I'm back in safe mode. Here's the log:
ComboFix 08-12-06.04 - Administrator 2008-12-06 22:28:10.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.134 [GMT -5:00]
Running from: c:\documents and settings\Administrator.HOME-VH06P3NS16.000\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-06 20:25 . 2008-12-06 20:26 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-06 19:55 . 2008-12-06 19:55 <DIR> d-------- c:\documents and settings\Home\Application Data\Malwarebytes
2008-12-06 19:18 . 2008-12-06 19:18 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-06 19:17 . 2008-12-06 19:17 <DIR> d-------- c:\windows\ERUNT
2008-12-06 19:14 . 2008-12-06 19:29 <DIR> d-------- C:\SDFix
2008-12-04 22:28 . 2008-12-04 22:28 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 22:04 . 2008-12-04 22:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 22:04 . 2008-12-04 22:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 22:04 . 2008-12-04 22:04 <DIR> d-------- c:\documents and settings\Administrator.HOME-VH06P3NS16.000\Application Data\Malwarebytes
2008-12-04 22:04 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 22:04 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 21:53 . 2008-12-04 21:53 <DIR> d-------- c:\program files\CCleaner
2008-12-04 20:12 . 2008-12-04 21:39 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 20:12 . 2008-12-04 21:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 20:03 . 2008-12-04 21:59 <DIR> d-------- c:\documents and settings\Administrator.HOME-VH06P3NS16.000
2008-12-04 13:15 . 2008-12-04 13:15 <DIR> d-------- c:\documents and settings\Administrator.HOME-VH06P3NS16
2008-12-04 12:49 . 2008-12-04 12:49 <DIR> d-------- c:\documents and settings\Administrator
2008-12-02 18:42 . 2008-12-02 18:42 <DIR> dr-h----- C:\$VAULT$.AVG
2008-11-28 15:45 . 2008-11-28 15:45 <DIR> d-------- c:\documents and settings\Home\Application Data\Artogon
2008-11-12 06:27 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 06:27 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 07:09 . 2008-11-11 07:09 <DIR> d-------- c:\windows\Sun
2008-11-09 13:33 . 2008-11-09 13:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ERS G-Studio
2008-11-09 12:21 . 2008-11-09 14:41 <DIR> d-------- c:\program files\Hidden Mysteries - Buckingham Palace
2008-11-08 19:02 . 2008-11-08 19:02 <DIR> d-------- c:\documents and settings\Home\Saved Games
2008-11-08 19:02 . 2008-11-08 19:02 <DIR> d-------- c:\documents and settings\Home\Application Data\Flood Light Games
2008-11-08 19:02 . 2008-11-08 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-08 10:33 . 2008-11-08 10:33 <DIR> d-------- c:\program files\IObit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 03:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-05 02:55 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2008-12-05 02:55 --------- d-----w c:\documents and settings\Home\Application Data\AVG7
2008-12-05 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-28 22:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-28 21:55 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-25 17:54 --------- d-----w c:\documents and settings\Home\Application Data\HPAppData
2008-11-09 15:39 --------- d-----w c:\program files\bfgclient
2008-11-08 14:41 --------- d-----w c:\program files\SpywareBlaster
2008-11-04 18:27 --------- d-----w c:\program files\HP
2008-11-04 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-04 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-04 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-04 18:23 --------- d-----w c:\program files\Hewlett-Packard
2008-10-26 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\Slapdash Games
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 00:29 --------- d-----w c:\documents and settings\Home\Application Data\OpenOffice.org
2008-10-20 00:15 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-20 00:15 --------- d-----w c:\program files\JRE
2008-10-20 00:14 --------- d-----w c:\program files\Java
2008-10-20 00:13 --------- d-----w c:\program files\Common Files\Java
2008-10-19 23:23 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-19 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\iWin Games
2008-10-19 16:45 --------- d-----w c:\documents and settings\Home\Application Data\Mushroom Age
2008-10-19 16:11 --------- d-----w c:\program files\iWin.com
2008-10-19 15:39 --------- d-----w c:\documents and settings\Home\Application Data\Restorer
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-06_21.11.33.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 01:47:37 42,930 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-07 02:34:03 44,082 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-07 01:47:37 316,908 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-07 02:34:03 318,968 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S2 69C26E207C187C00;69C26E207C187C00;\??\c:\documents and settings\Home\Desktop\69C26E207C187C00\69C26E207C187C00 []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.4\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.5\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.6\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.7\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Program%20Files/Dr.%20Lynch%20-%20Grave%20Secrets/Images/stg_drm.ocx
c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file:///C:/Program%20Files/Wizard's%20Pen/Images/armhelper.ocx
FireFox -: Profile - c:\documents and settings\Administrator.HOME-VH06P3NS16.000\Application Data\Mozilla\Firefox\Profiles\34imw5cl.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-06 22:30:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\69C26E207C187C00]
"ImagePath"="\??\c:\documents and settings\Home\Desktop\69C26E207C187C00\69C26E207C187C00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\69C26E207C187C00]
"ImagePath"="\??\c:\documents and settings\Home\Desktop\69C26E207C187C00\69C26E207C187C00"
.
Completion time: 2008-12-06 22:31:37
ComboFix-quarantined-files.txt 2008-12-07 03:31:19
Pre-Run: 12,369,674,240 bytes free
Post-Run: 12,358,193,152 bytes free
138 --- E O F --- 2008-11-13 15:57:55