:11 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-19 22:56 . 2007-11-15 15:11 137976 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-19 08:18 . 2007-07-31 15:37 -------- d-----w- c:\program files\TightVNC
2010-09-19 07:55 . 2008-09-04 21:34 -------- d-----w- c:\program files\Microsoft
2010-09-19 07:41 . 2007-07-31 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-18 20:33 . 2009-04-04 23:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 20:11 . 2009-03-02 16:00 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-09-18 20:11 . 2009-03-02 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-09-18 20:11 . 2009-03-02 16:00 -------- d-----w- c:\program files\Prevx
2010-09-17 07:09 . 2009-07-31 06:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-17 07:07 . 2007-07-31 21:22 -------- d-----w- c:\program files\CMenu
2010-09-17 07:01 . 2007-12-18 02:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-17 07:00 . 2007-08-03 06:24 -------- d-----w- c:\program files\SpywareBlaster
2010-09-17 06:56 . 2007-07-31 16:37 -------- d-----w- c:\program files\Desktop Armor
2010-09-17 04:25 . 2008-08-11 17:42 10760 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2010-09-17 02:56 . 2007-07-31 15:37 -------- d-----w- c:\program files\Google
2010-09-12 13:09 . 2008-02-14 05:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 18:20 . 2009-03-08 01:04 -------- d-----w- c:\program files\Rockstar Games
2010-08-29 03:19 . 2007-08-02 00:15 1209 ----a-w- c:\windows\EReg223.dat
2010-08-28 01:59 . 2009-11-03 17:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-28 01:59 . 2007-08-09 00:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-25 23:59 . 2007-08-01 11:24 -------- d-----w- c:\program files\EvilLyrics
2010-08-13 02:27 . 2007-08-15 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-08-09 09:13 . 2009-06-06 22:24 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-08 11:49 . 2010-03-21 14:39 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-08-03 02:23 . 2008-07-18 12:48 -------- d-----w- c:\program files\Recuva
2010-07-26 17:47 . 2010-06-18 06:46 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-26 17:47 . 2010-06-18 06:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-26 17:47 . 2010-06-18 06:46 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2010-07-09 14:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2010-07-09 14:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2010-07-09 14:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24 . 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46 . 2008-12-04 13:26 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:31 . 2007-07-27 15:33 149504 ----a-w- c:\windows\system32\schannel.dll
2008-08-19 08:17 . 2008-08-19 08:17 8 --sh--r- c:\windows\system32\21847BA199.sys
2009-12-21 14:57 . 2008-08-19 08:17 1994 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2009-01-04 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-01-04 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-07-27 . E6B15BCC470953E600EF7ADED3CAB142 . 360704 . . [5.1.2600.3002] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Armor"="c:\program files\Desktop Armor\DesktopArmor.exe" [2004-12-16 1056768]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ShellState"= 2400000038080000000000000000000000000000010000000d0000000000000000000000

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-17 07:09 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0bootdelete\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\update.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GIGABYTE\\ET5\\update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Games\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe"=
"c:\\Games\\S.T.A.L.K.E.R\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Games\\Gunbound\\GunboundWC\\GunBound.gme"=
"c:\\Games\\Steam\\Steam.exe"=
"c:\\Games\\Steam\\steamapps\\[email protected]\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Websites\\PAMPA\\PAMPA\\mysql\\bin\\mysqld-nt.exe"=
"c:\\Websites\\PAMPA\\PAMPA\\apache\\bin\\httpd.exe"=
"c:\\Games\\Catan-Insel\\Catan.exe"=
"c:\\Games\\Bionic Commando Rearmed\\bcr.exe"=
"c:\\Games\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Games\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\TlkEdit2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Games\\Steam\\steamapps\\common\\jade empire\\JadeEmpireLauncher.exe"=
"c:\\Games\\Steam\\steamapps\\common\\jade empire\\JadeEmpireConfig.exe"=
"c:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Games\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Games\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Games\\GTA IV\\EFLC\\EFLC.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Games\\PazaakCantina\\PazaakCantina.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Games\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Games\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Games\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 iastor75;iastor75;c:\windows\system32\drivers\iaStor75.sys [27-7-2007 17:55 304920]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2-3-2009 18:00 30320]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [7-8-2007 20:23 131840]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [7-8-2007 20:23 4608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28-7-2009 10:53 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-7-2009 10:53 67656]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [18-9-2010 22:11 73216]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26-3-2009 23:05 54960]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [25-11-2005 17:43 31896]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [18-9-2010 22:11 24400]
S1 c58da826;c58da826;c:\windows\system32\drivers\c58da826.sys --> c:\windows\system32\drivers\c58da826.sys [?]
S2 axjpawva;Microsoft IntelliPoint Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 14:00 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S3 csiscanner;CSIScanner;c:\program files\Prevx\prevx.exe [2-3-2009 18:00 6405168]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [10-9-2010 13:01 2320712]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17-6-2009 14:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-7-2009 10:53 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4-8-2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S4 gupdate1c9acbca60618c;Google Updateservice (gupdate1c9acbca60618c);c:\program files\Google\Update\GoogleUpdate.exe [24-3-2009 22:06 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8-8-2007 0:53 682232]
S4 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [8-7-2010 15:28 815704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
axjpawva
.
Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-31 19:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.babylon.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrlShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrl", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrlShift", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationShift", "2");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.contextmenuoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.country2Search", 80);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hotkeySelectionToggles", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.searchoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.historyoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.history", "googlebar");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.maxHistCnt", 10);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.savelastoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hidemenuoption", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-cbXPhFUK - cbXPhFUK.dll
AddRemove-Aangifte inkomstenbelasting 2008 voor ondernemers - c:\program files\Belastingdienst\Aangifte inkomstenbelasting voor ondernemers\2008\wa2008u.exe
AddRemove-BugOff - d:\1\Programs\DB\BugOff.exe
AddRemove-Mafia II_is1 - c:\games\Mafia II\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-View32 - d:\1\DVDPrograms\FR Atlas\UNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 23:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Click to expand...

Rest following in next post.
 
Rest:

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-682003330-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,aa,32,da,47,11,76,4c,b0,cb,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,aa,32,da,47,11,76,4c,b0,cb,a9,\

[HKEY_USERS\S-1-5-21-583907252-682003330-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:81,a4,99,f8,ac,4d,29,33,e3,82,9e,d6,f9,b5,97,27,72,27,77,d9,6c,
3e,8b,6d,39,ce,75,1e,de,f2,46,ff,39,aa,7d,54,cb,d1,3d,e9,5b,c3,1e,33,52,41,\
"rkeysecu"=hex:75,63,c5,8a,2d,60,a3,b4,a8,44,38,6f,45,41,02,16

