Malware/Virus blocking any ability to scan (including Hijack

MBAM log (I have re-booted as it asked me, done nothing else except copy log here)

Malwarebytes' Anti-Malware 1.40
Database version: 2719
Windows 5.1.2600 Service Pack 3

8/30/2009 6:02:49 PM
mbam-log-2009-08-30 (18-02-49).txt

Scan type: Quick Scan
Objects scanned: 121898
Time elapsed: 11 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kbiwkmiwwkiqad.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmlevymxxu.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmoxbwtumg.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmqeecblnn.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmrielesix.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfocemupnsjne.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfocevrgyyjdy.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACgkykedkytb.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACoviylfxyxw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACsvsawnqjpk.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACuoyuehodxl.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmwsp.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmyctqeeci.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmxednclqe.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\UACjgijxulrvq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\UAC2bdc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\UAC471a.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\UAC6001.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\UAC60e6.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\rasvsnet.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\recmsaxonw.tmp (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\soeacwrxmn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\xomcwrnsae.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Local Settings\Temp\kbiwkmvnmduyfqqy.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACptiritindo.dat (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACdhaowybenh.db (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfoceknbdosiw.dat (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsfocelldbosru.dat (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris W\Desktop\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix Log

ComboFix 09-08-30.01 - Chris W 08/30/2009 21:39.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.610 [GMT -4:00]
Running from: c:\documents and settings\Chris W\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris W\My Documents\Winlogon.exe
c:\windows\Installer\3a8d42.msi
c:\windows\run.log
c:\windows\system32\kbiwkmcspvvgrx.dat
c:\windows\system32\kbiwkmlog.dat
c:\windows\system32\kbiwkmmuwfhxnc.dat
c:\windows\system32\kbiwkmptivpwmi.dat
c:\windows\system32\kbiwkmsfjoyxjn.dat
c:\windows\system32\kbiwkmumqfwbiw.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmeppvfkjy
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_kbiwkmeppvfkjy


