Unable to remove or add new Adobe Reader

Trying to update Adobe Reader to 9.1 from 8.1 says error "cannot find key. Make sure you have access to key or contact personnel." key it cannot find is HKEY_LOCAL_MACHINE\Software\Microsoft\wWindows\Current Version\Run\Optional Components\MSFS

I HAVE TRIED REMOVING OLD ADOBE FIRST AND IT WILL NOT UNISTALL FOR SAME REASON

Please download Revo Uninstall from here: Revo Uinstaller

1. Download and run the setup file for Revo Uninstaller.
   
2. Once setup, run Revo Uninstaller.
   
3. Select the following item for removal by clicking on it once.
   
   Adobe Reader
   
   
4. Then hit the "Uninstall" button at the top.
   
5. Close Revo Uninstaller.
   

Didn't work started to remove and still got same error message: Cannot find key

ComboFix 09-05-26.05 - user 05/28/2009 10:49.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.585 [GMT -4:00]
Running from: C:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-28 14:47 . 2009-05-28 14:42 3003735 ----a-r C:\Combo-Fix.exe
2009-05-28 02:06 . 2009-05-28 01:22 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-28 01:21 . 2009-05-28 01:21 1005904 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 01:17 . 2009-05-28 01:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 01:17 . 2009-03-12 08:17 2902048 -c--a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 01:16 . 2009-05-28 01:22 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 01:16 . 2009-05-28 01:16 -------- d-----w c:\program files\Lavasoft
2009-05-27 21:41 . 2009-05-27 22:06 -------- d-----w c:\program files\TweakNow RegCleaner
2009-05-27 21:41 . 2009-05-27 22:04 -------- d-----w c:\documents and settings\user\Application Data\TweakNow RegCleaner
2009-05-27 20:53 . 2009-05-27 20:57 -------- d-----w c:\documents and settings\user\Application Data\RegistryPC
2009-05-27 20:41 . 2009-05-27 20:41 -------- d-----w c:\program files\VS Revo Group
2009-05-26 19:30 . 2009-05-26 19:39 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w c:\program files\NOS
2009-05-26 17:56 . 2009-04-06 15:37 704384 ----a-w c:\windows\system32\drivers\SandBox.sys
2009-05-26 17:56 . 2009-02-10 20:15 257432 ----a-w c:\windows\system32\drivers\afwcore.sys
2009-05-26 17:55 . 2009-02-18 21:30 31128 ----a-w c:\windows\system32\drivers\afw.sys
2009-05-26 17:55 . 2009-05-26 17:55 -------- d-----w c:\program files\Agnitum
2009-05-26 17:54 . 2009-05-26 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Agnitum
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w c:\program files\filehippo.com
2009-05-25 16:19 . 2009-05-26 17:11 -------- d-----w c:\program files\SpywareGuard
2009-05-25 03:41 . 2009-05-25 03:41 -------- d-----w c:\documents and settings\user\iProfit eBook Package
2009-05-25 02:08 . 2009-05-25 02:08 0 ----a-w c:\windows\nsreg.dat
2009-05-25 02:08 . 2009-05-25 02:08 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 23:59 . 2009-05-26 03:10 -------- d-----w c:\program files\SpywareBlaster
2009-05-24 23:59 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-05-24 23:58 . 2009-05-24 23:58 3012768 ----a-w C:\spywareblastersetup42.exe
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\documents and settings\user\Application Data\Malwarebytes
2009-05-23 22:05 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 22:05 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 20:45 . 2009-05-22 20:45 -------- d-----w c:\program files\Trend Micro
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\windows\system32\XPSViewer
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\program files\MSBuild
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\program files\Reference Assemblies
2009-05-22 02:56 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-22 02:56 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-22 02:56 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-22 02:56 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-21 01:24 . 2009-05-04 18:49 2051864 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-05-21 01:24 . 2009-05-04 18:49 2302232 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avguiadv.dll