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•A~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="98CE31A8157AA1EC3C308F4BA6DBD2AD8D3CA533F084224326B863C8119AA6C90CF91C19C433C1CC8F436C2B74B16E5A7EB1ECDB0AC4DBB5A0BEB657196B5B8C0DC93918DB889CC1C7BB5EF7F30C39C8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB34528EDD5E5BE2F6E667D666FD683CC6A0C717E758C746EAC2C3522742AD6ACA587CDE73CC5DF0D0EEEB68EEA89449B5B86D902AC419D9231A11DDD3CA5C94F3870E00755B2D606F2EB7D9452B7ECEA77709E9005EB2AB5CCC3F73DEC606CDF0BC06858CDFF844F6DFAF44BA29D94E3F9902123F45D41F06250DF5BEF3927F24709A67F055F02D58C724D46B7942989F526189FECB1F6D9663DDDC2D44CC66748FA7331DE829FB0F1F8A4C30A9B258F1C754689E7C1B2309B8B7B2A8DAE415CC792E08CFFD1AE71493FA01A9778E88E392AED73E14B02058CC4698F2946D711B81D19A0DAAA07C6746B25B3D561BF724426597C281309B89BAD73F91FB5EB5D270D9B21BBA7C188ECB13D8136E7F4C69D712F8556ACA1C9F12DFEE50D4136FEA82B2AD062BD36D0EADA10B161CCBFAE9CA72E06327977FA455F504BC134BFEDC67EBFA9B2FAC03F367051677ED70D1E48369CC9EC4907627FB536D28E0A99C28C3399FF0AD74B34F6D8B35AA28C26E99E0FB48FA031484B86F57ACA81CB6CFCE2F7333DA407CAEB4A027346841FBC7CC345476335664056E11065B9AD5DBF558B49561F736F676B9DC6AF4ACE43A22C644418D42E6A8A2623305A319D36A44CE55C0EB2312FE62FAED906CB7F27D9BD5CAB2586B136A5E311BA0C4098F943EC0853726820A0F9B9894F3A38C7FACA3C7F5BF34B3E9980E7E06C6128DB6F2BCC0AC62797C8888A3368698397451917D74E7239462B085D96D220973942A00EE67A64C60BB2DAECA7AEC21DCFBE457C0B1B6397E065F68BD2A132163497F9BD64C4427EC30C82BB892E5D6D47267905A5E6B058D6F22590B61EE68711E8109C98FC8C4410DE289E6AC7F27F9EC3FB3095A852C6F3459D868C3C0DD414AAD6F71D4EB9E184835BA27FC41A1B9C203186009F5F6E52D9B494C8888A40948335ACAC05B50BB9DAF13993B23FC150F7CFC49D423D547772F7003E737039555F939A87FB5180E8CF3CA36A31392A1B4AD82FDAAE7D9FEF49177AFA03764C4F31A5F31BF0F5C82D8597E4775EFDC89D5C92F10F88F380A49726F4573E0D70B6AE1045D33EEA32108692F6C7312FD085B36EBE1B660CBFB5E38498D270410EE41D2437B10531A8766623F97E63FBA6FF090062CDA8C1179617AD9A40463E38B49229C2C92AA106383B7780F99B67CA507272FF96340ABBE4484DEFBD8364F1192BAF166F85AF77BB08F88EEDCA850"
"OODEFRAG14.00.00.01PROFESSIONAL"="2D31042E50B9AE11628C6865A2D438B0E03E0A2F316A14A748F3A3933EAEB0064517D0498BAC059765266F0ADEAFDE77D5AC58775B357ABFD4B660892DF87141906B2F957F87784F3A20DFDD4365EB99820DFB31CC482719D10D3AA4B7D8B984DC67944F9E8DDB6182B0AE242B0E3F9B7FBA87C9E32BA9AF6B1100175E66E3658C06AE933207749C75570503C0402BA2F6D3C08F52E7FE23E1A2B4FBFA3E3C1E1409DC61D4C27CF2DC54BD04061C777B29B99F371D8D1D3988630FCE367E038AFCF3B120F60FA1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB34525D575E7D6A3B9808819BA5A98E3E2DCA410648684FA0415CA68C085C6303FD524A61CC3B50D9EBD19260574943B31F686D60CB2C152ECAD41ACE508E5BBD6D058526C0178C4705003429E5AAAF895387B9F5C604A2D4B49CC7E78B1469908C46474563371219B23301BF0C3D28E3021FDA4957BC347C681A9DACD43453C713095688F17FD09F9F093B85C7A2E43AE71EA96D5D55EC63D227AC888CEBC185BFB31D506F8B9B817B19466EDCB182554464240D7B80D09663922CF8596B46BDD3A1AA8FA0A82B38F668A80354F402D35AC6E9E59B27497C8F9DF411A41851B99522324E11D71911C97410DEF5A9462BF00E40C86863A44ACFFE06759A8B39954E780BA60FCD652F2E2DCAB3D3C3989F5678919AD185938D21DF00E1AB0F39414BDB2E482BF4F4076476CD44BFE9A6CD57B6E7558E112C2404DEAAA40F25EF045E753C773CEA8CE2ACA6306950F57EA24AECF58594BDE6C4FC0D6D9FBC82DEF35E66F8895E01D9E0CF8CAE10E1761661053591CC9F76A17493F15749F28F6C8022C1486BEBBC6A729667A9B693AEC4A2E21C31E031DB1E9056071A2C3167E4688A8C381B0BD7B35C51EA23F3C714484F4422F3890E400148D5B90DE4BC5CF3417743F5AD1EBF0CBA523E446E26D140260EBD99A63CAB559F25EC28A79F732DF24ED4D3485295AD79EEFD59E219C531BAA5D60627895906ED5EF50B3A2763073CF9A4CAA794AEB9DA83BAD022D00482F3F74AC4110539E5DF9D1FF4F6E3195CAB6609749A969533F36D78C08F4052020C746A01FD04EEAA7483A64FCAAAB46A27084D8F05508781308F2E5FA31EA9DF118EF90C9B9D51EC7F34BEA1BA168C55E751B07F5D79766FCBD14808EBE43BB0683F35DA292EEC2B29D88C995A02A7A1F9BD64CA2F91862DDA9D28BC865567EBC500C585FE5780C46C1F2B0B558FC23BBECA139C19DA12CD40E0A120A972456FB5D0CE4A83FA7F819AB5A76AE9A44EEF69FA54C3CFDBA6493710F9F99B02A0F99537E409B5C1920AD5D284D16A69EFF084D03933995D0679CCA170B6BA1076309A3990C7"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2648)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-23 23:42:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-23 21:42

Pre-Run: 58.353.008.640 bytes free
Post-Run: 58.268.770.304 bytes free

- - End Of File - - 3943EB8F49039DE5DA39C962E5F5CE76
Click to expand...
 
I ran it again just now, here's the log from that run:

ComboFix 10-09-23.01 - Administrator 24-09-2010 3:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3185 [GMT 2:00]
Running from: c:\dl\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\PC Camer@
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\RemoveC
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\Remove64C
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\PAC207
2010-09-24 00:07 . 2004-08-04 12:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-09-24 00:06 . 2001-08-17 20:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2010-09-24 00:04 . 2001-08-17 10:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2010-09-24 00:03 . 2001-08-17 10:12 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-09-24 00:02 . 2001-08-17 20:36 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-09-23 23:57 . 2010-09-23 23:57 -------- d-----w- c:\program files\Trend Micro
2010-09-23 22:17 . 2010-09-23 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Gyazo
2010-09-23 22:17 . 2010-09-23 22:17 -------- d-----w- c:\program files\Gyazo
2010-09-23 19:59 . 2010-09-23 19:59 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-09-23 19:27 . 2004-08-03 23:15 107904 ----a-w- c:\windows\system32\drivers\mup.sys
2010-09-23 19:27 . 2004-08-03 23:15 107904 ----a-w- c:\windows\system32\dllcache\mup.sys
2010-09-23 18:37 . 2010-09-23 22:51 -------- d-----w- c:\windows\tmp
2010-09-23 00:48 . 2010-09-23 00:48 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-09-22 00:17 . 2010-09-23 21:42 -------- d-----w- C:\oQoobox
2010-09-21 11:23 . 2010-09-21 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a86cc3-n\decora-sse.dll
2010-09-21 11:23 . 2010-09-21 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\msvcp71.dll
2010-09-21 11:23 . 2010-09-21 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\jmc.dll
2010-09-21 11:23 . 2010-09-21 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\msvcr71.dll
2010-09-21 11:23 . 2010-09-21 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a86cc3-n\decora-d3d.dll
2010-09-21 11:22 . 2010-09-21 11:22 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-09-21 11:22 . 2010-09-21 11:22 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-09-21 11:06 . 2010-09-21 11:07 -------- d-----w- c:\program files\ERUNT
2010-09-21 08:21 . 2010-09-21 08:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-20 13:06 . 2010-09-20 13:06 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-20 13:06 . 2010-09-20 13:06 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-20 12:48 . 2010-09-20 12:48 -------- d-----w- c:\program files\OO Software
2010-09-20 12:45 . 2010-09-20 12:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-09-18 20:11 . 2010-09-18 20:11 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-18 20:11 . 2010-09-18 20:11 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-09-11 14:20 . 2010-09-11 14:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Chime
2010-09-11 14:20 . 2010-09-11 14:20 -------- d-----w- c:\program files\Microsoft XNA
2010-09-10 11:02 . 2010-09-10 11:02 1556808 ----a-w- c:\windows\system32\ooscrsav.scr
2010-09-10 11:01 . 2010-09-10 11:01 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-09-10 10:59 . 2010-09-10 10:59 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-09-10 10:59 . 2010-09-10 10:59 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-09-09 19:28 . 2010-09-18 18:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mumble
2010-09-09 19:28 . 2010-09-09 19:28 -------- d-----w- c:\program files\Mumble
2010-09-05 12:18 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-05 12:18 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-05 12:18 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-05 12:18 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-02 17:56 . 2010-09-02 23:35 183656 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-28 02:03 . 2010-08-28 02:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\2K Games
2010-08-28 01:59 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-28 01:59 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-28 01:59 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-28 01:59 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 01:27 . 2007-07-31 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-09-24 01:27 . 2007-07-31 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Babylon
2010-09-24 00:52 . 2008-04-02 13:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-09-23 23:29 . 2007-07-31 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\MailWasherPro
2010-09-23 20:04 . 2008-08-31 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-23 19:59 . 2010-09-23 19:59 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-09-23 05:29 . 2009-03-09 21:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-23 02:18 . 2007-07-31 15:37 -------- d-----w- c:\program files\GetRight
2010-09-23 00:48 . 2010-05-23 22:31 -------- d-----w- c:\program files\AIM
2010-09-21 11:32 . 2009-12-15 15:03 188152 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\FlashGot.exe
2010-09-21 11:23 . 2007-07-31 14:39 -------- d-----w- c:\program files\Common Files\Java
2010-09-21 11:23 . 2010-06-23 13:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-21 11:23 . 2007-07-31 14:39 -------- d-----w- c:\program files\Java
2010-09-21 10:48 . 2007-09-06 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-20 13:06 . 2009-07-31 06:57 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-20 12:57 . 2009-05-05 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 12:09 . 2009-06-17 16:19 41 ----a-w- c:\windows\popcinfot.dat
2010-09-20 01:09 . 2007-11-15 15:11 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-19 22:56 . 2007-11-15 15:11 137976 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-19 08:18 . 2007-07-31 15:37 -------- d-----w- c:\program files\TightVNC
2010-09-19 07:55 . 2008-09-04 21:34 -------- d-----w- c:\program files\Microsoft
2010-09-19 07:41 . 2007-07-31 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-18 20:33 . 2009-04-04 23:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 20:11 . 2009-03-02 16:00 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-09-18 20:11 . 2009-03-02 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-09-18 20:11 . 2009-03-02 16:00 -------- d-----w- c:\program files\Prevx
2010-09-17 07:09 . 2009-07-31 06:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-17 07:07 . 2007-07-31 21:22 -------- d-----w- c:\program files\CMenu
2010-09-17 07:01 . 2007-12-18 02:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-17 07:00 . 2007-08-03 06:24 -------- d-----w- c:\program files\SpywareBlaster
2010-09-17 06:56 . 2007-07-31 16:37 -------- d-----w- c:\program files\Desktop Armor
2010-09-17 04:25 . 2008-08-11 17:42 10760 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2010-09-17 02:56 . 2007-07-31 15:37 -------- d-----w- c:\program files\Google
2010-09-12 13:09 . 2008-02-14 05:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 18:20 . 2009-03-08 01:04 -------- d-----w- c:\program files\Rockstar Games
2010-08-29 03:19 . 2007-08-02 00:15 1209 ----a-w- c:\windows\EReg223.dat
2010-08-28 01:59 . 2009-11-03 17:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-28 01:59 . 2007-08-09 00:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-25 23:59 . 2007-08-01 11:24 -------- d-----w- c:\program files\EvilLyrics
2010-08-13 02:27 . 2007-08-15 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-08-09 09:13 . 2009-06-06 22:24 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-08 11:49 . 2010-03-21 14:39 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-08-03 02:23 . 2008-07-18 12:48 -------- d-----w- c:\program files\Recuva
2010-07-27 06:30 . 2007-07-27 15:33 8462336 ----a-w- c:\windows\system32\shell32.dll.tmp
2010-07-26 17:47 . 2010-06-18 06:46 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-26 17:47 . 2010-06-18 06:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-26 17:47 . 2010-06-18 06:46 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2010-07-09 14:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2010-07-09 14:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2010-07-09 14:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24 . 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46 . 2008-12-04 13:26 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:31 . 2007-07-27 15:33 149504 ----a-w- c:\windows\system32\schannel.dll
2008-08-19 08:17 . 2008-08-19 08:17 8 --sh--r- c:\windows\system32\21847BA199.sys
2009-12-21 14:57 . 2008-08-19 08:17 1994 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Armor"="c:\program files\Desktop Armor\DesktopArmor.exe" [2004-12-16 1056768]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ShellState"= 2400000038080000000000000000000000000000010000000d0000000000000000000000

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-17 07:09 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0bootdelete\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\update.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GIGABYTE\\ET5\\update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Games\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe"=
"c:\\Games\\S.T.A.L.K.E.R\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Games\\Gunbound\\GunboundWC\\GunBound.gme"=
"c:\\Games\\Steam\\Steam.exe"=
"c:\\Games\\Steam\\steamapps\\[email protected]\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Websites\\PAMPA\\PAMPA\\mysql\\bin\\mysqld-nt.exe"=
"c:\\Websites\\PAMPA\\PAMPA\\apache\\bin\\httpd.exe"=
"c:\\Games\\Catan-Insel\\Catan.exe"=
"c:\\Games\\Bionic Commando Rearmed\\bcr.exe"=
"c:\\Games\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Games\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\TlkEdit2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Games\\Steam\\steamapps\\common\\jade empire\\JadeEmpireLauncher.exe"=
"c:\\Games\\Steam\\steamapps\\common\\jade empire\\JadeEmpireConfig.exe"=
"c:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Games\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Games\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Games\\GTA IV\\EFLC\\EFLC.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Games\\PazaakCantina\\PazaakCantina.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Games\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Games\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Games\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 iastor75;iastor75;c:\windows\system32\drivers\iaStor75.sys [27-7-2007 17:55 304920]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2-3-2009 18:00 30320]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [7-8-2007 20:23 131840]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [7-8-2007 20:23 4608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28-7-2009 10:53 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-7-2009 10:53 67656]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [18-9-2010 22:11 73216]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26-3-2009 23:05 54960]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [25-11-2005 17:43 31896]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [18-9-2010 22:11 24400]
S1 c58da826;c58da826;c:\windows\system32\drivers\c58da826.sys --> c:\windows\system32\drivers\c58da826.sys [?]
S2 axjpawva;Microsoft IntelliPoint Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 14:00 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S3 csiscanner;CSIScanner;c:\program files\Prevx\prevx.exe [2-3-2009 18:00 6405168]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [10-9-2010 13:01 2320712]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17-6-2009 14:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-7-2009 10:53 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4-8-2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S4 gupdate1c9acbca60618c;Google Updateservice (gupdate1c9acbca60618c);c:\program files\Google\Update\GoogleUpdate.exe [24-3-2009 22:06 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8-8-2007 0:53 682232]
S4 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [8-7-2010 15:28 815704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
axjpawva
.
Contents of the 'Scheduled Tasks' folder

2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-31 19:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.babylon.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrlShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrl", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrlShift", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationShift", "2");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.contextmenuoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.country2Search", 80);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hotkeySelectionToggles", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.searchoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.historyoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.history", "googlebar");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.maxHistCnt", 10);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.savelastoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hidemenuoption", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 03:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Click to expand...

Again splitting in two post cause of character limit.
 
The rest again:

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-682003330-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,aa,32,da,47,11,76,4c,b0,cb,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,aa,32,da,47,11,76,4c,b0,cb,a9,\

[HKEY_USERS\S-1-5-21-583907252-682003330-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:81,a4,99,f8,ac,4d,29,33,e3,82,9e,d6,f9,b5,97,27,72,27,77,d9,6c,
3e,8b,6d,39,ce,75,1e,de,f2,46,ff,39,aa,7d,54,cb,d1,3d,e9,5b,c3,1e,33,52,41,\
"rkeysecu"=hex:75,63,c5,8a,2d,60,a3,b4,a8,44,38,6f,45,41,02,16