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-30 21:50 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 21:50 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 21:49 . 2009-08-30 21:50 -------- d-----w- c:\program files\mabmfake
2009-08-30 03:09 . 2009-08-30 03:09 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-08-30 03:09 . 2009-08-30 03:09 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-08-30 03:09 . 2009-08-30 03:09 -------- d-----w- c:\program files\Prevx
2009-08-30 03:07 . 2009-08-30 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-08-28 13:58 . 2009-08-28 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-27 17:05 . 2009-08-27 17:05 -------- d-----w- c:\program files\AVG
2009-08-27 17:05 . 2009-08-30 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-27 16:53 . 2009-08-27 16:53 -------- d-----w- c:\documents and settings\Chris W\Application Data\AVG8
2009-08-27 13:19 . 2009-08-27 13:20 117760 ----a-w- c:\documents and settings\Chris W\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-27 13:19 . 2009-08-31 01:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\Chris W\Application Data\SUPERAntiSpyware.com
2009-08-27 12:50 . 2009-08-27 12:50 -------- d-----w- C:\spoolerlogs
2009-08-24 01:44 . 2009-08-24 01:44 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 01:43 . 2009-08-24 01:43 -------- d-----w- c:\documents and settings\Chris W\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\windows\Internet Logs
2009-08-22 01:22 . 2007-01-31 17:45 101904 ----a-w- c:\windows\system32\dneinobj.dll
2009-08-22 01:22 . 2007-01-31 17:45 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\program files\Cisco Systems
2009-08-16 00:27 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 07:04 . 2009-08-07 07:04 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 07:04 . 2009-08-07 07:04 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 07:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 07:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 07:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 07:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 07:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 07:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 07:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 07:03 . 2009-08-07 07:03 -------- d-----w- C:\87993b1a6fee7b220dfa40f6b2d87147
2009-08-07 07:03 . 2009-08-27 13:04 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 21:07 . 2009-08-27 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\2222
2009-08-03 04:40 . 2009-08-29 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-02 17:01 . 2009-08-02 17:01 -------- d-----w- c:\documents and settings\Chris W\Application Data\Malwarebytes
2009-08-02 17:01 . 2009-08-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 23:24 . 2009-08-27 19:34 -------- d-----w- c:\program files\specialk
2009-08-28 12:39 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-28 03:38 . 2004-10-15 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 03:37 . 2009-08-28 03:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-28 03:37 . 2004-10-16 15:34 -------- d-----w- c:\program files\Java
2009-08-28 03:36 . 2009-08-28 03:36 152576 ----a-w- c:\documents and settings\Chris W\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-28 03:30 . 2004-10-15 23:20 -------- d-----w- c:\program files\Trillian
2009-08-28 03:30 . 2007-04-24 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 03:29 . 2004-10-15 21:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 03:29 . 2006-01-26 01:18 -------- d-----w- c:\documents and settings\Chris W\Application Data\My Games
2009-08-28 03:26 . 2004-10-15 05:41 -------- d-----w- c:\program files\Google
2009-08-28 03:25 . 2005-10-10 23:09 -------- d-----w- c:\program files\FileZilla
2009-08-28 02:57 . 2005-05-28 16:39 -------- d-----w- c:\program files\Webteh
2009-08-28 02:57 . 2006-04-15 13:34 -------- d-----w- c:\program files\TurboTax
2009-08-28 02:55 . 2007-12-22 03:55 -------- d-----w- c:\program files\Audible
2009-08-28 02:54 . 2008-09-08 01:17 -------- d-----w- c:\program files\AGD Interactive
2009-08-28 02:49 . 2009-03-25 18:36 -------- d-----w- c:\program files\Telltale Games
2009-08-28 02:41 . 2005-04-16 12:10 -------- d-----w- c:\program files\MegaSpoof
2009-08-28 01:40 . 2009-08-28 01:40 -------- d-----w- c:\documents and settings\Chris W\Application Data\Uniblue
2009-08-28 01:40 . 2009-08-28 01:40 -------- d-----w- c:\program files\Uniblue
2009-08-27 20:10 . 2009-02-08 11:24 -------- d-----w- c:\program files\Bonjour
2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-24 01:44 . 2009-04-16 23:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-24 01:44 . 2009-04-16 23:25 38208 ----a-w- c:\documents and settings\Chris W\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 01:30 . 2008-07-24 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-16 07:03 . 2007-07-20 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-07 09:59 . 2004-10-15 16:33 73912 ----a-w- c:\documents and settings\Chris W\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 07:04 . 2007-07-20 02:37 -------- d-----w- c:\program files\MSBuild
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 03:11 . 2004-10-17 03:50 -------- d-----w- c:\documents and settings\Chris W\Application Data\Lavasoft
2009-08-02 16:02 . 2007-10-16 02:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-24 13:56 . 2009-08-28 12:39 1062144 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-23 22:57 . 2007-11-30 14:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-18 22:11 . 2005-07-14 03:14 -------- d-----w- c:\program files\QuickTime
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 16:16 . 2009-05-16 11:43 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 16:16 . 2007-11-30 12:25 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 15:52 . 2009-07-09 15:52 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.463\English\setup.exe
2009-07-03 19:14 . 2009-07-03 19:14 -------- d-----w- c:\program files\TweetDeck
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut61_2D3C8000E5E448CBBB06A4C37D5AF48D.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut6_F141B017782D48D89542DCC38F786FF0.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut2_8C036D68389D4A8096880D074C330130.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut11_0A40599CA5B444D89111273D573729A6.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut1_4DB66930574740058BAEBCD0FC73005A.exe
2009-06-12 16:03 . 2009-06-12 16:03 46384 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut3_E6C09482ED40447BAE1874BC5D76023B.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut4_CBE5964CD1B94DDFBCD2E9466D73DBE0.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\ARPPRODUCTICON.exe
2009-06-12 16:03 . 2009-06-12 16:03 58672 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut5_7BB38625F898498EBEF4B8EF4DC93AF2.exe
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-10-15 15:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2007-02-12 02:55 . 2007-02-11 23:01 249 ----a-w- c:\program files\Garden Plannerini.xml
2005-07-16 09:41 . 2004-11-13 22:07 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2009-04-14 14:01 . 2007-11-26 23:31 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-14 14:01 . 2007-11-26 23:31 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-27 18:02 . 2008-02-22 15:58 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-22 15:58 . 2008-02-22 15:58 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-01-23 18:07 . 2007-06-08 03:43 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll

------- Sigcheck -------

[7] 2004-08-04 12:00 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\$NtServicePackUninstall$\eventlog.dll
[7] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\" [X]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-10-08 31552]
"Push Client"="c:\documents and settings\Chris W\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-01-20 922864]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"Google Update"="c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-28 149280]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-12-09 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-02-03 323216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-11-21 37144]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-16 110592]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-2-9 450560]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2004-9-23 41042]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-2-16 6379080]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-8-21 6144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Napster\\napster.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Documents and Settings\\Chris W\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46220:TCP"= 46220:TCP:*:Disabled:bittorrent

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/29/2009 11:09 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/29/2009 11:09 PM 27656]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 11:49 AM 77312]
R1 cdfdrv;Cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [5/24/2007 3:40 PM 22968]
R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [7/5/2007 3:45 PM 20424]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [7/5/2007 4:50 PM 161352]
R2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [7/5/2007 3:56 PM 237568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/5/2007 2:43 PM 24652]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [10/15/2004 6:58 PM 14156]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/29/2009 11:09 PM 4368952]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 10:09 AM 96256]
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003Core.job
- c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 17:51]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003UA.job
- c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 17:51]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Steam - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-pdfSaver3 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: google.com\www
Trusted Zone: turbotax.com
DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} - hxxps://atlas.atlassolutions.com/dl/AtlasCtrl.cab
DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} - hxxp://client.maven.net/client/mavenBootInstaller.cab
FF - ProfilePath - c:\documents and settings\Chris W\Application Data\Mozilla\Firefox\Profiles\ostsb927.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.cnn.com
FF - plugin: c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprade.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\windows\system32\IBM\npwdplugin.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,80,57,61,a0,40,
7b,88,0e,c8,28,51,af,b0,29,a3,98,44,dc,14,85,5c,db,8a,e7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,37,9a,72,b6,53,
5a,be,ec,71,3b,04,66,8b,46,0d,96,b3,3a,7d,6b,42,88,26,d3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,75,1b,2c,93,08,
d3,47,0a,25,da,ec,7e,55,20,c9,26,1f,5a,c6,16,b0,e9,63,01,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,12,97,4f,0b,82,
4e,84,c9,3e,1e,9e,e0,57,5a,93,61,fc,06,91,4e,fb,e0,2c,93,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,32,19,91,c9,6f,
56,ee,03,cd,44,cd,b9,a6,33,6c,cd,46,49,03,ad,c0,8f,b4,aa,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e2,17,7f,85,5c,
c6,52,2b,b0,18,ed,a7,3f,8d,37,a4,08,6a,bb,d1,02,b8,b6,6c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,21,a6,fd,be,40,
4a,c1,c3,31,77,e1,ba,b1,f8,68,02,ef,28,57,48,88,3b,9e,2e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,73,f4,c8,54,2a,
5e,fc,44,83,6c,56,8b,a0,85,96,ab,53,42,8c,a8,47,aa,5e,a0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c5,a7,24,fe,3c,
36,04,40,51,fa,6e,91,28,9e,14,cc,e9,88,23,ad,ac,1d,84,6c,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a9,d5,42,fc,2f,
bb,4b,b7,b1,cd,45,5a,a8,c4,f8,b9,c0,77,8d,66,e1,e0,d7,37,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,52,2b,ce,f9,ee,
0d,f1,48,e3,0e,66,d5,eb,bc,2f,6b,30,d1,c2,85,31,ca,5f,c9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,25,30,60,6d,9d,
58,8e,19,fa,ea,66,7f,d4,3b,6b,70,9e,90,bd,8e,c1,86,3e,ea,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Citrix\System32\CdfSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\rundll32.exe
c:\program files\TechSmith\SnagIt 8\TscHelp.exe
c:\program files\Citrix\GoToMeeting\320\g2mcomm.exe
c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
c:\program files\Citrix\GoToMeeting\320\g2mlauncher.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-31 21:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-31 01:57