2009-05-21 01:24 . 2009-05-04 18:49 3399960 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgui.exe
2009-05-21 01:24 . 2009-05-04 18:49 424472 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgwdwsc.dll
2009-05-21 01:24 . 2009-05-04 18:49 3288344 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\setup.exe
2009-05-21 01:24 . 2009-05-04 18:49 486168 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgrsx.exe
2009-05-21 01:24 . 2009-05-04 18:49 312088 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avglngx.dll
2009-05-21 01:24 . 2009-05-04 18:49 177432 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgmail.dll
2009-05-21 01:23 . 2009-05-04 18:49 1437464 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.dll
2009-05-21 01:23 . 2009-05-04 18:49 755992 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avginet.dll
2009-05-07 13:49 . 2009-05-07 13:49 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-06 22:57 . 2009-05-06 22:57 -------- d-sh--w c:\documents and settings\user\IECompatCache
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ESET
2009-05-06 21:17 . 2009-05-06 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-06 02:23 . 2009-05-06 02:23 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-05 03:23 . 2009-05-05 03:23 -------- d-sh--w c:\documents and settings\user\PrivacIE
2009-05-05 03:17 . 2009-05-05 03:17 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-05 03:16 . 2009-05-05 03:16 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-05-05 02:43 . 2009-05-05 02:43 -------- d-----w c:\windows\ie8updates
2009-05-05 02:43 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-05 02:40 . 2009-05-05 02:43 -------- dc-h--w c:\windows\ie8
2009-05-05 01:52 . 2009-05-28 14:54 117760 ----a-w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-05-05 01:44 . 2009-05-05 01:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\user\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 02:26 -------- d-----w c:\documents and settings\All Users\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-05 01:21 . 2009-05-05 20:47 -------- d-----w c:\documents and settings\user\Application Data\Desktopicon
2009-05-05 01:21 . 2009-05-25 03:24 -------- d-----w c:\program files\Unlocker
2009-05-04 21:40 . 2009-05-04 21:40 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Symantec
2009-05-04 21:30 . 2009-01-15 16:19 23848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-04 21:30 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-04 21:30 . 2009-05-04 21:30 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-04 21:30 . 2009-05-06 02:22 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations
2009-05-04 21:29 . 2009-05-04 23:22 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-04 21:23 . 2009-05-04 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-04 21:09 . 2009-05-04 21:24 -------- d-----w c:\documents and settings\user\Application Data\GetRightToGo
2009-05-03 12:33 . 2009-05-03 12:33 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-05-01 14:30 . 2007-08-02 02:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-30 23:53 . 2009-04-30 23:53 57344 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-3040364d-n\Decora-SSE.dll
2009-04-30 23:53 . 2009-04-30 23:53 24064 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5fdb0b86-n\Decora-D3D.dll
2009-04-30 23:53 . 2009-04-30 23:53 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\msvcp71.dll
2009-04-30 23:53 . 2009-04-30 23:53 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\jmc.dll
2009-04-30 23:53 . 2009-04-30 23:53 348160 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\msvcr71.dll
2009-04-30 23:43 . 2009-04-30 23:51 152576 ----a-w c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 23:42 . 2009-04-30 23:42 -------- d-----w c:\windows\Sun