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•A~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="98CE31A8157AA1EC3C308F4BA6DBD2AD8D3CA533F084224326B863C8119AA6C90CF91C19C433C1CC8F436C2B74B16E5A7EB1ECDB0AC4DBB5A0BEB657196B5B8C0DC93918DB889CC1C7BB5EF7F30C39C8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB34528EDD5E5BE2F6E667D666FD683CC6A0C717E758C746EAC2C3522742AD6ACA587CDE73CC5DF0D0EEEB68EEA89449B5B86D902AC419D9231A11DDD3CA5C94F3870E00755B2D606F2EB7D9452B7ECEA77709E9005EB2AB5CCC3F73DEC606CDF0BC06858CDFF844F6DFAF44BA29D94E3F9902123F45D41F06250DF5BEF3927F24709A67F055F02D58C724D46B7942989F526189FECB1F6D9663DDDC2D44CC66748FA7331DE829FB0F1F8A4C30A9B258F1C754689E7C1B2309B8B7B2A8DAE415CC792E08CFFD1AE71493FA01A9778E88E392AED73E14B02058CC4698F2946D711B81D19A0DAAA07C6746B25B3D561BF724426597C281309B89BAD73F91FB5EB5D270D9B21BBA7C188ECB13D8136E7F4C69D712F8556ACA1C9F12DFEE50D4136FEA82B2AD062BD36D0EADA10B161CCBFAE9CA72E06327977FA455F504BC134BFEDC67EBFA9B2FAC03F367051677ED70D1E48369CC9EC4907627FB536D28E0A99C28C3399FF0AD74B34F6D8B35AA28C26E99E0FB48FA031484B86F57ACA81CB6CFCE2F7333DA407CAEB4A027346841FBC7CC345476335664056E11065B9AD5DBF558B49561F736F676B9DC6AF4ACE43A22C644418D42E6A8A2623305A319D36A44CE55C0EB2312FE62FAED906CB7F27D9BD5CAB2586B136A5E311BA0C4098F943EC0853726820A0F9B9894F3A38C7FACA3C7F5BF34B3E9980E7E06C6128DB6F2BCC0AC62797C8888A3368698397451917D74E7239462B085D96D220973942A00EE67A64C60BB2DAECA7AEC21DCFBE457C0B1B6397E065F68BD2A132163497F9BD64C4427EC30C82BB892E5D6D47267905A5E6B058D6F22590B61EE68711E8109C98FC8C4410DE289E6AC7F27F9EC3FB3095A852C6F3459D868C3C0DD414AAD6F71D4EB9E184835BA27FC41A1B9C203186009F5F6E52D9B494C8888A40948335ACAC05B50BB9DAF13993B23FC150F7CFC49D423D547772F7003E737039555F939A87FB5180E8CF3CA36A31392A1B4AD82FDAAE7D9FEF49177AFA03764C4F31A5F31BF0F5C82D8597E4775EFDC89D5C92F10F88F380A49726F4573E0D70B6AE1045D33EEA32108692F6C7312FD085B36EBE1B660CBFB5E38498D270410EE41D2437B10531A8766623F97E63FBA6FF090062CDA8C1179617AD9A40463E38B49229C2C92AA106383B7780F99B67CA507272FF96340ABBE4484DEFBD8364F1192BAF166F85AF77BB08F88EEDCA850"
"OODEFRAG14.00.00.01PROFESSIONAL"="2D31042E50B9AE11628C6865A2D438B0E03E0A2F316A14A748F3A3933EAEB0064517D0498BAC059765266F0ADEAFDE77D5AC58775B357ABFD4B660892DF87141906B2F957F87784F3A20DFDD4365EB99820DFB31CC482719D10D3AA4B7D8B984DC67944F9E8DDB6182B0AE242B0E3F9B7FBA87C9E32BA9AF6B1100175E66E3658C06AE933207749C75570503C0402BA2F6D3C08F52E7FE23E1A2B4FBFA3E3C1E1409DC61D4C27CF2DC54BD04061C777B29B99F371D8D1D3988630FCE367E038AFCF3B120F60FA1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB34525D575E7D6A3B9808819BA5A98E3E2DCA410648684FA0415CA68C085C6303FD524A61CC3B50D9EBD19260574943B31F686D60CB2C152ECAD41ACE508E5BBD6D058526C0178C4705003429E5AAAF895387B9F5C604A2D4B49CC7E78B1469908C46474563371219B23301BF0C3D28E3021FDA4957BC347C681A9DACD43453C713095688F17FD09F9F093B85C7A2E43AE71EA96D5D55EC63D227AC888CEBC185BFB31D506F8B9B817B19466EDCB182554464240D7B80D09663922CF8596B46BDD3A1AA8FA0A82B38F668A80354F402D35AC6E9E59B27497C8F9DF411A41851B99522324E11D71911C97410DEF5A9462BF00E40C86863A44ACFFE06759A8B39954E780BA60FCD652F2E2DCAB3D3C3989F5678919AD185938D21DF00E1AB0F39414BDB2E482BF4F4076476CD44BFE9A6CD57B6E7558E112C2404DEAAA40F25EF045E753C773CEA8CE2ACA6306950F57EA24AECF58594BDE6C4FC0D6D9FBC82DEF35E66F8895E01D9E0CF8CAE10E1761661053591CC9F76A17493F15749F28F6C8022C1486BEBBC6A729667A9B693AEC4A2E21C31E031DB1E9056071A2C3167E4688A8C381B0BD7B35C51EA23F3C714484F4422F3890E400148D5B90DE4BC5CF3417743F5AD1EBF0CBA523E446E26D140260EBD99A63CAB559F25EC28A79F732DF24ED4D3485295AD79EEFD59E219C531BAA5D60627895906ED5EF50B3A2763073CF9A4CAA794AEB9DA83BAD022D00482F3F74AC4110539E5DF9D1FF4F6E3195CAB6609749A969533F36D78C08F4052020C746A01FD04EEAA7483A64FCAAAB46A27084D8F05508781308F2E5FA31EA9DF118EF90C9B9D51EC7F34BEA1BA168C55E751B07F5D79766FCBD14808EBE43BB0683F35DA292EEC2B29D88C995A02A7A1F9BD64CA2F91862DDA9D28BC865567EBC500C585FE5780C46C1F2B0B558FC23BBECA139C19DA12CD40E0A120A972456FB5D0CE4A83FA7F819AB5A76AE9A44EEF69FA54C3CFDBA6493710F9F99B02A0F99537E409B5C1920AD5D284D16A69EFF084D03933995D0679CCA170B6BA1076309A3990C7"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2544)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-24 03:36:21
ComboFix-quarantined-files.txt 2010-09-24 01:36

Pre-Run: 57.423.650.816 bytes free
Post-Run: 57.409.605.632 bytes free

- - End Of File - - 64C2293E468A782A7FF33F35C5A3B1B7
Click to expand...
 
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
File::
c:\windows\system32\drivers\c58da826.sys 

Driver::
c58da826



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
I just found another one that needs to go.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Driver::
axjpawva

NetSvc::
axjpawva

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
I dropped the file and it did another full scan and then rebooted.

Here is the log:

ComboFix 10-09-23.01 - Administrator 24-09-2010 4:14.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3145 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\c58da826.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_c58da826


