Budapest,
Thank you for your quick respnse!

Here is the log.
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-04-15 12:43:44
Windows 5.1.2600 Service Pack 3
Running: t58l4i1n.exe; Driver: C:\DOCUME~1\mike\LOCALS~1\Temp\kxeoyfog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB7BDF320]
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\ql12160.sys entry point in ".rsrc" section [0xF76A8B94]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\System32\svchost.exe[808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[808] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[808] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[808] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02C3000A
.text C:\WINDOWS\System32\svchost.exe[808] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 02C2000A
.text C:\WINDOWS\system32\wuauclt.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\wuauclt.exe[3552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\wuauclt.exe[3552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B8000C
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 856D9AC8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{0E9AB09B-7366-ED28-B1C9-8124A1018436}\InprocServer32@ oleaut32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{0E9AB09B-7366-ED28-B1C9-8124A1018436}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{1826CDB1-DCCF-490E-89C8-C722F9CF83C1}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{1826CDB1-DCCF-490E-89C8-C722F9CF83C1}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{397A1CDF-CE10-9F24-4188-062E91923DFC}\ProgID@ Microsoft.ITSS.URLProtocol
Reg HKLM\SOFTWARE\Classes\CLSID\{636025FC-331E-3981-F590-A8933FB4DFAB}\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{636025FC-331E-3981-F590-A8933FB4DFAB}\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409
Reg HKLM\SOFTWARE\Classes\CLSID\{636025FC-331E-3981-F590-A8933FB4DFAB}\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409@ Controls that are safely scriptable
Reg HKLM\SOFTWARE\Classes\CLSID\{636025FC-331E-3981-F590-A8933FB4DFAB}\{7DD95802-9882-11CF-9FA9-00AA006C42C4}@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{636025FC-331E-3981-F590-A8933FB4DFAB}\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\409
Reg HKLM\SOFTWARE\Classes\CLSID\{636025FC-331E-3981-F590-A8933FB4DFAB}\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\409@ Controls safely initializable from persistent data
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\InprocServer32@ C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\ProgID@ YPUBC.StringList.1
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\TypeLib@ {8A1AB044-787D-4309-8410-709768E484AB}
Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\VersionIndependentProgID@ YPUBC.StringList
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\ql12160.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----