Pre-Run: 6,817,652,736 bytes free
Post-Run: 9,157,697,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

445 --- E O F --- 2009-08-26 07:00

Now open a new notepad file.
Input this into the notepad file:

FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | C:\WINDOWS\system32\eventlog.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Here you go. Note that when CF launched, it said an update was available to which I replied "yes".

Also - thanks for your amazing help so far.

ComboFix 09-08-30.04 - Chris W 08/31/2009 13:32.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.591 [GMT -4:00]
Running from: c:\documents and settings\Chris W\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Chris W\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-31 17:32 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-08-31 17:32 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-08-30 21:50 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 21:50 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 21:49 . 2009-08-30 21:50 -------- d-----w- c:\program files\mabmfake
2009-08-30 03:09 . 2009-08-30 03:09 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-08-30 03:09 . 2009-08-30 03:09 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-08-30 03:09 . 2009-08-30 03:09 -------- d-----w- c:\program files\Prevx
2009-08-30 03:07 . 2009-08-30 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-08-28 13:58 . 2009-08-28 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-27 17:05 . 2009-08-27 17:05 -------- d-----w- c:\program files\AVG
2009-08-27 17:05 . 2009-08-30 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-27 16:53 . 2009-08-27 16:53 -------- d-----w- c:\documents and settings\Chris W\Application Data\AVG8
2009-08-27 13:19 . 2009-08-27 13:20 117760 ----a-w- c:\documents and settings\Chris W\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-27 13:19 . 2009-08-31 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-27 13:19 . 2009-08-27 13:19 -------- d-----w- c:\documents and settings\Chris W\Application Data\SUPERAntiSpyware.com
2009-08-27 12:50 . 2009-08-27 12:50 -------- d-----w- C:\spoolerlogs
2009-08-24 01:44 . 2009-08-24 01:44 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 01:43 . 2009-08-24 01:43 -------- d-----w- c:\documents and settings\Chris W\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\windows\Internet Logs
2009-08-22 01:22 . 2007-01-31 17:45 101904 ----a-w- c:\windows\system32\dneinobj.dll
2009-08-22 01:22 . 2007-01-31 17:45 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-08-22 01:22 . 2009-08-22 01:22 -------- d-----w- c:\program files\Cisco Systems
2009-08-16 00:27 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 07:04 . 2009-08-07 07:04 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 07:04 . 2009-08-07 07:04 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 07:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 07:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 07:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 07:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 07:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 07:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 07:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 07:03 . 2009-08-07 07:03 -------- d-----w- C:\87993b1a6fee7b220dfa40f6b2d87147
2009-08-07 07:03 . 2009-08-27 13:04 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 21:07 . 2009-08-27 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\2222
2009-08-03 04:40 . 2009-08-29 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-02 17:15 . 2009-08-02 17:15 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-02 17:01 . 2009-08-02 17:01 -------- d-----w- c:\documents and settings\Chris W\Application Data\Malwarebytes
2009-08-02 17:01 . 2009-08-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 23:24 . 2009-08-27 19:34 -------- d-----w- c:\program files\specialk
2009-08-28 12:39 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-28 03:38 . 2004-10-15 16:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 03:37 . 2009-08-28 03:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-28 03:37 . 2004-10-16 15:34 -------- d-----w- c:\program files\Java
2009-08-28 03:36 . 2009-08-28 03:36 152576 ----a-w- c:\documents and settings\Chris W\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-28 03:30 . 2004-10-15 23:20 -------- d-----w- c:\program files\Trillian
2009-08-28 03:30 . 2007-04-24 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-28 03:29 . 2004-10-15 21:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 03:29 . 2006-01-26 01:18 -------- d-----w- c:\documents and settings\Chris W\Application Data\My Games
2009-08-28 03:26 . 2004-10-15 05:41 -------- d-----w- c:\program files\Google
2009-08-28 03:25 . 2005-10-10 23:09 -------- d-----w- c:\program files\FileZilla
2009-08-28 02:57 . 2005-05-28 16:39 -------- d-----w- c:\program files\Webteh
2009-08-28 02:57 . 2006-04-15 13:34 -------- d-----w- c:\program files\TurboTax