((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\PC Camer@
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\RemoveC
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\Remove64C
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\PAC207
2010-09-24 00:07 . 2004-08-04 12:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-09-24 00:06 . 2001-08-17 20:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2010-09-24 00:04 . 2001-08-17 10:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2010-09-24 00:03 . 2001-08-17 10:12 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-09-24 00:02 . 2001-08-17 20:36 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-09-23 23:57 . 2010-09-23 23:57 -------- d-----w- c:\program files\Trend Micro
2010-09-23 22:17 . 2010-09-23 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Gyazo
2010-09-23 22:17 . 2010-09-23 22:17 -------- d-----w- c:\program files\Gyazo
2010-09-23 19:59 . 2010-09-23 19:59 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-09-23 19:27 . 2004-08-03 23:15 107904 ----a-w- c:\windows\system32\drivers\mup.sys
2010-09-23 19:27 . 2004-08-03 23:15 107904 ----a-w- c:\windows\system32\dllcache\mup.sys
2010-09-23 18:37 . 2010-09-23 22:51 -------- d-----w- c:\windows\tmp
2010-09-23 00:48 . 2010-09-23 00:48 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-09-22 00:17 . 2010-09-23 21:42 -------- d-----w- C:\oQoobox
2010-09-21 11:23 . 2010-09-21 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a86cc3-n\decora-sse.dll
2010-09-21 11:23 . 2010-09-21 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\msvcp71.dll
2010-09-21 11:23 . 2010-09-21 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\jmc.dll
2010-09-21 11:23 . 2010-09-21 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\msvcr71.dll
2010-09-21 11:23 . 2010-09-21 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a86cc3-n\decora-d3d.dll
2010-09-21 11:22 . 2010-09-21 11:22 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-09-21 11:22 . 2010-09-21 11:22 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-09-21 11:06 . 2010-09-21 11:07 -------- d-----w- c:\program files\ERUNT
2010-09-21 08:21 . 2010-09-21 08:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-20 13:06 . 2010-09-20 13:06 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-20 13:06 . 2010-09-20 13:06 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-20 12:48 . 2010-09-20 12:48 -------- d-----w- c:\program files\OO Software
2010-09-20 12:45 . 2010-09-20 12:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-09-18 20:11 . 2010-09-18 20:11 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-18 20:11 . 2010-09-18 20:11 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-09-11 14:20 . 2010-09-11 14:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Chime
2010-09-11 14:20 . 2010-09-11 14:20 -------- d-----w- c:\program files\Microsoft XNA
2010-09-10 11:02 . 2010-09-10 11:02 1556808 ----a-w- c:\windows\system32\ooscrsav.scr
2010-09-10 11:01 . 2010-09-10 11:01 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-09-10 10:59 . 2010-09-10 10:59 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-09-10 10:59 . 2010-09-10 10:59 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-09-09 19:28 . 2010-09-18 18:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mumble
2010-09-09 19:28 . 2010-09-09 19:28 -------- d-----w- c:\program files\Mumble
2010-09-05 12:18 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-05 12:18 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-05 12:18 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-05 12:18 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-02 17:56 . 2010-09-02 23:35 183656 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-28 02:03 . 2010-08-28 02:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\2K Games
2010-08-28 01:59 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-28 01:59 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-28 01:59 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-28 01:59 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 02:11 . 2007-07-31 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Babylon
2010-09-24 02:11 . 2007-07-31 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-09-24 00:52 . 2008-04-02 13:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-09-23 23:29 . 2007-07-31 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\MailWasherPro
2010-09-23 20:04 . 2008-08-31 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-23 19:59 . 2010-09-23 19:59 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-09-23 05:29 . 2009-03-09 21:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-23 02:18 . 2007-07-31 15:37 -------- d-----w- c:\program files\GetRight
2010-09-23 00:48 . 2010-05-23 22:31 -------- d-----w- c:\program files\AIM
2010-09-21 11:32 . 2009-12-15 15:03 188152 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\FlashGot.exe
2010-09-21 11:23 . 2007-07-31 14:39 -------- d-----w- c:\program files\Common Files\Java
2010-09-21 11:23 . 2010-06-23 13:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-21 11:23 . 2007-07-31 14:39 -------- d-----w- c:\program files\Java
2010-09-21 10:48 . 2007-09-06 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-20 13:06 . 2009-07-31 06:57 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-20 12:57 . 2009-05-05 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 12:09 . 2009-06-17 16:19 41 ----a-w- c:\windows\popcinfot.dat
2010-09-20 01:09 . 2007-11-15 15:11 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-19 22:56 . 2007-11-15 15:11 137976 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-19 08:18 . 2007-07-31 15:37 -------- d-----w- c:\program files\TightVNC
2010-09-19 07:55 . 2008-09-04 21:34 -------- d-----w- c:\program files\Microsoft
2010-09-19 07:41 . 2007-07-31 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-18 20:33 . 2009-04-04 23:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 20:11 . 2009-03-02 16:00 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-09-18 20:11 . 2009-03-02 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-09-18 20:11 . 2009-03-02 16:00 -------- d-----w- c:\program files\Prevx
2010-09-17 07:09 . 2009-07-31 06:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-17 07:07 . 2007-07-31 21:22 -------- d-----w- c:\program files\CMenu
2010-09-17 07:01 . 2007-12-18 02:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-17 07:00 . 2007-08-03 06:24 -------- d-----w- c:\program files\SpywareBlaster
2010-09-17 06:56 . 2007-07-31 16:37 -------- d-----w- c:\program files\Desktop Armor
2010-09-17 04:25 . 2008-08-11 17:42 10760 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2010-09-17 02:56 . 2007-07-31 15:37 -------- d-----w- c:\program files\Google
2010-09-12 13:09 . 2008-02-14 05:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 18:20 . 2009-03-08 01:04 -------- d-----w- c:\program files\Rockstar Games
2010-08-29 03:19 . 2007-08-02 00:15 1209 ----a-w- c:\windows\EReg223.dat
2010-08-28 01:59 . 2009-11-03 17:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-28 01:59 . 2007-08-09 00:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-25 23:59 . 2007-08-01 11:24 -------- d-----w- c:\program files\EvilLyrics
2010-08-13 02:27 . 2007-08-15 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-08-09 09:13 . 2009-06-06 22:24 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-08 11:49 . 2010-03-21 14:39 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-08-03 02:23 . 2008-07-18 12:48 -------- d-----w- c:\program files\Recuva
2010-07-27 06:30 . 2007-07-27 15:33 8462336 ----a-w- c:\windows\system32\shell32.dll.tmp
2010-07-26 17:47 . 2010-06-18 06:46 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-26 17:47 . 2010-06-18 06:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-26 17:47 . 2010-06-18 06:46 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2010-07-09 14:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2010-07-09 14:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2010-07-09 14:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24 . 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46 . 2008-12-04 13:26 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:31 . 2007-07-27 15:33 149504 ----a-w- c:\windows\system32\schannel.dll
2008-08-19 08:17 . 2008-08-19 08:17 8 --sh--r- c:\windows\system32\21847BA199.sys
2009-12-21 14:57 . 2008-08-19 08:17 1994 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-24_01.35.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-24 02:20 . 2010-09-24 02:20 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Armor"="c:\program files\Desktop Armor\DesktopArmor.exe" [2004-12-16 1056768]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ShellState"= 2400000038080000000000000000000000000000010000000d0000000000000000000000

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-17 07:09 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0bootdelete\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\update.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GIGABYTE\\ET5\\update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Games\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe"=
"c:\\Games\\S.T.A.L.K.E.R\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Games\\Gunbound\\GunboundWC\\GunBound.gme"=
"c:\\Games\\Steam\\Steam.exe"=
"c:\\Games\\Steam\\steamapps\\[email protected]\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Websites\\PAMPA\\PAMPA\\mysql\\bin\\mysqld-nt.exe"=
"c:\\Websites\\PAMPA\\PAMPA\\apache\\bin\\httpd.exe"=
"c:\\Games\\Catan-Insel\\Catan.exe"=
"c:\\Games\\Bionic Commando Rearmed\\bcr.exe"=
"c:\\Games\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Games\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\TlkEdit2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Games\\Steam\\steamapps\\common\\jade empire\\JadeEmpireLauncher.exe"=
"c:\\Games\\Steam\\steamapps\\common\\jade empire\\JadeEmpireConfig.exe"=
"c:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Games\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Games\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Games\\GTA IV\\EFLC\\EFLC.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Games\\PazaakCantina\\PazaakCantina.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Games\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Games\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Games\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 iastor75;iastor75;c:\windows\system32\drivers\iaStor75.sys [27-7-2007 17:55 304920]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2-3-2009 18:00 30320]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [7-8-2007 20:23 131840]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [7-8-2007 20:23 4608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28-7-2009 10:53 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-7-2009 10:53 67656]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [18-9-2010 22:11 73216]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26-3-2009 23:05 54960]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [25-11-2005 17:43 31896]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [18-9-2010 22:11 24400]
S2 axjpawva;Microsoft IntelliPoint Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 14:00 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S3 csiscanner;CSIScanner;c:\program files\Prevx\prevx.exe [2-3-2009 18:00 6405168]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [10-9-2010 13:01 2320712]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17-6-2009 14:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-7-2009 10:53 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4-8-2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S4 gupdate1c9acbca60618c;Google Updateservice (gupdate1c9acbca60618c);c:\program files\Google\Update\GoogleUpdate.exe [24-3-2009 22:06 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8-8-2007 0:53 682232]
S4 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [8-7-2010 15:28 815704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
axjpawva
.
Contents of the 'Scheduled Tasks' folder

2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-31 19:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.babylon.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrlShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrl", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrlShift", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationShift", "2");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.contextmenuoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.country2Search", 80);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hotkeySelectionToggles", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.searchoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.historyoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.history", "googlebar");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.maxHistCnt", 10);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.savelastoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hidemenuoption", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 04:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Click to expand...
 