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 22:20 . 2009-02-25 21:37 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-27 00:29 . 2008-06-02 01:34 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-25 01:51 . 2008-06-02 02:02 -------- d-----w c:\program files\Common Files\Adobe
2009-05-23 22:20 . 2009-04-05 05:24 -------- d-----w c:\program files\Yahoo!
2009-05-22 04:25 . 2006-12-20 20:01 19424 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 01:11 . 2009-03-01 17:52 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-05-07 14:27 . 2008-06-01 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-05-06 21:49 . 2008-06-02 01:21 -------- d-----w c:\program files\MSN Messenger
2009-05-06 02:26 . 2006-09-13 16:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 18:49 . 2009-02-24 21:27 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-04 18:49 . 2009-02-24 21:27 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-30 23:53 . 2006-09-13 18:41 -------- d-----w c:\program files\Java
2009-04-29 22:54 . 2006-12-21 03:19 -------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-04-29 22:51 . 2008-05-12 16:08 1 ----a-w c:\documents and settings\user\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-05 05:26 . 2009-04-05 05:24 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-05 05:25 . 2009-04-05 05:25 -------- d-----w c:\documents and settings\user\Application Data\Yahoo!
2009-03-18 21:55 . 2009-04-05 05:24 607472 ----a-w c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-03-09 09:19 . 2009-02-24 21:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2006-06-23 16:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2003-07-16 16:26 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2003-07-16 16:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2003-07-16 16:43 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2003-07-16 16:17 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2003-07-16 16:24 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2003-07-16 16:24 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2003-07-16 16:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2003-07-16 16:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2003-07-16 16:30 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-16 16:34 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-25_04.37.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-05-28 14:54 . 2009-05-28 14:54 16384 c:\windows\Temp\Perflib_Perfdata_244.dat
+ 2009-05-27 00:23 . 1996-01-12 22:00 24576 c:\windows\system32\STKIT432.DLL
+ 2008-06-02 03:06 . 2009-05-26 17:14 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-05-28 01:22 . 2009-05-28 01:22 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2009-05-28 01:22 . 2009-05-28 01:22 64160 c:\windows\system32\drivers\Lbd.sys
+ 2006-09-13 15:54 . 2009-05-26 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-13 15:54 . 2009-05-21 00:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-13 15:54 . 2009-05-21 00:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-09-13 15:54 . 2009-05-26 19:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-26 17:19 . 2009-05-26 17:19 78571 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-04-29 10:17 . 2009-04-29 10:17 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 2009-03-15 14:33 . 2009-01-16 22:45 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 2009-03-15 14:34 . 2009-01-16 23:16 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-04-28 10:23 . 2009-04-28 10:23 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2009-03-15 14:33 . 2009-01-16 22:45 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-04-29 10:17 . 2009-04-29 10:17 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2009-03-15 14:32 . 2009-01-16 21:19 67000 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2009-04-29 10:29 . 2009-04-29 10:29 67000 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2009-04-28 10:26 . 2009-04-28 10:26 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2009-03-15 14:34 . 2009-01-16 23:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-04-28 10:24 . 2009-04-28 10:24 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2009-03-15 14:34 . 2009-01-16 23:16 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-04-29 10:28 . 2009-04-29 10:28 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe
- 2009-03-15 14:34 . 2009-01-16 23:18 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-04-28 10:26 . 2009-04-28 10:26 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-04-28 10:24 . 2009-04-28 10:24 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-04-29 10:17 . 2009-04-29 10:17 716800 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-04-28 10:26 . 2009-04-28 10:26 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-04-29 10:29 . 2009-04-29 10:29 202168 c:\windows\system32\Adobe\Director\SwDir.dll
- 2009-03-15 14:32 . 2009-01-16 21:19 202168 c:\windows\system32\Adobe\Director\swdir.dll
+ 2009-04-28 10:25 . 2009-04-28 10:25 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-04-28 10:00 . 2009-04-28 10:00 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
- 2009-03-15 14:33 . 2009-01-16 22:45 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-04-29 10:17 . 2009-04-29 10:17 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2009-03-15 14:34 . 2009-01-16 22:58 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-04-28 10:04 . 2009-04-28 10:04 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-05-25 126976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 18:49 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/27/2009 9:22 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 5:27 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 5:27 PM 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [5/26/2009 1:56 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [5/26/2009 1:55 PM 1195008]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/24/2009 5:27 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/24/2009 5:27 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [5/26/2009 1:55 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [5/26/2009 1:56 PM 257432]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/26/2009 3:30 PM 33176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:22]