2009-08-28 02:55 . 2007-12-22 03:55 -------- d-----w- c:\program files\Audible
2009-08-28 02:54 . 2008-09-08 01:17 -------- d-----w- c:\program files\AGD Interactive
2009-08-28 02:49 . 2009-03-25 18:36 -------- d-----w- c:\program files\Telltale Games
2009-08-28 02:41 . 2005-04-16 12:10 -------- d-----w- c:\program files\MegaSpoof
2009-08-28 01:40 . 2009-08-28 01:40 -------- d-----w- c:\documents and settings\Chris W\Application Data\Uniblue
2009-08-28 01:40 . 2009-08-28 01:40 -------- d-----w- c:\program files\Uniblue
2009-08-27 20:10 . 2009-02-08 11:24 -------- d-----w- c:\program files\Bonjour
2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-24 01:44 . 2009-04-16 23:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-24 01:44 . 2009-04-16 23:25 38208 ----a-w- c:\documents and settings\Chris W\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 01:30 . 2008-07-24 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-16 07:03 . 2007-07-20 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-07 09:59 . 2004-10-15 16:33 73912 ----a-w- c:\documents and settings\Chris W\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 07:04 . 2007-07-20 02:37 -------- d-----w- c:\program files\MSBuild
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 03:11 . 2004-10-17 03:50 -------- d-----w- c:\documents and settings\Chris W\Application Data\Lavasoft
2009-08-02 16:02 . 2007-10-16 02:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-24 13:56 . 2009-08-28 12:39 1062144 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-23 22:57 . 2007-11-30 14:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-18 22:11 . 2005-07-14 03:14 -------- d-----w- c:\program files\QuickTime
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 16:16 . 2009-05-16 11:43 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 16:16 . 2007-11-30 12:25 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 15:52 . 2009-07-09 15:52 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.463\English\setup.exe
2009-07-03 19:14 . 2009-07-03 19:14 -------- d-----w- c:\program files\TweetDeck
2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut61_2D3C8000E5E448CBBB06A4C37D5AF48D.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut6_F141B017782D48D89542DCC38F786FF0.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut2_8C036D68389D4A8096880D074C330130.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut11_0A40599CA5B444D89111273D573729A6.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut1_4DB66930574740058BAEBCD0FC73005A.exe
2009-06-12 16:03 . 2009-06-12 16:03 46384 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut3_E6C09482ED40447BAE1874BC5D76023B.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut4_CBE5964CD1B94DDFBCD2E9466D73DBE0.exe
2009-06-12 16:03 . 2009-06-12 16:03 62768 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\ARPPRODUCTICON.exe
2009-06-12 16:03 . 2009-06-12 16:03 58672 ----a-r- c:\documents and settings\Chris W\Application Data\Microsoft\Installer\{9072E043-EAEB-4982-89D9-6D16CE21B3F4}\NewShortcut5_7BB38625F898498EBEF4B8EF4DC93AF2.exe
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-10-15 15:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2007-02-12 02:55 . 2007-02-11 23:01 249 ----a-w- c:\program files\Garden Plannerini.xml
2005-07-16 09:41 . 2004-11-13 22:07 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2009-04-14 14:01 . 2007-11-26 23:31 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-14 14:01 . 2007-11-26 23:31 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-27 18:02 . 2008-02-22 15:58 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-22 15:58 . 2008-02-22 15:58 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-01-23 18:07 . 2007-06-08 03:43 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\" [X]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-10-08 31552]
"Push Client"="c:\documents and settings\Chris W\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2009-01-20 922864]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"Google Update"="c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-28 149280]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-12-09 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-02-03 323216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-11-21 37144]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2002-11-08 19968]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-16 110592]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-2-9 450560]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2004-9-23 41042]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-2-16 6379080]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-8-21 6144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Napster\\napster.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Documents and Settings\\Chris W\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46220:TCP"= 46220:TCP:*:Disabled:bittorrent