And the rest:

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-682003330-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,aa,32,da,47,11,76,4c,b0,cb,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,aa,32,da,47,11,76,4c,b0,cb,a9,\

[HKEY_USERS\S-1-5-21-583907252-682003330-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:81,a4,99,f8,ac,4d,29,33,e3,82,9e,d6,f9,b5,97,27,72,27,77,d9,6c,
3e,8b,6d,39,ce,75,1e,de,f2,46,ff,39,aa,7d,54,cb,d1,3d,e9,5b,c3,1e,33,52,41,\
"rkeysecu"=hex:75,63,c5,8a,2d,60,a3,b4,a8,44,38,6f,45,41,02,16

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•A~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="98CE31A8157AA1EC3C308F4BA6DBD2AD8D3CA533F084224326B863C8119AA6C90CF91C19C433C1CC8F436C2B74B16E5A7EB1ECDB0AC4DBB5A0BEB657196B5B8C0DC93918DB889CC1C7BB5EF7F30C39C8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB34528EDD5E5BE2F6E667D666FD683CC6A0C717E758C746EAC2C3522742AD6ACA587CDE73CC5DF0D0EEEB68EEA89449B5B86D902AC419D9231A11DDD3CA5C94F3870E00755B2D606F2EB7D9452B7ECEA77709E9005EB2AB5CCC3F73DEC606CDF0BC06858CDFF844F6DFAF44BA29D94E3F9902123F45D41F06250DF5BEF3927F24709A67F055F02D58C724D46B7942989F526189FECB1F6D9663DDDC2D44CC66748FA7331DE829FB0F1F8A4C30A9B258F1C754689E7C1B2309B8B7B2A8DAE415CC792E08CFFD1AE71493FA01A9778E88E392AED73E14B02058CC4698F2946D711B81D19A0DAAA07C6746B25B3D561BF724426597C281309B89BAD73F91FB5EB5D270D9B21BBA7C188ECB13D8136E7F4C69D712F8556ACA1C9F12DFEE50D4136FEA82B2AD062BD36D0EADA10B161CCBFAE9CA72E06327977FA455F504BC134BFEDC67EBFA9B2FAC03F367051677ED70D1E48369CC9EC4907627FB536D28E0A99C28C3399FF0AD74B34F6D8B35AA28C26E99E0FB48FA031484B86F57ACA81CB6CFCE2F7333DA407CAEB4A027346841FBC7CC345476335664056E11065B9AD5DBF558B49561F736F676B9DC6AF4ACE43A22C644418D42E6A8A2623305A319D36A44CE55C0EB2312FE62FAED906CB7F27D9BD5CAB2586B136A5E311BA0C4098F943EC0853726820A0F9B9894F3A38C7FACA3C7F5BF34B3E9980E7E06C6128DB6F2BCC0AC62797C8888A3368698397451917D74E7239462B085D96D220973942A00EE67A64C60BB2DAECA7AEC21DCFBE457C0B1B6397E065F68BD2A132163497F9BD64C4427EC30C82BB892E5D6D47267905A5E6B058D6F22590B61EE68711E8109C98FC8C4410DE289E6AC7F27F9EC3FB3095A852C6F3459D868C3C0DD414AAD6F71D4EB9E184835BA27FC41A1B9C203186009F5F6E52D9B494C8888A40948335ACAC05B50BB9DAF13993B23FC150F7CFC49D423D547772F7003E737039555F939A87FB5180E8CF3CA36A31392A1B4AD82FDAAE7D9FEF49177AFA03764C4F31A5F31BF0F5C82D8597E4775EFDC89D5C92F10F88F380A49726F4573E0D70B6AE1045D33EEA32108692F6C7312FD085B36EBE1B660CBFB5E38498D270410EE41D2437B10531A8766623F97E63FBA6FF090062CDA8C1179617AD9A40463E38B49229C2C92AA106383B7780F99B67CA507272FF96340ABBE4484DEFBD8364F1192BAF166F85AF77BB08F88EEDCA850"
"OODEFRAG14.00.00.01PROFESSIONAL"="2D31042E50B9AE11628C6865A2D438B0E03E0A2F316A14A748F3A3933EAEB0064517D0498BAC059765266F0ADEAFDE77D5AC58775B357ABFD4B660892DF87141906B2F957F87784F3A20DFDD4365EB99820DFB31CC482719D10D3AA4B7D8B984DC67944F9E8DDB6182B0AE242B0E3F9B7FBA87C9E32BA9AF6B1100175E66E3658C06AE933207749C75570503C0402BA2F6D3C08F52E7FE23E1A2B4FBFA3E3C1E1409DC61D4C27CF2DC54BD04061C777B29B99F371D8D1D3988630FCE367E038AFCF3B120F60FA1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB34525D575E7D6A3B9808819BA5A98E3E2DCA410648684FA0415CA68C085C6303FD524A61CC3B50D9EBD19260574943B31F686D60CB2C152ECAD41ACE508E5BBD6D058526C0178C4705003429E5AAAF895387B9F5C604A2D4B49CC7E78B1469908C46474563371219B23301BF0C3D28E3021FDA4957BC347C681A9DACD43453C713095688F17FD09F9F093B85C7A2E43AE71EA96D5D55EC63D227AC888CEBC185BFB31D506F8B9B817B19466EDCB182554464240D7B80D09663922CF8596B46BDD3A1AA8FA0A82B38F668A80354F402D35AC6E9E59B27497C8F9DF411A41851B99522324E11D71911C97410DEF5A9462BF00E40C86863A44ACFFE06759A8B39954E780BA60FCD652F2E2DCAB3D3C3989F5678919AD185938D21DF00E1AB0F39414BDB2E482BF4F4076476CD44BFE9A6CD57B6E7558E112C2404DEAAA40F25EF045E753C773CEA8CE2ACA6306950F57EA24AECF58594BDE6C4FC0D6D9FBC82DEF35E66F8895E01D9E0CF8CAE10E1761661053591CC9F76A17493F15749F28F6C8022C1486BEBBC6A729667A9B693AEC4A2E21C31E031DB1E9056071A2C3167E4688A8C381B0BD7B35C51EA23F3C714484F4422F3890E400148D5B90DE4BC5CF3417743F5AD1EBF0CBA523E446E26D140260EBD99A63CAB559F25EC28A79F732DF24ED4D3485295AD79EEFD59E219C531BAA5D60627895906ED5EF50B3A2763073CF9A4CAA794AEB9DA83BAD022D00482F3F74AC4110539E5DF9D1FF4F6E3195CAB6609749A969533F36D78C08F4052020C746A01FD04EEAA7483A64FCAAAB46A27084D8F05508781308F2E5FA31EA9DF118EF90C9B9D51EC7F34BEA1BA168C55E751B07F5D79766FCBD14808EBE43BB0683F35DA292EEC2B29D88C995A02A7A1F9BD64CA2F91862DDA9D28BC865567EBC500C585FE5780C46C1F2B0B558FC23BBECA139C19DA12CD40E0A120A972456FB5D0CE4A83FA7F819AB5A76AE9A44EEF69FA54C3CFDBA6493710F9F99B02A0F99537E409B5C1920AD5D284D16A69EFF084D03933995D0679CCA170B6BA1076309A3990C7"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-24 04:22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 02:22

Pre-Run: 57.394.118.656 bytes free
Post-Run: 57.380.265.984 bytes free

- - End Of File - - 6ACE90E15C5FD677E433847AE709A722
Click to expand...
 
I've also noticed you have asked for help at other forums like these.

http://forums.spybot.info/showthread.php?p=383914#post383914

http://www.annoyances.org/exec/forum/winxp/1285284773

Please go back to those forums and any other places you have posted at and let them know that you are being helped here. I've posted at the annoyances forum since I'm a member there as well, Johnb33. Usually there is a few days wait time at any major forum. usually you can get answers or help here within a few hours.
 
I completely missed that second post but I've run it now. Here is the log:

ComboFix 10-09-23.01 - Administrator 24-09-2010 5:45.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3140 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AXJPAWVA
-------\Service_axjpawva