2009-05-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 10:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(3276)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Agnitum\Outpost Firewall\op_mon.exe
c:\program files\SpywareGuard\sgmain.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-05-28 11:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 15:00

Pre-Run: 28,965,339,136 bytes free
Post-Run: 29,147,865,088 bytes free

332 --- E O F --- 2009-05-23 07:01

Now open a new notepad file.
Input this into the notepad file:

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-05-26.05 - user 05/28/2009 22:37.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.531 [GMT -4:00]
Running from: C:\Combo-Fix.exe
Command switches used :: C:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-28 14:47 . 2009-05-28 14:42 3003735 ----a-r C:\Combo-Fix.exe
2009-05-28 02:06 . 2009-05-28 01:22 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-28 01:21 . 2009-05-28 01:21 1005904 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 01:17 . 2009-05-28 01:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 01:17 . 2009-03-12 08:17 2902048 -c--a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 01:16 . 2009-05-28 01:22 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 01:16 . 2009-05-28 01:16 -------- d-----w c:\program files\Lavasoft
2009-05-27 21:41 . 2009-05-27 22:06 -------- d-----w c:\program files\TweakNow RegCleaner
2009-05-27 21:41 . 2009-05-27 22:04 -------- d-----w c:\documents and settings\user\Application Data\TweakNow RegCleaner
2009-05-27 20:53 . 2009-05-27 20:57 -------- d-----w c:\documents and settings\user\Application Data\RegistryPC
2009-05-27 20:41 . 2009-05-27 20:41 -------- d-----w c:\program files\VS Revo Group
2009-05-26 19:30 . 2009-05-26 19:39 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w c:\program files\NOS
2009-05-26 17:56 . 2009-04-06 15:37 704384 ----a-w c:\windows\system32\drivers\SandBox.sys
2009-05-26 17:56 . 2009-02-10 20:15 257432 ----a-w c:\windows\system32\drivers\afwcore.sys
2009-05-26 17:55 . 2009-02-18 21:30 31128 ----a-w c:\windows\system32\drivers\afw.sys
2009-05-26 17:55 . 2009-05-26 17:55 -------- d-----w c:\program files\Agnitum
2009-05-26 17:54 . 2009-05-26 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Agnitum
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w c:\program files\filehippo.com
2009-05-25 16:19 . 2009-05-29 02:12 -------- d-----w c:\program files\SpywareGuard
2009-05-25 03:41 . 2009-05-25 03:41 -------- d-----w c:\documents and settings\user\iProfit eBook Package
2009-05-25 02:08 . 2009-05-25 02:08 0 ----a-w c:\windows\nsreg.dat
2009-05-25 02:08 . 2009-05-25 02:08 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 23:59 . 2009-05-26 03:10 -------- d-----w c:\program files\SpywareBlaster
2009-05-24 23:59 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-05-24 23:58 . 2009-05-24 23:58 3012768 ----a-w C:\spywareblastersetup42.exe
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\documents and settings\user\Application Data\Malwarebytes
2009-05-23 22:05 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 22:05 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 20:45 . 2009-05-22 20:45 -------- d-----w c:\program files\Trend Micro
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\windows\system32\XPSViewer
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\program files\MSBuild
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\program files\Reference Assemblies
2009-05-22 02:56 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-22 02:56 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-22 02:56 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-22 02:56 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll

2009-05-22 02:56 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-21 01:24 . 2009-05-04 18:49 2051864 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-05-21 01:24 . 2009-05-04 18:49 2302232 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avguiadv.dll
2009-05-21 01:24 . 2009-05-04 18:49 3399960 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgui.exe
2009-05-21 01:24 . 2009-05-04 18:49 424472 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgwdwsc.dll
2009-05-21 01:24 . 2009-05-04 18:49 3288344 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\setup.exe
2009-05-21 01:24 . 2009-05-04 18:49 486168 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgrsx.exe
2009-05-21 01:24 . 2009-05-04 18:49 312088 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avglngx.dll
2009-05-21 01:24 . 2009-05-04 18:49 177432 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgmail.dll
2009-05-21 01:23 . 2009-05-04 18:49 1437464 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.dll
2009-05-21 01:23 . 2009-05-04 18:49 755992 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avginet.dll
2009-05-07 13:49 . 2009-05-07 13:49 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-06 22:57 . 2009-05-06 22:57 -------- d-sh--w c:\documents and settings\user\IECompatCache
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ESET
2009-05-06 21:17 . 2009-05-06 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-06 02:23 . 2009-05-06 02:23 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-05 03:23 . 2009-05-05 03:23 -------- d-sh--w c:\documents and settings\user\PrivacIE
2009-05-05 03:17 . 2009-05-05 03:17 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-05 03:16 . 2009-05-05 03:16 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-05-05 02:43 . 2009-05-05 02:43 -------- d-----w c:\windows\ie8updates
2009-05-05 02:43 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-05 02:40 . 2009-05-05 02:43 -------- dc-h--w c:\windows\ie8
2009-05-05 01:52 . 2009-05-28 14:54 117760 ----a-w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-05-05 01:44 . 2009-05-05 01:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\user\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 02:26 -------- d-----w c:\documents and settings\All Users\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-05 01:21 . 2009-05-05 20:47 -------- d-----w c:\documents and settings\user\Application Data\Desktopicon
2009-05-05 01:21 . 2009-05-25 03:24 -------- d-----w c:\program files\Unlocker
2009-05-04 21:40 . 2009-05-04 21:40 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Symantec
2009-05-04 21:30 . 2009-01-15 16:19 23848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-04 21:30 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-04 21:30 . 2009-05-04 21:30 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-04 21:30 . 2009-05-06 02:22 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations
2009-05-04 21:29 . 2009-05-04 23:22 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-04 21:23 . 2009-05-04 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-04 21:09 . 2009-05-04 21:24 -------- d-----w c:\documents and settings\user\Application Data\GetRightToGo
2009-05-03 12:33 . 2009-05-03 12:33 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-05-01 14:30 . 2007-08-02 02:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-30 23:53 . 2009-04-30 23:53 57344 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-3040364d-n\Decora-SSE.dll
2009-04-30 23:53 . 2009-04-30 23:53 24064 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5fdb0b86-n\Decora-D3D.dll
2009-04-30 23:53 . 2009-04-30 23:53 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\msvcp71.dll
2009-04-30 23:53 . 2009-04-30 23:53 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\jmc.dll
2009-04-30 23:53 . 2009-04-30 23:53 348160 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\msvcr71.dll
2009-04-30 23:43 . 2009-04-30 23:51 152576 ----a-w c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 23:42 . 2009-04-30 23:42 -------- d-----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 02:12 . 2008-06-02 01:34 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 22:20 . 2009-02-25 21:37 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-25 01:51 . 2008-06-02 02:02 -------- d-----w c:\program files\Common Files\Adobe
2009-05-23 22:20 . 2009-04-05 05:24 -------- d-----w c:\program files\Yahoo!
2009-05-22 04:25 . 2006-12-20 20:01 19424 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 01:11 . 2009-03-01 17:52 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-05-07 14:27 . 2008-06-01 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-05-06 21:49 . 2008-06-02 01:21 -------- d-----w c:\program files\MSN Messenger
2009-05-06 02:26 . 2006-09-13 16:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 18:49 . 2009-02-24 21:27 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-04 18:49 . 2009-02-24 21:27 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-30 23:53 . 2006-09-13 18:41 -------- d-----w c:\program files\Java
2009-04-29 22:54 . 2006-12-21 03:19 -------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-04-29 22:51 . 2008-05-12 16:08 1 ----a-w c:\documents and settings\user\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-05 05:26 . 2009-04-05 05:24 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-05 05:25 . 2009-04-05 05:25 -------- d-----w c:\documents and settings\user\Application Data\Yahoo!
2009-03-18 21:55 . 2009-04-05 05:24 607472 ----a-w c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-03-09 09:19 . 2009-02-24 21:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2006-06-23 16:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2003-07-16 16:26 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2003-07-16 16:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2003-07-16 16:43 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2003-07-16 16:17 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2003-07-16 16:24 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2003-07-16 16:24 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2003-07-16 16:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2003-07-16 16:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2003-07-16 16:30 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-16 16:34 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-05-25 126976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 18:49 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/27/2009 9:22 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 5:27 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 5:27 PM 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [5/26/2009 1:56 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [5/26/2009 1:55 PM 1195008]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/24/2009 5:27 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/24/2009 5:27 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [5/26/2009 1:55 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [5/26/2009 1:56 PM 257432]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/26/2009 3:30 PM 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:22]

2009-05-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 22:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(3244)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-29 22:41
ComboFix-quarantined-files.txt 2009-05-29 02:41
ComboFix2.txt 2009-05-28 15:00

Pre-Run: 28,964,401,152 bytes free
Post-Run: 29,139,730,432 bytes free

257 --- E O F --- 2009-05-23 07:01

Still not able to uninstal or install Adobe. Thanks

have done everything suggested and still nothing

Hello.
I want to try another CFScript.

Now open a new notepad file.
Input this into the notepad file:

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-06.04 - user 06/07/2009 14:39.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.452 [GMT -4:00]
Running from: C:\Combo-Fix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-03 00:12 . 2009-06-03 00:12 -------- d-----w- c:\windows\LastGood
2009-06-03 00:04 . 2009-06-03 00:04 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 14:47 . 2009-06-07 18:34 3018938 ----a-r- C:\Combo-Fix.exe
2009-05-28 02:06 . 2009-05-28 01:22 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 01:21 . 2009-05-28 01:21 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 01:17 . 2009-05-28 01:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 01:17 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 01:16 . 2009-05-28 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 01:16 . 2009-05-28 01:16 -------- d-----w- c:\program files\Lavasoft
2009-05-27 21:41 . 2009-05-27 22:06 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-05-27 21:41 . 2009-05-27 22:04 -------- d-----w- c:\documents and settings\user\Application Data\TweakNow RegCleaner
2009-05-27 20:53 . 2009-05-27 20:57 -------- d-----w- c:\documents and settings\user\Application Data\RegistryPC
2009-05-27 20:41 . 2009-05-27 20:41 -------- d-----w- c:\program files\VS Revo Group
2009-05-26 19:30 . 2009-05-26 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w- c:\program files\NOS
2009-05-26 17:56 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-05-26 17:56 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-05-26 17:55 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-05-26 17:55 . 2009-05-26 17:55 -------- d-----w- c:\program files\Agnitum
2009-05-26 17:54 . 2009-05-26 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\filehippo.com
2009-05-25 16:19 . 2009-06-07 16:40 -------- d-----w- c:\program files\SpywareGuard
2009-05-25 03:41 . 2009-05-25 03:41 -------- d-----w- c:\documents and settings\user\iProfit eBook Package
2009-05-25 02:08 . 2009-05-25 02:08 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 02:08 . 2009-05-25 02:08 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 23:59 . 2009-06-07 16:41 -------- d-----w- c:\program files\SpywareBlaster
2009-05-24 23:59 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-05-24 23:58 . 2009-05-24 23:58 3012768 ----a-w- C:\spywareblastersetup42.exe
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-05-23 22:05 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 22:05 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:05 . 2009-06-03 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 20:45 . 2009-05-22 20:45 -------- d-----w- c:\program files\Trend Micro
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\program files\MSBuild
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\program files\Reference Assemblies
2009-05-22 02:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-22 02:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-22 02:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-22 02:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.

2009-06-03 00:12 . 2009-06-03 00:12 -------- d-----w- c:\windows\LastGood
2009-06-03 00:04 . 2009-06-03 00:04 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 14:47 . 2009-06-07 18:34 3018938 ----a-r- C:\Combo-Fix.exe
2009-05-28 02:06 . 2009-05-28 01:22 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 01:21 . 2009-05-28 01:21 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 01:17 . 2009-05-28 01:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 01:17 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 01:16 . 2009-05-28 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 01:16 . 2009-05-28 01:16 -------- d-----w- c:\program files\Lavasoft
2009-05-27 21:41 . 2009-05-27 22:06 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-05-27 21:41 . 2009-05-27 22:04 -------- d-----w- c:\documents and settings\user\Application Data\TweakNow RegCleaner
2009-05-27 20:53 . 2009-05-27 20:57 -------- d-----w- c:\documents and settings\user\Application Data\RegistryPC
2009-05-27 20:41 . 2009-05-27 20:41 -------- d-----w- c:\program files\VS Revo Group
2009-05-26 19:30 . 2009-05-26 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w- c:\program files\NOS
2009-05-26 17:56 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-05-26 17:56 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-05-26 17:55 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-05-26 17:55 . 2009-05-26 17:55 -------- d-----w- c:\program files\Agnitum
2009-05-26 17:54 . 2009-05-26 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\filehippo.com
2009-05-25 16:19 . 2009-06-07 16:40 -------- d-----w- c:\program files\SpywareGuard
2009-05-25 03:41 . 2009-05-25 03:41 -------- d-----w- c:\documents and settings\user\iProfit eBook Package
2009-05-25 02:08 . 2009-05-25 02:08 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 02:08 . 2009-05-25 02:08 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 23:59 . 2009-06-07 16:41 -------- d-----w- c:\program files\SpywareBlaster
2009-05-24 23:59 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-05-24 23:58 . 2009-05-24 23:58 3012768 ----a-w- C:\spywareblastersetup42.exe
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-05-23 22:05 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 22:05 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:05 . 2009-06-03 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 20:45 . 2009-05-22 20:45 -------- d-----w- c:\program files\Trend Micro
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\program files\MSBuild
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\program files\Reference Assemblies
2009-05-22 02:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-22 02:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-22 02:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-22 02:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-05-25 126976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 18:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/27/2009 9:22 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 5:27 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 5:27 PM 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [5/26/2009 1:56 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [5/26/2009 1:55 PM 1195008]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/24/2009 5:27 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/24/2009 5:27 PM 298776]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [5/26/2009 1:55 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [5/26/2009 1:56 PM 257432]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/23/2009 6:05 PM 40160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/26/2009 3:30 PM 33176]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:22]

2009-06-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 14:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1188)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(2572)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-07 14:46
ComboFix-quarantined-files.txt 2009-06-07 18:46
ComboFix2.txt 2009-05-29 02:41
ComboFix3.txt 2009-05-28 15:00

Pre-Run: 29,273,178,112 bytes free
Post-Run: 29,315,641,344 bytes free

218 --- E O F --- 2009-05-23 07:01