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/29/2009 11:09 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/29/2009 11:09 PM 27656]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 11:49 AM 77312]
R1 cdfdrv;Cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [5/24/2007 3:40 PM 22968]
R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [7/5/2007 3:45 PM 20424]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [7/5/2007 4:50 PM 161352]
R2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [7/5/2007 3:56 PM 237568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/5/2007 2:43 PM 24652]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [10/15/2004 6:58 PM 14156]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/29/2009 11:09 PM 4368952]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 10:09 AM 96256]
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003Core.job
- c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 17:51]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003UA.job
- c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: google.com\www
Trusted Zone: turbotax.com
DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} - hxxps://atlas.atlassolutions.com/dl/AtlasCtrl.cab
DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} - hxxp://client.maven.net/client/mavenBootInstaller.cab
FF - ProfilePath - c:\documents and settings\Chris W\Application Data\Mozilla\Firefox\Profiles\ostsb927.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.cnn.com
FF - plugin: c:\documents and settings\Chris W\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprade.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\windows\system32\IBM\npwdplugin.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,80,57,61,a0,40,
7b,88,0e,c8,28,51,af,b0,29,a3,98,44,dc,14,85,5c,db,8a,e7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,37,9a,72,b6,53,
5a,be,ec,71,3b,04,66,8b,46,0d,96,b3,3a,7d,6b,42,88,26,d3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,75,1b,2c,93,08,
d3,47,0a,25,da,ec,7e,55,20,c9,26,1f,5a,c6,16,b0,e9,63,01,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,12,97,4f,0b,82,
4e,84,c9,3e,1e,9e,e0,57,5a,93,61,fc,06,91,4e,fb,e0,2c,93,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,32,19,91,c9,6f,
56,ee,03,cd,44,cd,b9,a6,33,6c,cd,46,49,03,ad,c0,8f,b4,aa,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e2,17,7f,85,5c,
c6,52,2b,b0,18,ed,a7,3f,8d,37,a4,08,6a,bb,d1,02,b8,b6,6c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,21,a6,fd,be,40,
4a,c1,c3,31,77,e1,ba,b1,f8,68,02,ef,28,57,48,88,3b,9e,2e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,73,f4,c8,54,2a,
5e,fc,44,83,6c,56,8b,a0,85,96,ab,53,42,8c,a8,47,aa,5e,a0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c5,a7,24,fe,3c,
36,04,40,51,fa,6e,91,28,9e,14,cc,e9,88,23,ad,ac,1d,84,6c,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a9,d5,42,fc,2f,
bb,4b,b7,b1,cd,45,5a,a8,c4,f8,b9,c0,77,8d,66,e1,e0,d7,37,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,52,2b,ce,f9,ee,
0d,f1,48,e3,0e,66,d5,eb,bc,2f,6b,30,d1,c2,85,31,ca,5f,c9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,25,30,60,6d,9d,
58,8e,19,fa,ea,66,7f,d4,3b,6b,70,9e,90,bd,8e,c1,86,3e,ea,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-31 13:44
ComboFix-quarantined-files.txt 2009-08-31 17:43
ComboFix2.txt 2009-08-31 01:57

Pre-Run: 9,289,490,432 bytes free
Post-Run: 9,273,540,608 bytes free

397 --- E O F --- 2009-08-26 07:00

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

seemed to fix it, thanks a ton. You were a fantastic aid.

Will be donating to the site shortly