((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\PC Camer@
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\RemoveC
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\Remove64C
2010-09-24 00:40 . 2010-09-24 00:40 -------- d-----w- c:\program files\Common Files\PAC207
2010-09-24 00:07 . 2004-08-04 12:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-09-24 00:06 . 2001-08-17 20:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2010-09-24 00:04 . 2001-08-17 10:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2010-09-24 00:03 . 2001-08-17 10:12 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-09-24 00:02 . 2001-08-17 20:36 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-09-23 23:57 . 2010-09-23 23:57 -------- d-----w- c:\program files\Trend Micro
2010-09-23 22:17 . 2010-09-23 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Gyazo
2010-09-23 22:17 . 2010-09-23 22:17 -------- d-----w- c:\program files\Gyazo
2010-09-23 19:59 . 2010-09-23 19:59 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-09-23 19:27 . 2004-08-03 23:15 107904 ----a-w- c:\windows\system32\drivers\mup.sys
2010-09-23 19:27 . 2004-08-03 23:15 107904 ----a-w- c:\windows\system32\dllcache\mup.sys
2010-09-23 18:37 . 2010-09-23 22:51 -------- d-----w- c:\windows\tmp
2010-09-23 00:48 . 2010-09-23 00:48 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-09-22 00:17 . 2010-09-23 21:42 -------- d-----w- C:\oQoobox
2010-09-21 11:23 . 2010-09-21 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a86cc3-n\decora-sse.dll
2010-09-21 11:23 . 2010-09-21 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\msvcp71.dll
2010-09-21 11:23 . 2010-09-21 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\jmc.dll
2010-09-21 11:23 . 2010-09-21 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11686197-n\msvcr71.dll
2010-09-21 11:23 . 2010-09-21 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a86cc3-n\decora-d3d.dll
2010-09-21 11:22 . 2010-09-21 11:22 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-09-21 11:22 . 2010-09-21 11:22 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-09-21 11:06 . 2010-09-21 11:07 -------- d-----w- c:\program files\ERUNT
2010-09-21 08:21 . 2010-09-21 08:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-20 13:06 . 2010-09-20 13:06 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-20 13:06 . 2010-09-20 13:06 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-20 12:48 . 2010-09-20 12:48 -------- d-----w- c:\program files\OO Software
2010-09-20 12:45 . 2010-09-20 12:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-09-18 20:11 . 2010-09-18 20:11 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-18 20:11 . 2010-09-18 20:11 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-09-11 14:20 . 2010-09-11 14:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Chime
2010-09-11 14:20 . 2010-09-11 14:20 -------- d-----w- c:\program files\Microsoft XNA
2010-09-10 11:02 . 2010-09-10 11:02 1556808 ----a-w- c:\windows\system32\ooscrsav.scr
2010-09-10 11:01 . 2010-09-10 11:01 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-09-10 10:59 . 2010-09-10 10:59 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-09-10 10:59 . 2010-09-10 10:59 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-09-09 19:28 . 2010-09-18 18:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mumble
2010-09-09 19:28 . 2010-09-09 19:28 -------- d-----w- c:\program files\Mumble
2010-09-05 12:18 . 2010-08-30 12:34 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-05 12:18 . 2010-08-30 12:33 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-05 12:18 . 2010-08-30 12:33 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-05 12:18 . 2010-08-30 12:33 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-02 17:56 . 2010-09-02 23:35 183656 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-28 02:03 . 2010-08-28 02:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\2K Games
2010-08-28 01:59 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-28 01:59 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-28 01:59 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-28 01:59 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-28 01:59 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 03:44 . 2007-07-31 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-09-24 03:43 . 2007-07-31 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Babylon
2010-09-24 03:39 . 2007-07-31 15:37 -------- d-----w- c:\program files\GetRight
2010-09-24 00:52 . 2008-04-02 13:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-09-23 23:29 . 2007-07-31 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\MailWasherPro
2010-09-23 20:04 . 2008-08-31 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-23 19:59 . 2010-09-23 19:59 3416 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-09-23 05:29 . 2009-03-09 21:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-23 00:48 . 2010-05-23 22:31 -------- d-----w- c:\program files\AIM
2010-09-21 11:32 . 2009-12-15 15:03 188152 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\FlashGot.exe
2010-09-21 11:23 . 2007-07-31 14:39 -------- d-----w- c:\program files\Common Files\Java
2010-09-21 11:23 . 2010-06-23 13:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-21 11:23 . 2007-07-31 14:39 -------- d-----w- c:\program files\Java
2010-09-21 10:48 . 2007-09-06 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-20 13:06 . 2009-07-31 06:57 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-20 12:57 . 2009-05-05 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 12:09 . 2009-06-17 16:19 41 ----a-w- c:\windows\popcinfot.dat
2010-09-20 01:09 . 2007-11-15 15:11 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-19 22:56 . 2007-11-15 15:11 137976 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-19 08:18 . 2007-07-31 15:37 -------- d-----w- c:\program files\TightVNC
2010-09-19 07:55 . 2008-09-04 21:34 -------- d-----w- c:\program files\Microsoft
2010-09-19 07:41 . 2007-07-31 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-18 20:33 . 2009-04-04 23:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 20:11 . 2009-03-02 16:00 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-09-18 20:11 . 2009-03-02 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-09-18 20:11 . 2009-03-02 16:00 -------- d-----w- c:\program files\Prevx
2010-09-17 07:09 . 2009-07-31 06:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-17 07:07 . 2007-07-31 21:22 -------- d-----w- c:\program files\CMenu
2010-09-17 07:01 . 2007-12-18 02:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-17 07:00 . 2007-08-03 06:24 -------- d-----w- c:\program files\SpywareBlaster
2010-09-17 06:56 . 2007-07-31 16:37 -------- d-----w- c:\program files\Desktop Armor
2010-09-17 04:25 . 2008-08-11 17:42 10760 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2010-09-17 02:56 . 2007-07-31 15:37 -------- d-----w- c:\program files\Google
2010-09-12 13:09 . 2008-02-14 05:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 18:20 . 2009-03-08 01:04 -------- d-----w- c:\program files\Rockstar Games
2010-08-29 03:19 . 2007-08-02 00:15 1209 ----a-w- c:\windows\EReg223.dat
2010-08-28 01:59 . 2009-11-03 17:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-28 01:59 . 2007-08-09 00:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-25 23:59 . 2007-08-01 11:24 -------- d-----w- c:\program files\EvilLyrics
2010-08-13 02:27 . 2007-08-15 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-08-09 09:13 . 2009-06-06 22:24 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-08 11:49 . 2010-03-21 14:39 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-08-03 02:23 . 2008-07-18 12:48 -------- d-----w- c:\program files\Recuva
2010-07-27 06:30 . 2007-07-27 15:33 8462336 ----a-w- c:\windows\system32\shell32.dll.tmp
2010-07-26 17:47 . 2010-06-18 06:46 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-26 17:47 . 2010-06-18 06:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-26 17:47 . 2010-06-18 06:46 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2010-07-09 14:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2010-07-09 14:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2010-07-09 14:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24 . 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46 . 2008-12-04 13:26 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:31 . 2007-07-27 15:33 149504 ----a-w- c:\windows\system32\schannel.dll
2008-08-19 08:17 . 2008-08-19 08:17 8 --sh--r- c:\windows\system32\21847BA199.sys
2009-12-21 14:57 . 2008-08-19 08:17 1994 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-24_01.35.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-24 03:51 . 2010-09-24 03:51 16384 c:\windows\Temp\Perflib_Perfdata_5fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Armor"="c:\program files\Desktop Armor\DesktopArmor.exe" [2004-12-16 1056768]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ShellState"= 2400000038080000000000000000000000000000010000000d0000000000000000000000

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-17 07:09 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0bootdelete\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\update.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GIGABYTE\\ET5\\update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Games\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe"=
"c:\\Games\\S.T.A.L.K.E.R\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Games\\Gunbound\\GunboundWC\\GunBound.gme"=
"c:\\Games\\Steam\\Steam.exe"=
"c:\\Games\\Steam\\steamapps\\[email protected]\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Games\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Websites\\PAMPA\\PAMPA\\mysql\\bin\\mysqld-nt.exe"=
"c:\\Websites\\PAMPA\\PAMPA\\apache\\bin\\httpd.exe"=
"c:\\Games\\Catan-Insel\\Catan.exe"=
"c:\\Games\\Bionic Commando Rearmed\\bcr.exe"=
"c:\\Games\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Games\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\TlkEdit2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Games\\Steam\\steamapps\\common\\jade empire\\JadeEmpireLauncher.exe"=
"c:\\Games\\Steam\\steamapps\\common\\jade empire\\JadeEmpireConfig.exe"=
"c:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Games\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Games\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Games\\GTA IV\\EFLC\\EFLC.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Games\\PazaakCantina\\PazaakCantina.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Games\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Games\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Games\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Games\\Steam\\steamapps\\common\\chime\\Chime.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 iastor75;iastor75;c:\windows\system32\drivers\iaStor75.sys [27-7-2007 17:55 304920]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2-3-2009 18:00 30320]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [7-8-2007 20:23 131840]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [7-8-2007 20:23 4608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28-7-2009 10:53 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-7-2009 10:53 67656]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [18-9-2010 22:11 73216]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26-3-2009 23:05 54960]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [25-11-2005 17:43 31896]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [18-9-2010 22:11 24400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S3 csiscanner;CSIScanner;c:\program files\Prevx\prevx.exe [2-3-2009 18:00 6405168]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [10-9-2010 13:01 2320712]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17-6-2009 14:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-7-2009 10:53 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4-8-2004 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S4 gupdate1c9acbca60618c;Google Updateservice (gupdate1c9acbca60618c);c:\program files\Google\Update\GoogleUpdate.exe [24-3-2009 22:06 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8-8-2007 0:53 682232]
S4 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [8-7-2010 15:28 815704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-31 19:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.babylon.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Administrator\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrlShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationNone", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrl", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrlShift", "1");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAlt", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltShift", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationShift", "2");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltCtrl", "0");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.contextmenuoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.country2Search", 80);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hotkeySelectionToggles", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.searchoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.historyoption", true);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.history", "googlebar");
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.maxHistCnt", 10);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.savelastoption", false);
c:\program files\Mozilla Firefox\defaults\pref\googlebar.js - user_pref("googlebar.hidemenuoption", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 05:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Click to expand...
 
Second part:

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-682003330-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,aa,32,da,47,11,76,4c,b0,cb,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,aa,32,da,47,11,76,4c,b0,cb,a9,\

[HKEY_USERS\S-1-5-21-583907252-682003330-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:81,a4,99,f8,ac,4d,29,33,e3,82,9e,d6,f9,b5,97,27,72,27,77,d9,6c,
3e,8b,6d,39,ce,75,1e,de,f2,46,ff,39,aa,7d,54,cb,d1,3d,e9,5b,c3,1e,33,52,41,\
"rkeysecu"=hex:75,63,c5,8a,2d,60,a3,b4,a8,44,38,6f,45,41,02,16

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•A~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="98CE31A8157AA1EC3C308F4BA6DBD2AD8D3CA533F084224326B863C8119AA6C90CF91C19C433C1CC8F436C2B74B16E5A7EB1ECDB0AC4DBB5A0BEB657196B5B8C0DC93918DB889CC1C7BB5EF7F30C39C8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB34528EDD5E5BE2F6E667D666FD683CC6A0C717E758C746EAC2C3522742AD6ACA587CDE73CC5DF0D0EEEB68EEA89449B5B86D902AC419D9231A11DDD3CA5C94F3870E00755B2D606F2EB7D9452B7ECEA77709E9005EB2AB5CCC3F73DEC606CDF0BC06858CDFF844F6DFAF44BA29D94E3F9902123F45D41F06250DF5BEF3927F24709A67F055F02D58C724D46B7942989F526189FECB1F6D9663DDDC2D44CC66748FA7331DE829FB0F1F8A4C30A9B258F1C754689E7C1B2309B8B7B2A8DAE415CC792E08CFFD1AE71493FA01A9778E88E392AED73E14B02058CC4698F2946D711B81D19A0DAAA07C6746B25B3D561BF724426597C281309B89BAD73F91FB5EB5D270D9B21BBA7C188ECB13D8136E7F4C69D712F8556ACA1C9F12DFEE50D4136FEA82B2AD062BD36D0EADA10B161CCBFAE9CA72E06327977FA455F504BC134BFEDC67EBFA9B2FAC03F367051677ED70D1E48369CC9EC4907627FB536D28E0A99C28C3399FF0AD74B34F6D8B35AA28C26E99E0FB48FA031484B86F57ACA81CB6CFCE2F7333DA407CAEB4A027346841FBC7CC345476335664056E11065B9AD5DBF558B49561F736F676B9DC6AF4ACE43A22C644418D42E6A8A2623305A319D36A44CE55C0EB2312FE62FAED906CB7F27D9BD5CAB2586B136A5E311BA0C4098F943EC0853726820A0F9B9894F3A38C7FACA3C7F5BF34B3E9980E7E06C6128DB6F2BCC0AC62797C8888A3368698397451917D74E7239462B085D96D220973942A00EE67A64C60BB2DAECA7AEC21DCFBE457C0B1B6397E065F68BD2A132163497F9BD64C4427EC30C82BB892E5D6D47267905A5E6B058D6F22590B61EE68711E8109C98FC8C4410DE289E6AC7F27F9EC3FB3095A852C6F3459D868C3C0DD414AAD6F71D4EB9E184835BA27FC41A1B9C203186009F5F6E52D9B494C8888A40948335ACAC05B50BB9DAF13993B23FC150F7CFC49D423D547772F7003E737039555F939A87FB5180E8CF3CA36A31392A1B4AD82FDAAE7D9FEF49177AFA03764C4F31A5F31BF0F5C82D8597E4775EFDC89D5C92F10F88F380A49726F4573E0D70B6AE1045D33EEA32108692F6C7312FD085B36EBE1B660CBFB5E38498D270410EE41D2437B10531A8766623F97E63FBA6FF090062CDA8C1179617AD9A40463E38B49229C2C92AA106383B7780F99B67CA507272FF96340ABBE4484DEFBD8364F1192BAF166F85AF77BB08F88EEDCA850"
"OODEFRAG14.00.00.01PROFESSIONAL"="2D31042E50B9AE11628C6865A2D438B0E03E0A2F316A14A748F3A3933EAEB0064517D0498BAC059765266F0ADEAFDE77D5AC58775B357ABFD4B660892DF87141906B2F957F87784F3A20DFDD4365EB99820DFB31CC482719D10D3AA4B7D8B984DC67944F9E8DDB6182B0AE242B0E3F9B7FBA87C9E32BA9AF6B1100175E66E3658C06AE933207749C75570503C0402BA2F6D3C08F52E7FE23E1A2B4FBFA3E3C1E1409DC61D4C27CF2DC54BD04061C777B29B99F371D8D1D3988630FCE367E038AFCF3B120F60FA1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB34525D575E7D6A3B9808819BA5A98E3E2DCA410648684FA0415CA68C085C6303FD524A61CC3B50D9EBD19260574943B31F686D60CB2C152ECAD41ACE508E5BBD6D058526C0178C4705003429E5AAAF895387B9F5C604A2D4B49CC7E78B1469908C46474563371219B23301BF0C3D28E3021FDA4957BC347C681A9DACD43453C713095688F17FD09F9F093B85C7A2E43AE71EA96D5D55EC63D227AC888CEBC185BFB31D506F8B9B817B19466EDCB182554464240D7B80D09663922CF8596B46BDD3A1AA8FA0A82B38F668A80354F402D35AC6E9E59B27497C8F9DF411A41851B99522324E11D71911C97410DEF5A9462BF00E40C86863A44ACFFE06759A8B39954E780BA60FCD652F2E2DCAB3D3C3989F5678919AD185938D21DF00E1AB0F39414BDB2E482BF4F4076476CD44BFE9A6CD57B6E7558E112C2404DEAAA40F25EF045E753C773CEA8CE2ACA6306950F57EA24AECF58594BDE6C4FC0D6D9FBC82DEF35E66F8895E01D9E0CF8CAE10E1761661053591CC9F76A17493F15749F28F6C8022C1486BEBBC6A729667A9B693AEC4A2E21C31E031DB1E9056071A2C3167E4688A8C381B0BD7B35C51EA23F3C714484F4422F3890E400148D5B90DE4BC5CF3417743F5AD1EBF0CBA523E446E26D140260EBD99A63CAB559F25EC28A79F732DF24ED4D3485295AD79EEFD59E219C531BAA5D60627895906ED5EF50B3A2763073CF9A4CAA794AEB9DA83BAD022D00482F3F74AC4110539E5DF9D1FF4F6E3195CAB6609749A969533F36D78C08F4052020C746A01FD04EEAA7483A64FCAAAB46A27084D8F05508781308F2E5FA31EA9DF118EF90C9B9D51EC7F34BEA1BA168C55E751B07F5D79766FCBD14808EBE43BB0683F35DA292EEC2B29D88C995A02A7A1F9BD64CA2F91862DDA9D28BC865567EBC500C585FE5780C46C1F2B0B558FC23BBECA139C19DA12CD40E0A120A972456FB5D0CE4A83FA7F819AB5A76AE9A44EEF69FA54C3CFDBA6493710F9F99B02A0F99537E409B5C1920AD5D284D16A69EFF084D03933995D0679CCA170B6BA1076309A3990C7"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-24 05:53:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 03:53
ComboFix2.txt 2010-09-24 02:22

Pre-Run: 57.485.021.184 bytes free
Post-Run: 57.470.951.424 bytes free

- - End Of File - - 183B6E468F0454559ACA30A6FEF89608
Click to expand...
 
You must log in or register to reply here.
Back
Top